× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 321fb81e91dc7b1f42283f2040918af8f73931271d0a8b62088aed1f518eaf10
File name: 47.tmp
Detection ratio: 41 / 55
Analysis date: 2015-04-20 17:22:53 UTC ( 3 years, 9 months ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Barys.7118 20150420
Yandex Trojan.Agent2!Qu7yfsvH9Jk 20150420
AhnLab-V3 Backdoor/Win32.Agent 20150420
ALYac Gen:Variant.Barys.7118 20150420
Antiy-AVL Trojan/Win32.Agent2 20150420
Avast Win32:PlugX-E [Trj] 20150420
AVG Agent3.BRYB 20150420
AVware Trojan.Win32.Generic!BT 20150420
Baidu-International Backdoor.Win32.Gulpix.az 20150420
BitDefender Gen:Variant.Barys.7118 20150420
Bkav HW32.Packed.B82E 20150420
CAT-QuickHeal TrojanAPT.PlugX.D4 20150420
CMC Trojan.Win32.Agent2!O 20150418
Cyren W32/Trojan.TNDT-1153 20150420
DrWeb Trojan.DownLoader6.21235 20150420
Emsisoft Gen:Variant.Barys.7118 (B) 20150420
ESET-NOD32 Win32/Korplug.A 20150420
F-Secure Gen:Variant.Barys.7118 20150420
Fortinet W32/Generic.A!tr 20150420
GData Gen:Variant.Barys.7118 20150420
Ikarus Trojan-Dropper.Win32.Dycler 20150420
K7AntiVirus Trojan ( 003c36381 ) 20150420
K7GW Trojan ( 003c36381 ) 20150420
Kaspersky Backdoor.Win32.Gulpix.az 20150420
Kingsoft Win32.Troj.Generic.(kcloud) 20150420
McAfee Artemis!0371392C0FD6 20150420
Microsoft Backdoor:Win32/Plugx.A 20150420
eScan Gen:Variant.Barys.7118 20150420
NANO-Antivirus Trojan.Win32.Agent2.wmuql 20150420
Norman Troj_Generic.ZZWJH 20150420
nProtect Backdoor/W32.Agent.250368.M 20150420
Panda Generic Malware 20150420
Qihoo-360 Win32/Trojan.d64 20150420
Sophos AV Troj/PlugX-D 20150420
Symantec Backdoor.Korplug!gen1 20150420
Tencent Win32.Trojan.Generic.Dun 20150420
TheHacker Trojan/Agent2.mgt 20150420
TrendMicro BKDR_PLUGX.SME 20150420
TrendMicro-HouseCall Suspicious_GEN.F47V0413 20150420
VIPRE Trojan.Win32.Generic!BT 20150420
ViRobot Dropper.Agent.250368.D[h] 20150420
AegisLab 20150420
Alibaba 20150420
ByteHero 20150420
ClamAV 20150420
Comodo 20150420
F-Prot 20150420
Malwarebytes 20150420
McAfee-GW-Edition 20150420
Rising 20150420
SUPERAntiSpyware 20150420
TotalDefense 20150420
VBA32 20150420
Zillya 20150420
Zoner 20150420
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-06-14 06:21:37
Entry Point 0x00001406
Number of sections 4
PE sections
PE imports
GetSystemTime
GetLastError
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
SetHandleCount
GetSystemInfo
GetOEMCP
VirtualProtect
HeapDestroy
ExitProcess
TlsAlloc
GetEnvironmentStringsW
GetVersionExA
GetModuleFileNameA
RtlUnwind
LoadLibraryA
FreeEnvironmentStringsA
DeleteCriticalSection
GetStartupInfoA
GetEnvironmentStrings
GetLocaleInfoA
GetCurrentProcessId
LCMapStringA
GetCPInfo
UnhandledExceptionFilter
MultiByteToWideChar
HeapSize
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
GetStringTypeA
WideCharToMultiByte
TlsFree
GetModuleHandleA
InterlockedExchange
WriteFile
GetCurrentProcess
GetSystemTimeAsFileTime
GetACP
HeapReAlloc
GetStringTypeW
TerminateProcess
QueryPerformanceCounter
InitializeCriticalSection
HeapCreate
VirtualQuery
VirtualFree
TlsGetValue
GetFileType
GetTickCount
TlsSetValue
HeapAlloc
GetCurrentThreadId
VirtualAlloc
SleepEx
SetLastError
LeaveCriticalSection
Number of PE resources by type
RT_ICON 16
RT_GROUP_ICON 2
RT_DIALOG 1
RT_STRING 1
RT_MENU 1
RT_ACCELERATOR 1
Number of PE resources by language
CHINESE SIMPLIFIED 22
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2012:06:14 07:21:37+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
19968

LinkerVersion
7.1

EntryPoint
0x1406

InitializedDataSize
231424

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 0371392c0fd68d34552fa17aea1c6c6e
SHA1 897576de4fbcc2c73878803ed4d67f4297227f46
SHA256 321fb81e91dc7b1f42283f2040918af8f73931271d0a8b62088aed1f518eaf10
ssdeep
6144:1ry4iNTxtr0j8RERjfNe5PQ8y4i4fsch2oz:19iHtgj/roG8jf+

authentihash cd844b01fc5df8d1bd24e8b5d40445daaad051972d59dcf01f4a336e7a001d01
imphash 9d0e9457de47c1db41d99ef1411163ea
File size 244.5 KB ( 250368 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2015-04-13 09:30:07 UTC ( 3 years, 9 months ago )
Last submission 2015-04-13 09:30:07 UTC ( 3 years, 9 months ago )
File names 47.tmp
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Code injections in the following processes
Terminated processes
Created mutexes
Opened mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
UDP communications