× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 34e96de0a975851afb2e57a6b535d514617af7eb82d6b2965542bb70aa3424ca
File name: file-7112818_scr
Detection ratio: 4 / 53
Analysis date: 2014-06-12 19:10:48 UTC ( 4 years, 9 months ago ) View latest
Antivirus Result Update
ESET-NOD32 a variant of Win32/Kryptik.CEFJ 20140612
Malwarebytes Spyware.Zbot.VXGen 20140612
Qihoo-360 Malware.QVM20.Gen 20140612
Rising PE:Malware.XPACK-HIE/Heur!1.9C48 20140612
Ad-Aware 20140612
AegisLab 20140612
Yandex 20140610
AhnLab-V3 20140612
AntiVir 20140612
Antiy-AVL 20140611
Avast 20140612
AVG 20140612
Baidu-International 20140612
BitDefender 20140612
ByteHero 20140612
CAT-QuickHeal 20140612
ClamAV 20140612
CMC 20140610
Commtouch 20140612
Comodo 20140612
DrWeb 20140612
Emsisoft 20140612
F-Prot 20140612
F-Secure 20140612
Fortinet 20140612
GData 20140612
Ikarus 20140612
Jiangmin 20140612
K7AntiVirus 20140612
K7GW 20140612
Kaspersky 20140612
Kingsoft 20140612
McAfee 20140612
McAfee-GW-Edition 20140612
Microsoft 20140612
eScan 20140612
NANO-Antivirus 20140612
Norman 20140612
nProtect 20140612
Panda 20140612
Sophos AV 20140612
SUPERAntiSpyware 20140612
Symantec 20140612
Tencent 20140612
TheHacker 20140612
TotalDefense 20140612
TrendMicro 20140612
TrendMicro-HouseCall 20140612
VBA32 20140612
VIPRE 20140612
ViRobot 20140612
Zillya 20140612
Zoner 20140611
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
1996

Product Wer
Original name Rfahhih.exe
Internal name Olexu
File version 6, 8, 10
Description Zyqo Ciwurec Opadopu
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2011-04-01 00:07:03
Entry Point 0x000216F7
Number of sections 5
PE sections
PE imports
RegisterTraceGuidsA
RegCreateKeyW
GetLengthSid
RegisterEventSourceA
OpenBackupEventLogA
CryptImportKey
RegQueryMultipleValuesW
CryptDuplicateHash
EnumServicesStatusW
ElfBackupEventLogFileW
SystemFunction013
AddUsersToEncryptedFile
LsaEnumerateAccountsWithUserRight
RemoveTraceCallback
I_ScSetServiceBitsW
CryptGetDefaultProviderA
LsaLookupPrivilegeName
BuildTrusteeWithNameA
GetTraceEnableFlags
ImpersonateNamedPipeClient
CryptSetProviderW
RegDeleteValueW
SetAclInformation
LsaSetDomainInformationPolicy
SystemFunction041
GetServiceDisplayNameA
ReadEventLogW
SetUserFileEncryptionKey
GetMultipleTrusteeA
SystemFunction029
DrawInsert
ImageList_SetFilter
ImageList_SetBkColor
ImageList_GetImageInfo
InitCommonControls
FlatSB_GetScrollProp
PropertySheetA
ImageList_SetDragCursorImage
ImageList_GetImageRect
ImageList_SetFlags
FlatSB_ShowScrollBar
LBItemFromPt
ImageList_SetOverlayImage
ImageList_AddMasked
ImageList_Draw
DestroyPropertySheetPage
DrawStatusTextA
FlatSB_SetScrollPos
ImageList_Add
InitCommonControlsEx
CreateStatusWindowW
CreatePropertySheetPageW
ImageList_DragShowNolock
ImageList_Replace
ImageList_Copy
FlatSB_EnableScrollBar
ImageList_EndDrag
CryptUIDlgViewCTLW
CryptUIDlgSelectStoreA
CryptUIDlgViewSignerInfoA
CryptUIGetViewSignaturesPagesW
CryptUIWizDigitalSign
CryptUIDlgViewCertificatePropertiesW
CryptUIGetCertificatePropertiesPagesW
CryptUIDlgViewCRLA
CryptUIDlgSelectCA
CryptUIDlgViewCTLA
CryptUIWizExport
CryptUIStartCertMgr
CryptUIWizFreeDigitalSignContext
CryptUIDlgFreeCAContext
ACUIProviderInvokeUI
CryptUIFreeViewSignaturesPagesW
CryptUIGetViewSignaturesPagesA
DeleteProxyArpEntry
InternalSetTcpEntry
InternalGetIfTable
GetTcpTable
GetIfTable
GetIcmpStatistics
NTTimeToNTPTime
GetIpForwardTable
SetIpTTL
GetIpStatistics
InternalDeleteIpNetEntry
GetUniDirectionalAdapterInfo
EnableRouter
NotifyRouteChange
InternalGetTcpTable
InternalSetIpStats
GetNetworkParams
GetPerAdapterInfo
GetUdpTable
InternalCreateIpForwardEntry
CreateIpNetEntry
GetBestRoute
DeleteIpForwardEntry
InternalSetIfEntry
SendARP
SetAdapterIpAddress
GetAdaptersInfo
IpRenewAddress
GetNumberOfInterfaces
FormatMessageW
GetNamedPipeHandleStateA
GlobalFlags
GetDiskFreeSpaceExW
DeleteTimerQueue
FindNextChangeNotification
PdhVbGetOneCounterPath
PdhEnumMachinesW
PdhFormatFromRawValue
PdhReadRawLogRecord
PdhUpdateLogFileCatalog
PdhEnumMachinesA
PdhBrowseCountersA
PdhAddCounterA
PdhIsRealTimeQuery
PdhRemoveCounter
PdhParseCounterPathW
PdhGetDllVersion
PdhVbAddCounter
PdhCollectQueryData
PdhCalculateCounterFromRawValue
PdhMakeCounterPathW
PdhGetDefaultPerfObjectW
PdhVbCreateCounterPathList
PdhGetDataSourceTimeRangeW
PdhGetRawCounterArrayA
PdhEnumObjectItemsA
PdhGetCounterInfoW
PdhLookupPerfNameByIndexA
PdhOpenLogW
PdhVbGetCounterPathFromList
PdhGetDefaultPerfCounterW
PdhParseInstanceNameW
SamQueryInformationAlias
SamDeleteAlias
SamShutdownSamServer
SamSetInformationDomain
SamiChangePasswordUser2
SamLookupDomainInSamServer
SamChangePasswordUser2
SamLookupNamesInDomain
SamOpenAlias
SamEnumerateDomainsInSamServer
SamCloseHandle
SamOpenGroup
SamGetGroupsForUser
SamGetDisplayEnumerationIndex
SamEnumerateGroupsInDomain
SamRemoveMemberFromAlias
SamQuerySecurityObject
SamEnumerateAliasesInDomain
SamLookupIdsInDomain
SamAddMemberToGroup
SamQueryInformationGroup
SamiEncryptPasswords
SamCreateGroupInDomain
CM_Open_Class_Key_ExW
SetupDiLoadClassIcon
CM_Register_Device_Interface_ExW
SetupDiGetClassImageListExA
CM_Request_Device_Eject_ExW
SetupCloseLog
SetupDiOpenDeviceInfoW
CM_Intersect_Range_List
SetupGetInfFileListA
SetupQuerySpaceRequiredOnDriveW
CM_Get_Depth_Ex
SetupAdjustDiskSpaceListA
CM_Is_Dock_Station_Present
CM_Unregister_Device_Interface_ExA
SetupDiGetClassInstallParamsA
SetupDiChangeState
CM_Disconnect_Machine
SetupRemoveSectionFromDiskSpaceListA
CM_Get_Device_Interface_List_Size_ExA
SetupCancelTemporarySourceList
SetupDiGetDeviceInstanceIdW
SetupDiSetDeviceInstallParamsW
CM_Get_Depth
CM_Get_Device_ID_Size
SetupDiGetDeviceInfoListDetailA
CM_Set_HW_Prof_FlagsA
CM_Get_Parent_Ex
SetupDiClassNameFromGuidExW
CM_Query_And_Remove_SubTreeW
CM_Get_Device_Interface_List_SizeA
SetupInstallFileA
SetupDiDestroyClassImageList
IsWindow
UnlockUrlCacheEntryStream
HttpSendRequestExW
InternetUnlockRequestFile
InternetHangUp
InternetTimeToSystemTimeW
FtpFindFirstFileW
HttpOpenRequestW
FindFirstUrlCacheGroup
InternetDialW
UrlZonesDetach
InternetAutodialCallback
FindNextUrlCacheGroup
FtpRenameFileW
InternetTimeFromSystemTimeW
ShowCertificate
SetUrlCacheEntryGroupW
FtpCommandW
FtpPutFileEx
InternetFindNextFileA
HttpQueryInfoA
InternetGetCertByURLA
FindFirstUrlCacheContainerW
SetUrlCacheConfigInfoA
InternetOpenW
InternetAlgIdToStringA
InternetCrackUrlW
FindNextUrlCacheEntryA
FtpPutFileW
InternetOpenUrlW
GopherGetAttributeA
WinStationInstallLicense
WinStationSendWindowMessage
ServerGetInternetConnectorStatus
WinStationEnumerateProcesses
WinStationGetProcessSid
_WinStationReInitializeSecurity
_WinStationWaitForConnect
WinStationShadow
WinStationQueryLicense
WinStationGetTermSrvCountersValue
WinStationEnumerate_IndexedA
WinStationReset
WinStationEnumerateW
WinStationGenerateLicense
WinStationShutdownSystem
WinStationRenameA
_WinStationNotifyLogon
WinStationGetLanAdapterNameA
Number of PE resources by type
RT_CURSOR 1
RT_VERSION 1
Number of PE resources by language
ENGLISH AUS 2
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2011:04:01 01:07:03+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
139264

LinkerVersion
7.1

EntryPoint
0x216f7

InitializedDataSize
94208

SubsystemVersion
4.0

ImageVersion
7.4

OSVersion
4.0

UninitializedDataSize
0

Compressed bundles
File identification
MD5 b4f0e685b44193e9bb17a9f68abc6bff
SHA1 a8d7c0c3d1412d27aa55993e56d092dd0f575a1c
SHA256 34e96de0a975851afb2e57a6b535d514617af7eb82d6b2965542bb70aa3424ca
ssdeep
3072:9WLefVHTeV3dLZXjLOxyr9yb2Z2zn/2paTAh1CL2amxDBV2KCiCezIrwD:OuzeVjXjixyrcb2Er/2gTo/2ZiPD

authentihash 86be1fff3257df786227c3dff8bfc97d645d7b77dd0a6c1fe00980fca04b7378
imphash 6b706fcea2545dc4923e59e2e3d30e5d
File size 203.0 KB ( 207872 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe

VirusTotal metadata
First submission 2014-06-12 14:43:08 UTC ( 4 years, 9 months ago )
Last submission 2015-12-19 06:46:11 UTC ( 3 years, 3 months ago )
File names file-7112818_scr
lgm_ssl_certificate.scr
34e96de0a975851afb2e57a6b535d514617af7eb82d6b2965542bb70aa3424ca.exe
Rfahhih.exe
Olexu
34e96de0a975851afb2e57a6b535d514617af7eb82d6b2965542bb70aa3424ca.vir
lgm_ssl_certificate.scr
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created processes
Opened mutexes
Runtime DLLs