× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 39832daa20ded7e21d255f298664f1552216a7a714530728426af43dbd053b77
File name: 39832daa20ded7e21d255f298664f1552216a7a714530728426af43dbd053b77
Detection ratio: 12 / 56
Analysis date: 2015-04-15 16:50:32 UTC ( 4 years, 1 month ago ) View latest
Antivirus Result Update
AhnLab-V3 Trojan/Win32.ZBot 20150415
Antiy-AVL Trojan[Ransom]/Win32.Blocker 20150415
AVG Inject2.BYBJ 20150415
Bkav HW32.Packed.73E8 20150415
DrWeb Trojan.Encoder.514 20150415
ESET-NOD32 Win32/Emotet.AI 20150415
Fortinet W32/Emotet.AI!tr 20150415
Kaspersky UDS:DangerousObject.Multi.Generic 20150415
Microsoft Trojan:Win32/Emotet.G 20150415
Sophos AV Mal/Generic-S 20150415
SUPERAntiSpyware Trojan.Agent/Gen-Injector 20150415
Tencent Trojan.Win32.Qudamah.Gen.7 20150415
Ad-Aware 20150415
AegisLab 20150415
Yandex 20150414
Alibaba 20150415
ALYac 20150416
Avast 20150415
AVware 20150415
Baidu-International 20150415
BitDefender 20150415
ByteHero 20150415
CAT-QuickHeal 20150415
ClamAV 20150415
CMC 20150413
Comodo 20150415
Cyren 20150415
Emsisoft 20150415
F-Prot 20150415
F-Secure 20150415
GData 20150415
Ikarus 20150415
Jiangmin 20150414
K7AntiVirus 20150415
K7GW 20150415
Kingsoft 20150415
Malwarebytes 20150415
McAfee 20150415
McAfee-GW-Edition 20150415
eScan 20150415
NANO-Antivirus 20150415
Norman 20150415
nProtect 20150415
Panda 20150415
Qihoo-360 20150415
Rising 20150415
Symantec 20150415
TheHacker 20150414
TotalDefense 20150415
TrendMicro 20150415
TrendMicro-HouseCall 20150415
VBA32 20150415
VIPRE 20150415
ViRobot 20150415
Zillya 20150415
Zoner 20150413
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-04-12 22:20:09
Entry Point 0x00007016
Number of sections 7
PE sections
PE imports
RegOpenKeyA
SelectObject
CreateSolidBrush
Rectangle
GetSystemTime
GetStartupInfoA
GetModuleHandleA
GlobalFree
GetVersionExW
FreeLibrary
HeapDestroy
GetStartupInfoW
CreateFileA
GetCommandLineA
GetACP
GetModuleFileNameA
IsBadReadPtr
Ord(1775)
Ord(4080)
Ord(537)
Ord(4710)
Ord(2414)
Ord(3597)
Ord(1641)
Ord(3136)
Ord(4524)
Ord(554)
Ord(1842)
Ord(5237)
Ord(5577)
Ord(3350)
Ord(1089)
Ord(6375)
Ord(540)
Ord(3626)
Ord(4589)
Ord(3798)
Ord(2621)
Ord(3259)
Ord(5290)
Ord(2446)
Ord(5214)
Ord(5301)
Ord(807)
Ord(4163)
Ord(4964)
Ord(6215)
Ord(6625)
Ord(5787)
Ord(4529)
Ord(815)
Ord(2723)
Ord(366)
Ord(641)
Ord(2494)
Ord(796)
Ord(5277)
Ord(2514)
Ord(4953)
Ord(4425)
Ord(3454)
Ord(4696)
Ord(4441)
Ord(4077)
Ord(1134)
Ord(4465)
Ord(4108)
Ord(5300)
Ord(2379)
Ord(6175)
Ord(338)
Ord(4627)
Ord(1168)
Ord(3738)
Ord(4853)
Ord(2982)
Ord(617)
Ord(3172)
Ord(4526)
Ord(4234)
Ord(825)
Ord(3081)
Ord(5199)
Ord(5307)
Ord(4242)
Ord(4823)
Ord(2390)
Ord(2513)
Ord(2542)
Ord(4424)
Ord(4273)
Ord(5260)
Ord(5076)
Ord(4078)
Ord(3059)
Ord(2554)
Ord(4376)
Ord(1945)
Ord(6376)
Ord(5282)
Ord(4614)
Ord(2117)
Ord(1727)
Ord(823)
Ord(3573)
Ord(813)
Ord(2725)
Ord(4998)
Ord(5472)
Ord(4436)
Ord(4457)
Ord(800)
Ord(3749)
Ord(4610)
Ord(4899)
Ord(4427)
Ord(4274)
Ord(5261)
Ord(4079)
Ord(4467)
Ord(3058)
Ord(3147)
Ord(2124)
Ord(6052)
Ord(1726)
Ord(560)
Ord(6336)
Ord(4890)
Ord(3262)
Ord(5653)
Ord(674)
Ord(293)
Ord(975)
Ord(1576)
Ord(5243)
Ord(5252)
Ord(4353)
Ord(3748)
Ord(5065)
Ord(1665)
Ord(4407)
Ord(4426)
Ord(6117)
Ord(3663)
Ord(3346)
Ord(4303)
Ord(2396)
Ord(4159)
Ord(3831)
Ord(520)
Ord(6374)
Ord(5280)
Ord(986)
Ord(4612)
Ord(3825)
Ord(2976)
Ord(2535)
Ord(4961)
Ord(3198)
Ord(2985)
Ord(3922)
Ord(5240)
Ord(6080)
Ord(4151)
Ord(2649)
Ord(2510)
Ord(2626)
Ord(1776)
Ord(6000)
Ord(4623)
Ord(324)
Ord(296)
Ord(4238)
Ord(3830)
Ord(5103)
Ord(2385)
Ord(4613)
Ord(4349)
Ord(2878)
Ord(3079)
Ord(2512)
Ord(652)
Ord(4387)
Ord(4420)
Ord(2055)
Ord(2627)
Ord(4837)
Ord(5241)
Ord(5100)
Ord(2399)
Ord(5012)
Ord(2648)
Ord(3065)
Ord(5714)
Ord(5289)
Ord(4545)
Ord(3403)
Ord(4615)
Ord(4622)
Ord(561)
Ord(1746)
Ord(4543)
Ord(4486)
Ord(2879)
Ord(4723)
Ord(4341)
Ord(529)
Ord(4698)
Ord(5163)
Ord(6055)
Ord(5265)
Ord(5731)
Ord(4858)
Ord(4432)
Ord(5740)
Ord(5302)
Ord(1825)
Ord(4531)
_except_handler3
__p__fmode
srand
_XcptFilter
__CxxFrameHandler
_acmdln
_exit
__p__commode
__setusermatherr
_setmbcp
__dllonexit
_onexit
exit
time
__getmainargs
_initterm
_controlfp
rand
_adjust_fdiv
__set_app_type
GetClientRect
UpdateWindow
DispatchMessageA
EnableWindow
ReleaseCapture
DialogBoxParamW
CheckRadioButton
MessageBoxA
GetWindowTextA
ScreenToClient
IsDialogMessageA
InvalidateRect
Number of PE resources by type
RT_STRING 13
RT_DIALOG 1
Struct(55) 1
RT_ICON 1
Struct(241) 1
RT_MENU 1
RT_ACCELERATOR 1
RT_BITMAP 1
RT_GROUP_ICON 1
Number of PE resources by language
GERMAN AUSTRIAN 13
NEUTRAL 3
CHINESE SIMPLIFIED 3
GERMAN SWISS 2
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2015:04:12 23:20:09+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
28672

LinkerVersion
6.0

EntryPoint
0x7016

InitializedDataSize
200704

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 159accce189ea4e9d70f2b9bfa21f31d
SHA1 02096b7bccdfc892fce31837ee4e07f0b85e9cb5
SHA256 39832daa20ded7e21d255f298664f1552216a7a714530728426af43dbd053b77
ssdeep
3072:dHRGNIg85g21tsFKcpOYRT+PlAsibC9uxifhPfFNFhD6l4y1D6Qv5ekOXPVkCQy:dsNTqg21apO4adriGLfhlNSuyQBfQ

authentihash dce895f52fa12d89775d5520d4aa2f092f2e8427529e882c2f4ad45ee943cda3
imphash 97122e70256b9d1922695afee10e5200
File size 232.0 KB ( 237568 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe

VirusTotal metadata
First submission 2015-04-15 16:50:32 UTC ( 4 years, 1 month ago )
Last submission 2015-04-15 16:50:32 UTC ( 4 years, 1 month ago )
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Code injections in the following processes
Opened mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
UDP communications