× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 34ba5b36f62a184abd99572ce159686f79bb98bc42daf9786b6ca63eacf4c28f
File name: a5d7d6e358cb6ed351fae9f361e39b6e397fce3a
Detection ratio: 9 / 55
Analysis date: 2015-04-19 00:38:54 UTC ( 3 years, 11 months ago )
Antivirus Result Update
Antiy-AVL Trojan[Dropper]/Win32.Injector 20150418
Avast Win32:Malware-gen 20150419
AVG Downloader.Small.PFX 20150418
ESET-NOD32 a variant of Win32/Injector.BYPL 20150418
GData Win32.Trojan.Wauchos.A 20150418
K7AntiVirus Riskware ( 0040eff71 ) 20150418
K7GW Riskware ( 0040eff71 ) 20150418
Malwarebytes Backdoor.Bot 20150418
Tencent Trojan.Win32.Qudamah.Gen.24 20150419
Ad-Aware 20150419
AegisLab 20150419
Yandex 20150418
AhnLab-V3 20150418
Alibaba 20150419
AVware 20150419
Baidu-International 20150418
BitDefender 20150419
Bkav 20150417
ByteHero 20150419
CAT-QuickHeal 20150418
ClamAV 20150419
CMC 20150418
Comodo 20150418
Cyren 20150419
DrWeb 20150419
Emsisoft 20150419
F-Prot 20150419
F-Secure 20150418
Fortinet 20150419
Ikarus 20150418
Jiangmin 20150417
Kaspersky 20150419
Kingsoft 20150419
McAfee 20150419
McAfee-GW-Edition 20150418
Microsoft 20150419
eScan 20150419
NANO-Antivirus 20150419
Norman 20150418
nProtect 20150417
Panda 20150417
Qihoo-360 20150419
Rising 20150418
Sophos AV 20150418
SUPERAntiSpyware 20150418
Symantec 20150418
TheHacker 20150417
TotalDefense 20150418
TrendMicro 20150419
TrendMicro-HouseCall 20150418
VBA32 20150418
VIPRE 20150419
ViRobot 20150419
Zillya 20150418
Zoner 20150417
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-03-11 16:08:28
Entry Point 0x00002980
Number of sections 6
PE sections
PE imports
RegDeleteKeyW
SelectObject
CreateFontIndirectW
CreatePen
CreateSolidBrush
BitBlt
GetSystemTime
GetStdHandle
CreateEventA
GetCPInfo
LocalAlloc
SetFilePointer
HeapCreate
CreateFileW
LCMapStringA
GetStartupInfoW
SetEndOfFile
GetCurrentThreadId
GlobalLock
GetModuleHandleW
Ord(3820)
Ord(2406)
Ord(6113)
Ord(4621)
Ord(6332)
Ord(1634)
Ord(2980)
Ord(6371)
Ord(967)
Ord(2438)
Ord(523)
Ord(5237)
Ord(4073)
Ord(6048)
Ord(5996)
Ord(2362)
Ord(5257)
Ord(3733)
Ord(5736)
Ord(5236)
Ord(4523)
Ord(5727)
Ord(3744)
Ord(4616)
Ord(3167)
Ord(5298)
Ord(2873)
Ord(3917)
Ord(4717)
Ord(1987)
Ord(4852)
Ord(1569)
Ord(4539)
Ord(6370)
Ord(815)
Ord(4525)
Ord(3257)
Ord(4405)
Ord(641)
Ord(4292)
Ord(861)
Ord(3449)
Ord(2388)
Ord(3566)
Ord(338)
Ord(4343)
Ord(2502)
Ord(3076)
Ord(4414)
Ord(4233)
Ord(5256)
Ord(1739)
Ord(4430)
Ord(3142)
Ord(3060)
Ord(3193)
Ord(5285)
Ord(4617)
Ord(2021)
Ord(5793)
Ord(5233)
Ord(6330)
Ord(2069)
Ord(1165)
Ord(2486)
Ord(617)
Ord(3341)
Ord(366)
Ord(825)
Ord(4604)
Ord(5710)
Ord(4329)
Ord(5276)
Ord(4146)
Ord(4441)
Ord(4401)
Ord(2874)
Ord(540)
Ord(4606)
Ord(4335)
Ord(3712)
Ord(2619)
Ord(1196)
Ord(5807)
Ord(1767)
Ord(2371)
Ord(3568)
Ord(4480)
Ord(4229)
Ord(5478)
Ord(5475)
Ord(823)
Ord(2047)
Ord(4537)
Ord(4913)
Ord(4958)
Ord(2504)
Ord(813)
Ord(5278)
Ord(640)
Ord(5006)
Ord(4607)
Ord(5157)
Ord(4298)
Ord(541)
Ord(6051)
Ord(5261)
Ord(3074)
Ord(3345)
Ord(2613)
Ord(3592)
Ord(4609)
Ord(4884)
Ord(4459)
Ord(554)
Ord(4381)
Ord(3688)
Ord(2977)
Ord(2116)
Ord(4418)
Ord(5784)
Ord(2641)
Ord(1834)
Ord(4268)
Ord(3053)
Ord(796)
Ord(674)
Ord(2382)
Ord(4831)
Ord(5070)
Ord(2618)
Ord(1089)
Ord(4158)
Ord(5573)
Ord(791)
Ord(975)
Ord(6076)
Ord(2715)
Ord(4426)
Ord(3398)
Ord(2717)
Ord(4269)
Ord(4992)
Ord(5297)
Ord(4608)
Ord(4461)
Ord(520)
Ord(4817)
Ord(3743)
Ord(986)
Ord(2377)
Ord(4893)
Ord(6211)
Ord(4419)
Ord(323)
Ord(4074)
Ord(1719)
Ord(2640)
Ord(2109)
Ord(773)
Ord(4421)
Ord(4773)
Ord(807)
Ord(4520)
Ord(3254)
Ord(2506)
Ord(4947)
Ord(4128)
Ord(4237)
Ord(4451)
Ord(5304)
Ord(5273)
Ord(2971)
Ord(2534)
Ord(1817)
Ord(4347)
Ord(5248)
Ord(1658)
Ord(501)
Ord(324)
Ord(560)
Ord(2391)
Ord(1937)
Ord(2527)
Ord(1768)
Ord(4704)
Ord(3793)
Ord(4955)
Ord(3826)
Ord(5193)
Ord(4847)
Ord(5468)
Ord(4692)
Ord(1720)
Ord(4075)
Ord(2854)
Ord(4857)
Ord(652)
Ord(5094)
Ord(4420)
Ord(5596)
Ord(5097)
Ord(1131)
Ord(1244)
Ord(2546)
Ord(4435)
Ord(5303)
Ord(4518)
Ord(6171)
Ord(5208)
Ord(4583)
Ord(6617)
Ord(561)
Ord(1083)
Ord(1143)
Ord(3054)
Ord(3658)
Ord(5296)
Ord(6372)
Ord(3131)
Ord(4154)
Ord(2024)
Ord(5059)
Ord(3825)
Ord(4072)
Ord(4103)
Ord(529)
Ord(4370)
Ord(4969)
Ord(800)
Ord(296)
Ord(5649)
Ord(5239)
Ord(5286)
Ord(4690)
Ord(3621)
_except_handler3
__p__fmode
strncat
_XcptFilter
__CxxFrameHandler
__wgetmainargs
_exit
__p__commode
__setusermatherr
_itoa
__dllonexit
_onexit
atoi
exit
sprintf
_initterm
_controlfp
_wcmdln
_adjust_fdiv
__set_app_type
GetWindowTextLengthA
SetTimer
GetParent
SendMessageW
UpdateWindow
FillRect
LoadBitmapW
LoadCursorW
KillTimer
LoadIconW
EnableWindow
DialogBoxParamA
ShowWindow
ToAsciiEx
InvalidateRect
GetSysColor
GetDC
SetCursor
Number of PE resources by type
RT_STRING 15
RT_DIALOG 4
RT_GROUP_CURSOR 2
RT_BITMAP 2
RT_CURSOR 2
RT_ICON 1
Struct(241) 1
Gif 1
RT_MENU 1
RT_ACCELERATOR 1
RT_GROUP_ICON 1
Number of PE resources by language
CHINESE SIMPLIFIED 28
NEUTRAL 3
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2015:03:11 17:08:28+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
16384

LinkerVersion
6.0

EntryPoint
0x2980

InitializedDataSize
253952

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.1

UninitializedDataSize
0

File identification
MD5 94e194df71a797e0c222528e636c1bd1
SHA1 e196e1831c0305eb0492875cebfd9ec8dbd633ba
SHA256 34ba5b36f62a184abd99572ce159686f79bb98bc42daf9786b6ca63eacf4c28f
ssdeep
3072:2FsCOzMRs+1m6PeNaXJ5vkDtPCiApmbhurczR4/xrSuLdh698QGK65DN:2+JKHGDtPC1qhuu45hLd8V65DN

authentihash 3baeee826ebb5badf4fdf4a820cc02710614e9516ba852b848e2b00b87b1c69a
imphash b6b2a83bec478d71121f2efefd7e647d
File size 268.6 KB ( 275002 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2015-04-19 00:38:54 UTC ( 3 years, 11 months ago )
Last submission 2015-04-19 00:38:54 UTC ( 3 years, 11 months ago )
File names a5d7d6e358cb6ed351fae9f361e39b6e397fce3a
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created processes
Opened mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.