× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 38cac264862b2bef9b811a831ed3c0280eeb274ab91f9a80362ae387d0e07e32
File name: IM4413JI63.exe
Detection ratio: 42 / 56
Analysis date: 2015-10-30 01:05:39 UTC ( 2 years, 3 months ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Kazy.417771 20151030
Yandex Backdoor.Carbanak! 20151029
AhnLab-V3 Trojan/Win32.Qadars 20151029
ALYac Backdoor.Agent.Carbanak 20151030
Antiy-AVL Trojan[Backdoor]/Win32.Carbanak 20151029
Arcabit Trojan.Kazy.D65FEB 20151030
Avast Win32:GenMalicious-ARH [Trj] 20151030
AVG Generic36.WOB 20151030
Avira (no cloud) TR/Qadars.A.198 20151030
AVware Trojan.Win32.Generic!BT 20151029
Baidu-International Trojan.Win32.Qadars.AB 20151029
BitDefender Gen:Variant.Kazy.417771 20151030
CAT-QuickHeal Backdoor.Carbanak.r5 20151029
Comodo UnclassifiedMalware 20151029
DrWeb Trojan.Rodricter.176 20151030
Emsisoft Gen:Variant.Kazy.417771 (B) 20151030
ESET-NOD32 Win32/Qadars.AB 20151030
F-Secure Gen:Variant.Kazy.417771 20151030
Fortinet W32/Carbanak.B!tr.bdr 20151030
GData Gen:Variant.Kazy.417771 20151030
Ikarus Backdoor.Win32.Carbanak 20151029
K7AntiVirus Trojan ( 0048e1fe1 ) 20151029
K7GW Trojan ( 0048e1fe1 ) 20151029
Kaspersky HEUR:Trojan.Win32.Generic 20151030
Malwarebytes Spyware.Zbot.VXGen 20151029
McAfee RDN/Generic BackDoor!bbr 20151030
McAfee-GW-Edition RDN/Generic BackDoor!bbr 20151029
Microsoft Trojan:Win32/Qadars.A 20151029
eScan Gen:Variant.Kazy.417771 20151029
NANO-Antivirus Trojan.Win32.Carbanak.dciuue 20151029
nProtect Backdoor/W32.Carbanak.424972 20151029
Panda Trj/CI.A 20151029
Qihoo-360 Win32/Trojan.780 20151030
Rising PE:Malware.Generic/QRS!1.9E2D [F] 20151029
Sophos AV Mal/EncPk-ALY 20151030
Symantec Backdoor.Qadars 20151029
Tencent Win32.Backdoor.Carbanak.Pbzg 20151030
TrendMicro BKDR_CARBANAK.A 20151030
TrendMicro-HouseCall BKDR_CARBANAK.A 20151030
VBA32 Backdoor.Carbanak 20151028
VIPRE Trojan.Win32.Generic!BT 20151030
ViRobot Trojan.Win32.Agent.424972[h] 20151029
AegisLab 20151029
Alibaba 20151029
Bkav 20151029
ByteHero 20151030
ClamAV 20151030
CMC 20151029
Cyren 20151030
F-Prot 20151030
Jiangmin 20151029
SUPERAntiSpyware 20151030
TheHacker 20151028
TotalDefense 20151029
Zillya 20151029
Zoner 20151029
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright 1994 - 2013

Product x8amqw3AS9
Original name IM4413JI63.exe
Internal name IM4413JI63.exe
File version 1.4.9.3
Description P7z0Q4CX8
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-06-16 15:38:03
Entry Point 0x00011BC0
Number of sections 5
PE sections
Overlays
MD5 8dd6bb7329a71449b0a1b292b5999164
File type ASCII text
Offset 424960
Size 12
Entropy 0.00
PE imports
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegUnLoadKeyW
SetBkColor
SetBkMode
SetTextColor
WriteProfileStringW
GetCurrentProcess
lstrcpyW
CreateEventW
lstrlenW
GetModuleHandleA
GlobalFree
GlobalAlloc
SetUnhandledExceptionFilter
UnhandledExceptionFilter
lstrcatW
Sleep
ResetEvent
IsProcessorFeaturePresent
IsDebuggerPresent
TerminateProcess
GlobalLock
GetCommandLineW
LoadLibraryA
CloseHandle
SetFocus
TrackPopupMenuEx
UpdateWindow
EndDialog
DestroyWindow
GetMessageW
OffsetRect
GetDlgCtrlID
DestroyMenu
CheckMenuRadioItem
PostQuitMessage
ShowWindow
MessageBeep
LoadMenuW
GetClipboardData
GetSysColorBrush
SetWindowLongW
MessageBoxW
GetWindowRect
RegisterClassExW
ChildWindowFromPoint
SetWindowPos
GetSysColor
CheckDlgButton
CreateDialogParamW
GetProcessDefaultLayout
CheckMenuItem
SendMessageW
HideCaret
WinHelpW
LoadStringW
GetClientRect
GetDlgItem
SystemParametersInfoW
EnableMenuItem
ScreenToClient
InvalidateRect
GetSubMenu
OpenClipboard
CallWindowProcW
SetWindowTextW
GetWindowTextW
SetDlgItemInt
LoadCursorW
LoadIconW
EnableWindow
CloseClipboard
CharNextW
TranslateAcceleratorW
Number of PE resources by type
RT_DIALOG 3
RT_VERSION 1
Y97MIJ53 1
Number of PE resources by language
ENGLISH US 4
FRENCH CANADIAN 1
PE resources
ExifTool file metadata
SubsystemVersion
5.1

LinkerVersion
10.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.4.9.3

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
ASCII

InitializedDataSize
487936

EntryPoint
0x11bc0

OriginalFileName
IM4413JI63.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright 1994 - 2013

FileVersion
1.4.9.3

TimeStamp
2014:06:16 16:38:03+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
IM4413JI63.exe

ProductVersion
1.4.9.3

FileDescription
P7z0Q4CX8

OSVersion
5.1

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
logiware gmbh

CodeSize
220160

ProductName
x8amqw3AS9

ProductVersionNumber
1.4.9.3

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 4a1cd53ae32c782f01df29ff5287ffab
SHA1 b3a5006e3bbab33fcb3e220d0de87b89c6396f05
SHA256 38cac264862b2bef9b811a831ed3c0280eeb274ab91f9a80362ae387d0e07e32
ssdeep
6144:kdbIg52qV7K8u6VcDD/cPCXMU1LyYnNddk48YjCjfXRSoLIFLYoEd4HGIE1j:uj52qcm+1LyWN98YjCjfRFU+SHo

authentihash 68a3a6366029cd8f37f0b28a33364eeb7be6f3c5fa67fc2d1d2f9e21d25267cd
imphash c80cae2756a4582e7e1d3c1c38db199f
File size 415.0 KB ( 424972 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe overlay

VirusTotal metadata
First submission 2014-07-17 17:29:40 UTC ( 3 years, 7 months ago )
Last submission 2015-02-17 16:00:40 UTC ( 3 years ago )
File names vti-rescan
4a1cd53ae32c782f01df29ff5287ffab
IM4413JI63.exe
vt-upload-p33tl
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Runtime DLLs