× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 3cf465bb1424a465d3b212604288dd81c26e8b2b701cc06cfdd762feb3bafe01
File name: 4dgrgdg.exe
Detection ratio: 2 / 55
Analysis date: 2015-11-24 12:45:54 UTC ( 3 years, 6 months ago ) View latest
Antivirus Result Update
Kaspersky UDS:DangerousObject.Multi.Generic 20151124
Symantec Suspicious.Cloud.5 20151123
Ad-Aware 20151124
AegisLab 20151124
Yandex 20151123
AhnLab-V3 20151123
Alibaba 20151124
ALYac 20151124
Antiy-AVL 20151124
Arcabit 20151124
Avast 20151124
AVG 20151124
Avira (no cloud) 20151124
AVware 20151124
Baidu-International 20151124
BitDefender 20151124
Bkav 20151124
ByteHero 20151124
CAT-QuickHeal 20151124
ClamAV 20151124
CMC 20151124
Comodo 20151124
Cyren 20151124
DrWeb 20151124
Emsisoft 20151124
ESET-NOD32 20151124
F-Prot 20151124
F-Secure 20151124
Fortinet 20151124
GData 20151124
Ikarus 20151124
Jiangmin 20151123
K7AntiVirus 20151124
K7GW 20151124
Malwarebytes 20151124
McAfee 20151124
McAfee-GW-Edition 20151124
Microsoft 20151124
eScan 20151124
NANO-Antivirus 20151124
nProtect 20151124
Panda 20151124
Qihoo-360 20151124
Rising 20151122
Sophos AV 20151123
SUPERAntiSpyware 20151124
Tencent 20151124
TheHacker 20151121
TrendMicro 20151124
TrendMicro-HouseCall 20151124
VBA32 20151123
VIPRE 20151124
ViRobot 20151124
Zillya 20151123
Zoner 20151124
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-11-24 11:01:47
Entry Point 0x00005AA2
Number of sections 4
PE sections
PE imports
RegisterEventSourceW
DeregisterEventSource
SetNamedSecurityInfoA
GetSecurityDescriptorSacl
RegisterEventSourceA
GetTraceEnableFlags
ReportEventA
EnableTrace
ChooseColorA
GetSaveFileNameW
SelectObject
CreatePen
TextOutA
GetTextMetricsA
CreateSolidBrush
Polyline
DeleteObject
SetBkColor
GetFontLanguageInfo
EnumFontFamiliesA
GetStdHandle
GetConsoleOutputCP
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
FreeEnvironmentStringsW
SetStdHandle
GetTempPathA
GetCPInfo
GetStringTypeA
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
SetFileAttributesA
MoveFileA
AllocConsole
InterlockedDecrement
SetLastError
IsDebuggerPresent
ExitProcess
GetModuleFileNameA
SetConsoleScreenBufferSize
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
GetModuleHandleA
SetUnhandledExceptionFilter
TerminateProcess
WriteConsoleA
GetVersion
VirtualQuery
SetEndOfFile
GetCurrentThreadId
LeaveCriticalSection
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetStartupInfoA
GetFileSize
DeleteFileA
GlobalLock
GetConsoleScreenBufferInfo
GetProcessHeap
GetFileSizeEx
lstrcpyA
GetTempFileNameA
CreateFileMappingA
GetProcAddress
GetFileType
TlsSetValue
CreateFileA
HeapAlloc
InterlockedIncrement
GetLastError
LCMapStringW
HeapCreate
GetConsoleCP
LCMapStringA
GetEnvironmentStringsW
GlobalUnlock
GlobalAlloc
GetEnvironmentStrings
WritePrivateProfileStringA
GetCurrentProcessId
WideCharToMultiByte
HeapSize
GetCommandLineA
RaiseException
MapViewOfFile
TlsFree
SetFilePointer
ReadFile
CloseHandle
GetACP
GetModuleHandleW
IsValidCodePage
UnmapViewOfFile
VirtualFree
Sleep
VirtualAlloc
acmFormatChooseA
acmMetrics
acmDriverOpen
CreateStdAccessibleObject
OleSavePictureFile
OleLoadPicture
wglGetCurrentDC
UuidToStringA
RpcStringFreeA
UuidToStringW
UuidCreate
StrToInt64ExA
StrToIntA
MapVirtualKeyA
ReleaseDC
EndDialog
BeginPaint
PostQuitMessage
DefWindowProcA
FindWindowA
GetWindowThreadProcessId
GetWindowRect
EndPaint
GetDlgItemTextA
SetWindowLongA
DialogBoxParamA
GetWindow
GetSysColor
SetScrollInfo
CreateDialogParamW
DrawTextA
ShowCaret
ShowWindow
GetKeyNameTextA
SendMessageA
GetClientRect
GetDlgItem
SetRect
InvalidateRect
GetWindowLongA
CreateWindowExA
FillRect
DefDlgProcA
DestroyAcceleratorTable
GetDesktopWindow
GetDialogBaseUnits
GetDC
CreateAcceleratorTableA
WindowFromDC
InternetSetFilePointer
InternetReadFile
InternetOpenUrlA
InternetOpenA
HttpQueryInfoA
WSCDeinstallProvider
CreateStreamOnHGlobal
PdhGetFormattedCounterValue
PdhCloseQuery
PdhAddCounterW
PdhOpenQueryA
PdhCollectQueryData
Number of PE resources by type
RT_ICON 7
RT_DIALOG 5
RT_STRING 4
RT_MENU 2
RT_BITMAP 2
RT_MANIFEST 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 22
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2015:11:24 12:01:47+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
200192

LinkerVersion
9.0

FileTypeExtension
exe

InitializedDataSize
146432

SubsystemVersion
5.0

EntryPoint
0x5aa2

OSVersion
5.0

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 00ac8683e56102928e825f8d71b15473
SHA1 bb5d2af835101aca31f14385f5f2f3e8dcf0ac1a
SHA256 3cf465bb1424a465d3b212604288dd81c26e8b2b701cc06cfdd762feb3bafe01
ssdeep
6144:Q20MPRGCTYMbUwni/1jTiwgdsYUjxUkDzwcZKIEr7:/0MPoD9jTmpUjxo6KIEr7

authentihash 11abcd89957fb4ac78edda7e7d03c8928ba8c82e28b5142d6051e95aa418d8a6
imphash 304c57f4b6e44105ef4a9e6deed4d39c
File size 339.5 KB ( 347648 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2015-11-24 11:22:56 UTC ( 3 years, 6 months ago )
Last submission 2018-05-05 19:48:10 UTC ( 1 year ago )
File names 4dgrgdg-part-2.exe
3cf465bb1424a465d3b212604288dd81c26e8b2b701cc06cfdd762feb3bafe01.bin
4dgrgdg[1].exe.2188.dr
1wwN.jpeg
isheriff_00ac8683e56102928e825f8d71b15473.bin
4dgrgdg_exe
4dgrgdg.exe.vir
b53f0a69db65335d4a5021c3329298166f2875e7
4dgrgdg.exe
00ac8683e56102928e825f8d71b15473.exe
4dgrgdg.exe.malware
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Code injections in the following processes
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Runtime DLLs
HTTP requests
DNS requests
TCP connections