× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 30d58ecb3fc8651ab343e5f2404e88609dd814d1a217d88572ee5e3d0ad57df7
File name: 18.exe
Detection ratio: 11 / 54
Analysis date: 2014-06-14 07:09:58 UTC ( 4 years, 9 months ago ) View latest
Antivirus Result Update
AntiVir TR/Crypt.EPACK.12800 20140613
ByteHero Trojan.Malware.Obscu.Gen.002 20140614
ESET-NOD32 a variant of Win32/Kryptik.BWGQ 20140614
Fortinet W32/Kryptik.ABS!tr 20140614
Kaspersky Hoax.Win32.ArchSMS.cbqat 20140614
McAfee Artemis!34B5B2BD1D48 20140614
McAfee-GW-Edition Heuristic.LooksLike.Win32.Suspicious.J 20140613
Qihoo-360 Win32/Trojan.Multi.daf 20140614
Rising PE:Malware.XPACK-HIE/Heur!1.9C48 20140613
Sophos AV Mal/Generic-S 20140614
TrendMicro-HouseCall Suspicious_GEN.F47V0613 20140614
Ad-Aware 20140614
AegisLab 20140614
Yandex 20140613
AhnLab-V3 20140613
Antiy-AVL 20140611
Avast 20140614
AVG 20140614
Baidu-International 20140613
BitDefender 20140614
Bkav 20140613
CAT-QuickHeal 20140613
ClamAV 20140614
CMC 20140613
Commtouch 20140614
Comodo 20140614
DrWeb 20140614
Emsisoft 20140614
F-Prot 20140614
F-Secure 20140614
GData 20140614
Ikarus 20140614
Jiangmin 20140614
K7AntiVirus 20140613
K7GW 20140613
Kingsoft 20140614
Malwarebytes 20140614
Microsoft 20140614
eScan 20140614
NANO-Antivirus 20140614
Norman 20140613
nProtect 20140613
Panda 20140613
SUPERAntiSpyware 20140613
Symantec 20140614
Tencent 20140614
TheHacker 20140612
TotalDefense 20140613
TrendMicro 20140614
VBA32 20140613
VIPRE 20140613
ViRobot 20140614
Zillya 20140614
Zoner 20140613
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2005-08-14 07:13:50
Entry Point 0x00001000
Number of sections 5
PE sections
PE imports
GetDeviceCaps
DeleteDC
CreateFontIndirectW
GetStockObject
GetObjectW
BitBlt
CreateCompatibleDC
DeleteObject
CreateCompatibleBitmap
CallNamedPipeW
GetEnvironmentVariableA
Heap32ListFirst
UpdateResourceW
GetSystemInfo
GetEnvironmentStringsA
GetDriveTypeA
VirtualProtect
GlobalUnlock
CreatePipe
FileTimeToDosDateTime
Process32First
GetDateFormatW
WritePrivateProfileSectionW
ClearCommBreak
SetErrorMode
SetThreadExecutionState
GetProfileStringW
GetPrivateProfileSectionA
LocalFlags
GetQueuedCompletionStatus
FindNextFileW
SetUnhandledExceptionFilter
LocalShrink
IsValidLocale
GetCommConfig
SetHandleInformation
GetBinaryTypeA
FindCloseChangeNotification
GetProcessAffinityMask
SetCommMask
GetProcessShutdownParameters
IsValidCodePage
AllocConsole
GetProfileIntA
ReadFileEx
GetStringTypeExA
GetForegroundWindow
ChangeMenuA
PostQuitMessage
HideCaret
mouse_event
GetShellWindow
GetClipboardFormatNameA
SetMenuItemInfoW
RemoveMenu
Number of PE resources by type
RT_GROUP_CURSOR 1
RT_CURSOR 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 2
GERMAN 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2005:08:14 08:13:50+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
343040

LinkerVersion
1.64

Warning
Error processing PE data dictionary

EntryPoint
0x1000

InitializedDataSize
43544

SubsystemVersion
4.1

ImageVersion
0.0

OSVersion
1.0

UninitializedDataSize
0

Execution parents
File identification
MD5 34b5b2bd1d48f5a2d9cccc92b7953cfc
SHA1 59491c72421e65e3b7e551755aab65e49f5cf1c0
SHA256 30d58ecb3fc8651ab343e5f2404e88609dd814d1a217d88572ee5e3d0ad57df7
ssdeep
3072:Y0wqq1tBgUNmBrdYoqSghKVRYX3+/3L+CXnxZHPPOgCY1+lJNfF0Nwut4:JW65BrmooKzA63L+CXnrHugpoV6

authentihash 304b7f329da70bc5821c57dff06e1759c6f79a49d7388b60754aac4c4f2df4d0
imphash 950edbedfe3617c5cd0e929917cdf24a
File size 378.5 KB ( 387584 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable (generic) (42.4%)
Win16/32 Executable Delphi generic (19.5%)
Generic Win/DOS Executable (18.8%)
DOS Executable Generic (18.8%)
VXD Driver (0.2%)
Tags
peexe

VirusTotal metadata
First submission 2014-06-13 09:38:19 UTC ( 4 years, 9 months ago )
Last submission 2015-12-19 07:23:34 UTC ( 3 years, 3 months ago )
File names 30d58ecb3fc8651ab343e5f2404e88609dd814d1a217d88572ee5e3d0ad57df7.vir
18.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Moved files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
HTTP requests
DNS requests
TCP connections