× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 3763f09f26dbe26ba8000b69a1821bf1f3c12409ef83c4af81e249ef67da91f4
File name: 454sd.exe
Detection ratio: 3 / 54
Analysis date: 2015-11-30 14:38:57 UTC ( 1 year, 10 months ago ) View latest
Antivirus Result Update
Kaspersky UDS:DangerousObject.Multi.Generic 20151130
Qihoo-360 HEUR/QVM10.1.Malware.Gen 20151130
TrendMicro TSPY_DRIDEX.YYSPG 20151130
Ad-Aware 20151130
AegisLab 20151130
Yandex 20151129
AhnLab-V3 20151130
Alibaba 20151130
ALYac 20151130
Antiy-AVL 20151130
Arcabit 20151130
Avast 20151130
AVG 20151130
AVware 20151130
Baidu-International 20151130
BitDefender 20151130
Bkav 20151130
ByteHero 20151130
CAT-QuickHeal 20151130
ClamAV 20151130
CMC 20151130
Comodo 20151130
Cyren 20151130
DrWeb 20151130
Emsisoft 20151130
ESET-NOD32 20151130
F-Prot 20151130
F-Secure 20151130
Fortinet 20151130
GData 20151130
Ikarus 20151130
Jiangmin 20151129
K7AntiVirus 20151130
K7GW 20151130
Malwarebytes 20151130
McAfee 20151130
McAfee-GW-Edition 20151130
Microsoft 20151130
eScan 20151130
NANO-Antivirus 20151130
nProtect 20151130
Panda 20151130
Rising 20151129
Sophos AV 20151130
SUPERAntiSpyware 20151130
Symantec 20151129
Tencent 20151130
TheHacker 20151127
TrendMicro-HouseCall 20151130
VBA32 20151129
VIPRE 20151130
ViRobot 20151130
Zillya 20151130
Zoner 20151130
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-11-30 12:49:44
Entry Point 0x00007BDF
Number of sections 4
PE sections
PE imports
AVIFileCreateStreamA
AVIStreamOpenFromFileA
AVIFileInit
AVIMakeCompressedStream
AVIStreamSetFormat
AVIFileExit
AVIStreamInfoA
ImageList_GetImageCount
ImageList_Draw
ImageList_GetImageInfo
ImageList_Create
ImageList_ReplaceIcon
ImageList_Add
GetObjectA
CloseMetaFile
DeleteDC
RestoreDC
CreateHalftonePalette
BitBlt
CreatePen
SaveDC
RealizePalette
SelectPalette
GetPixel
SelectObject
CreateCompatibleDC
DeleteObject
CreateCompatibleBitmap
GetTcpTable
GetStdHandle
GetConsoleOutputCP
WaitForSingleObject
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
lstrcatA
FreeEnvironmentStringsW
lstrcatW
SetStdHandle
WideCharToMultiByte
GetStringTypeA
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
FindClose
InterlockedDecrement
FindNextChangeNotification
SetLastError
ReadConsoleInputA
IsDebuggerPresent
HeapAlloc
GetModuleFileNameA
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
SetFilePointer
GlobalAddAtomA
SetUnhandledExceptionFilter
TerminateProcess
WriteConsoleA
GlobalAlloc
GetCurrentThreadId
InterlockedIncrement
HeapCreate
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
GetOEMCP
QueryPerformanceCounter
GetTickCount
SetConsoleTextAttribute
TlsAlloc
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetStartupInfoA
GlobalDeleteAtom
GlobalLock
lstrcpyW
FindNextFileW
FindFirstFileW
GetProcAddress
GetFileType
TlsSetValue
CreateFileA
ExitProcess
LeaveCriticalSection
GetLastError
LCMapStringW
FindFirstChangeNotificationA
GetConsoleCP
LCMapStringA
GetEnvironmentStringsW
GlobalUnlock
lstrlenW
GetEnvironmentStrings
GetCurrentProcessId
GetCPInfo
HeapSize
GetConsoleTitleA
GetCommandLineA
RaiseException
TlsFree
GetModuleHandleA
SetConsoleTitleA
CloseHandle
GetACP
GetModuleHandleW
IsValidCodePage
SetConsoleMode
VirtualFree
Sleep
VirtualAlloc
SHGetFolderPathW
GetForegroundWindow
BeginPaint
FindWindowA
DefWindowProcA
ShowWindow
LoadBitmapA
GetClipboardData
FreeDDElParam
GetWindowRect
EndPaint
PostMessageA
EnumChildWindows
DialogBoxParamA
GetDC
GetAsyncKeyState
ReleaseDC
DestroyIcon
CreateWindowExA
SetClipboardData
SendMessageA
UnpackDDElParam
GetDlgItem
PackDDElParam
RegisterClassA
SetRect
InvalidateRect
InsertMenuA
CreateMenu
LoadCursorA
GetDesktopWindow
LoadImageA
wsprintfW
GetWindowTextA
DestroyWindow
SetCursor
OpenThemeData
CloseThemeData
GetThemeSysSize
GetThemeDocumentationProperty
mmioStringToFOURCCA
mmioClose
mmioOpenA
mmioDescend
WSACloseEvent
accept
WSAEventSelect
WSAStartup
WSAEnumNetworkEvents
WSAWaitForMultipleEvents
send
WSACreateEvent
ioctlsocket
recv
WSAGetLastError
GdiplusStartup
Number of PE resources by type
RT_BITMAP 18
RT_ICON 6
LANGZIP 1
RT_MANIFEST 1
UNICODE 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 28
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2015:11:30 13:49:44+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
104960

LinkerVersion
9.0

FileTypeExtension
exe

InitializedDataSize
137216

SubsystemVersion
5.0

EntryPoint
0x7bdf

OSVersion
5.0

ImageVersion
0.0

UninitializedDataSize
0

Compressed bundles
File identification
MD5 495d47eedde6566a12b74c652857887e
SHA1 ac06c7e3eb4576d7cae9b0bd47d9dd9233b682e3
SHA256 3763f09f26dbe26ba8000b69a1821bf1f3c12409ef83c4af81e249ef67da91f4
ssdeep
6144:puxM64V0U93P46x83aWmxZwd1DXYF01srmN+0hi:puxM64L/4kWkgsrmN+0c

authentihash 7020568aaec32a4e302e49b9ea86537e9cb8ded0a4f5ee7b74d0ad39e84a8153
imphash 7caeca5965370580a535d7256801ad14
File size 237.5 KB ( 243200 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386

TrID Win32 Executable MS Visual C++ (generic) (67.4%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2015-11-30 12:57:31 UTC ( 1 year, 10 months ago )
Last submission 2016-12-15 20:24:57 UTC ( 10 months, 1 week ago )
File names VirusShare_495d47eedde6566a12b74c652857887e
454sd.exe
Urmp48D.xltx
VirusShare_495d47eedde6566a12b74c652857887e
pointst.exe
454sd.exe
454sd.exe
454sd.exe
47af386fb4df18f05b56f77b077b2a40dfbae2a8
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Code injections in the following processes
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Runtime DLLs
HTTP requests
DNS requests
TCP connections