× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 371e6b5416562a91244300c2fd7842ef91da591338f6f5cb6a912ccffcdf679c
File name: 1Z522A9A6892487822.exe
Detection ratio: 4 / 51
Analysis date: 2014-04-10 15:47:57 UTC ( 10 months, 3 weeks ago ) View latest
Antivirus Result Update
ESET-NOD32 Win32/Spy.Zbot.AAU 20140410
Malwarebytes Spyware.ZeuS 20140410
Qihoo-360 HEUR/Malware.QVM20.Gen 20140410
Rising PE:Malware.XPACK-HIE/Heur!1.9C48 20140410
AVG 20140410
Ad-Aware 20140410
AegisLab 20140410
Agnitum 20140410
AhnLab-V3 20140410
AntiVir 20140410
Antiy-AVL 20140409
Avast 20140410
Baidu-International 20140410
BitDefender 20140410
Bkav 20140410
ByteHero 20140410
CAT-QuickHeal 20140410
CMC 20140410
ClamAV 20140410
Commtouch 20140410
Comodo 20140410
DrWeb 20140410
Emsisoft 20140410
F-Prot 20140410
F-Secure 20140410
Fortinet 20140410
GData 20140410
Ikarus 20140410
Jiangmin 20140410
K7AntiVirus 20140410
K7GW 20140410
Kaspersky 20140410
Kingsoft 20140410
McAfee 20140410
McAfee-GW-Edition 20140410
MicroWorld-eScan 20140410
Microsoft 20140410
NANO-Antivirus 20140410
Norman 20140410
Panda 20140410
SUPERAntiSpyware 20140410
Sophos 20140410
Symantec 20140410
TheHacker 20140408
TotalDefense 20140410
TrendMicro 20140410
TrendMicro-HouseCall 20140410
VBA32 20140410
VIPRE 20140410
ViRobot 20140410
nProtect 20140410
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-04-10 20:09:03
Link date 9:09 PM 4/10/2014
Entry Point 0x00059DF0
Number of sections 4
PE sections
PE imports
DeleteIpNetEntry
GetStdHandle
FileTimeToSystemTime
WaitForSingleObject
HeapDestroy
EncodePointer
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
EnumSystemLocalesW
FreeEnvironmentStringsW
GetLocaleInfoW
SetStdHandle
GetCPInfo
InterlockedExchange
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
FreeLibrary
LocalFree
FormatMessageW
FreeLibraryAndExitThread
OutputDebugStringW
TlsGetValue
SetLastError
GetModuleFileNameW
IsDebuggerPresent
ExitProcess
FlushFileBuffers
GetModuleFileNameA
SetConsoleCtrlHandler
GetUserDefaultLCID
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
FatalAppExitA
SetFilePointerEx
InterlockedExchangeAdd
CreateSemaphoreW
CreateMutexW
IsProcessorFeaturePresent
DecodePointer
TerminateProcess
SetUnhandledExceptionFilter
GetModuleHandleExW
GlobalAlloc
GetCurrentThreadId
WriteConsoleW
AreFileApisANSI
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
GetVersionExW
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
GetVersionExA
RtlUnwind
GetDateFormatW
GetStartupInfoW
GlobalLock
GetProcessHeap
GetTimeFormatW
ResetEvent
IsValidLocale
GetProcAddress
CreateEventW
CreateFileW
GetFileType
TlsSetValue
HeapAlloc
LeaveCriticalSection
GetLastError
LCMapStringW
GlobalFree
GetConsoleCP
LCMapStringA
CompareStringW
GetEnvironmentStringsW
GlobalUnlock
lstrlenW
GetCurrentProcessId
GetCommandLineW
WideCharToMultiByte
HeapSize
GetCommandLineA
GetCurrentThread
TlsFree
GetModuleHandleA
ReadFile
CloseHandle
GetACP
GetModuleHandleW
IsValidCodePage
Sleep
VirtualAlloc
CompareStringA
SetupRemoveFromSourceListA
PathGetDriveNumberA
Number of PE resources by type
RT_ICON 1
RT_MANIFEST 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 3
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2014:04:10 21:09:03+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
460288

LinkerVersion
9.0

FileAccessDate
2014:11:12 19:59:41+01:00

EntryPoint
0x59df0

InitializedDataSize
27648

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

FileCreateDate
2014:11:12 19:59:41+01:00

UninitializedDataSize
0

Compressed bundles
File identification
MD5 8c407bcdf86e5cfff5983fed7cdc271d
SHA1 fa0538b4527f9059e0714ebb4a9948f93b46eb22
SHA256 371e6b5416562a91244300c2fd7842ef91da591338f6f5cb6a912ccffcdf679c
ssdeep
6144:wiAwnqxJQ9+KYSpm0NZKvuY6uXI0WSGCPiNMKVaZlr7VnXMszAGExX0ZKj:tt919Hsu0aUr7SrGEOZQ

authentihash e5f7d712bca62fa809bd060ffd7143b3fee00e2052e87e0a14e453eb9c1bb22b
imphash 67e44b39f925ee1d3faa64a44a2df826
File size 470.0 KB ( 481280 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe via-tor

VirusTotal metadata
First submission 2014-04-10 10:16:12 UTC ( 10 months, 3 weeks ago )
Last submission 2014-11-12 18:59:44 UTC ( 3 months, 2 weeks ago )
File names 18.exe
8c407bcdf86e5cfff5983fed7cdc271d.exe
371e6b5416562a91244300c2fd7842ef91da591338f6f5cb6a912ccffcdf679c.exe
1.exe
1Z522A9A6892487822.exe
1Z522A9A6892487822.exe
1Z522A9A6892487822.txt
1Z522A9A6892487822_exe
1Z522A9A6892487822.EXE
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
UDP communications