× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 36856601e5db73004336fc599f3966f1190070b3d3142ff7bc5bf86e33f1267f
File name: Mausbeweger.exe
Detection ratio: 0 / 54
Analysis date: 2015-06-24 16:38:08 UTC ( 3 years, 11 months ago ) View latest
Antivirus Result Update
Ad-Aware 20150623
AegisLab 20150623
Yandex 20150623
AhnLab-V3 20150623
Alibaba 20150623
ALYac 20150623
Antiy-AVL 20150623
Arcabit 20150623
Avast 20150623
AVG 20150623
Avira (no cloud) 20150623
AVware 20150623
Baidu-International 20150624
BitDefender 20150623
Bkav 20150624
ByteHero 20150624
CAT-QuickHeal 20150623
ClamAV 20150623
Comodo 20150623
Cyren 20150623
DrWeb 20150624
Emsisoft 20150623
ESET-NOD32 20150623
F-Prot 20150624
F-Secure 20150623
Fortinet 20150624
GData 20150623
Ikarus 20150623
Jiangmin 20150620
K7AntiVirus 20150623
K7GW 20150623
Kaspersky 20150623
Kingsoft 20150624
Malwarebytes 20150623
McAfee 20150624
McAfee-GW-Edition 20150623
Microsoft 20150623
eScan 20150623
NANO-Antivirus 20150622
nProtect 20150623
Panda 20150622
Qihoo-360 20150624
Rising 20150618
SUPERAntiSpyware 20150623
Symantec 20150624
Tencent 20150624
TheHacker 20150624
TrendMicro 20150623
TrendMicro-HouseCall 20150623
VBA32 20150622
VIPRE 20150623
ViRobot 20150623
Zillya 20150624
Zoner 20150624
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Jürgen Hägele 2014

File version 1.0.0.2
Description Mausbeweger
Comments Mausbewegung alle 5 Minuten 0,01mm nach oben und wieder zurück. Das ganze in einer Endlosschleife um die administrative Bildschirmsperrre zu umgehen.
Packers identified
F-PROT UPX
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-06-24 16:35:50
Entry Point 0x000F2F30
Number of sections 3
PE sections
PE imports
ImageList_Remove
GetSaveFileNameW
LineTo
IcmpSendEcho
VirtualFree
ExitProcess
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
WNetUseConnectionW
VariantInit
GetProcessMemoryInfo
DragFinish
LoadUserProfileW
IsThemeActive
VerQueryValueW
FtpOpenFileW
timeGetTime
CoGetObject
Number of PE resources by type
RT_STRING 7
RT_ICON 4
RT_GROUP_ICON 4
RT_MANIFEST 1
RT_MENU 1
RT_RCDATA 1
RT_VERSION 1
Number of PE resources by language
ENGLISH UK 17
GERMAN 1
NEUTRAL 1
PE resources
ExifTool file metadata
UninitializedDataSize
647168

Comments
Mausbewegung alle 5 Minuten 0,01mm nach oben und wieder zur ck. Das ganze in einer Endlosschleife um die administrative Bildschirmsperrre zu umgehen.

LinkerVersion
11.0

ImageVersion
0.0

FileVersionNumber
1.0.0.2

LanguageCode
German

FileFlagsMask
0x0000

FileDescription
Mausbeweger

ImageFileCharacteristics
Executable, Large address aware, 32-bit

CharacterSet
Unicode

InitializedDataSize
110592

EntryPoint
0xf2f30

MIMEType
application/octet-stream

LegalCopyright
J rgen H gele 2014

FileVersion
1.0.0.2

TimeStamp
2015:06:24 18:35:50+02:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
3.3.12.0

SubsystemVersion
5.1

OSVersion
5.1

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
348160

FileSubtype
0

ProductVersionNumber
3.3.12.0

FileTypeExtension
exe

ObjectFileType
Unknown

File identification
MD5 549fe75a0239f2fa1b1884a9e04fc0a8
SHA1 ec03ed7495ae473600b1501daeb01a72d8ecd802
SHA256 36856601e5db73004336fc599f3966f1190070b3d3142ff7bc5bf86e33f1267f
ssdeep
12288:aOv5jKhsfoPA+yeVKUCUxP4C902bdRtJJPi1CaUS:aq5TfcdHj4fmbK8S

authentihash 1117f951e62409be6b0b74367fceb02e44ecbcbd449a6bcc8286c9db6cd20ba3
imphash ef471c0edf1877cd5a881a6a8bf647b9
File size 444.0 KB ( 454656 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID UPX compressed Win32 Executable (42.1%)
Win32 EXE Yoda's Crypter (41.4%)
Win32 Executable (generic) (7.0%)
OS/2 Executable (generic) (3.1%)
Generic Win/DOS Executable (3.1%)
Tags
peexe upx

VirusTotal metadata
First submission 2015-06-24 16:38:08 UTC ( 3 years, 11 months ago )
Last submission 2018-03-05 14:12:12 UTC ( 1 year, 2 months ago )
File names Mausbeweger.exe
Mausbeweger.exe
Advanced heuristic and reputation engines
TrendMicro-HouseCall
TrendMicro's heuristic engine has flagged this file as: Suspicious_GEN.F47V1128.

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Searched windows
Runtime DLLs
Additional details
The file uses the IsDebuggerPresent Windows API function in order to see whether it is being debugged.
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.