× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 370fd20aa6b7aef9b2c08dcd1aadbfe73caa2ece6513ff0e392e9eca6a1327c0
File name: 240e677a3091c0dd5c7177de04852cdd
Detection ratio: 10 / 51
Analysis date: 2014-04-21 16:35:37 UTC ( 4 years, 8 months ago )
Antivirus Result Update
AntiVir TR/ZbotCitadel.A.563 20140421
ByteHero Trojan.Malware.Obscu.Gen.002 20140421
CMC Packed.Win32.Katusha.1!O 20140421
McAfee Artemis!240E677A3091 20140421
McAfee-GW-Edition Artemis!240E677A3091 20140421
Qihoo-360 Malware.QVM20.Gen 20140421
Rising PE:Malware.XPACK-HIE/Heur!1.9C48 20140421
Sophos AV Mal/Generic-S 20140421
Symantec WS.Reputation.1 20140421
TrendMicro TROJ_FORUCON.BMC 20140421
Ad-Aware 20140421
AegisLab 20140421
Yandex 20140421
AhnLab-V3 20140421
Antiy-AVL 20140421
Avast 20140421
AVG 20140421
Baidu-International 20140421
BitDefender 20140421
Bkav 20140418
CAT-QuickHeal 20140421
ClamAV 20140421
Commtouch 20140421
Comodo 20140421
DrWeb 20140421
Emsisoft 20140421
ESET-NOD32 20140421
F-Prot 20140421
F-Secure 20140421
Fortinet 20140421
GData 20140421
Ikarus 20140421
Jiangmin 20140421
K7AntiVirus 20140421
K7GW 20140421
Kaspersky 20140421
Kingsoft 20140421
Malwarebytes 20140421
Microsoft 20140421
eScan 20140421
NANO-Antivirus 20140421
Norman 20140421
nProtect 20140421
Panda 20140421
SUPERAntiSpyware 20140421
TheHacker 20140421
TotalDefense 20140421
TrendMicro-HouseCall 20140421
VBA32 20140421
VIPRE 20140421
ViRobot 20140421
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-02-05 15:37:36
Entry Point 0x0000262D
Number of sections 4
PE sections
PE imports
RegOpenKeyExA
RegSetValueExA
RegQueryValueExA
RegCloseKey
RegCreateKeyExA
GetObjectA
LineTo
DeleteDC
SelectObject
MoveToEx
CreatePen
GetStockObject
BitBlt
CreateCompatibleDC
DeleteObject
GetLastError
EnterCriticalSection
SetEvent
QueryPerformanceCounter
IsDebuggerPresent
GetTickCount
TlsAlloc
VirtualProtect
DeleteCriticalSection
GetStartupInfoA
GetCurrentProcessId
UnhandledExceptionFilter
GetCommandLineA
InterlockedCompareExchange
CreateThread
InterlockedExchange
SetUnhandledExceptionFilter
GetCurrentProcess
CloseHandle
GetSystemTimeAsFileTime
GetACP
TerminateProcess
InitializeCriticalSection
CreateEventA
Sleep
GetCurrentThreadId
LeaveCriticalSection
GetMessageA
UpdateWindow
EndDialog
LoadMenuA
PostQuitMessage
DefWindowProcA
SetWindowPos
SendDlgItemMessageA
GetSystemMetrics
DispatchMessageA
EndPaint
SetDlgItemTextA
PostMessageA
GetDlgItemTextA
TranslateMessage
DialogBoxParamA
GetDlgItemInt
RegisterClassExA
BeginPaint
SetWindowTextA
CheckMenuItem
LoadStringA
GetWindowPlacement
SendMessageA
CloseWindow
GetDlgItem
DrawMenuBar
WinHelpA
InvalidateRect
LoadAcceleratorsA
GetSubMenu
CreateWindowExA
LoadCursorA
LoadIconA
TrackPopupMenu
TranslateAcceleratorA
SetDlgItemInt
ModifyMenuA
setsockopt
socket
recv
inet_addr
send
WSACleanup
WSAStartup
gethostbyname
select
connect
shutdown
htons
closesocket
WSAGetLastError
Number of PE resources by type
RT_ICON 7
RT_DIALOG 6
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 14
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2014:02:05 16:37:36+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
256512

LinkerVersion
9.0

FileAccessDate
2014:04:21 19:45:03+01:00

EntryPoint
0x262d

InitializedDataSize
32768

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

FileCreateDate
2014:04:21 19:45:03+01:00

UninitializedDataSize
0

File identification
MD5 240e677a3091c0dd5c7177de04852cdd
SHA1 2b260a65c3d3df7a7992d0adf1707e6a7fd1f3c3
SHA256 370fd20aa6b7aef9b2c08dcd1aadbfe73caa2ece6513ff0e392e9eca6a1327c0
ssdeep
6144:25CQ+MsU4UApHxjeBRP6UhObws9q8BinDfDwGebk2kR7g+/MgamX:2YQ+MMlpRaZh4xtInDMY/BgUME

imphash 3e5a3548dd37d2ea62a6341501475f5e
File size 284.5 KB ( 291328 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe

VirusTotal metadata
First submission 2014-04-21 16:35:37 UTC ( 4 years, 8 months ago )
Last submission 2014-04-21 16:35:37 UTC ( 4 years, 8 months ago )
File names 240e677a3091c0dd5c7177de04852cdd
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Moved files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
DNS requests
UDP communications