× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 3e98e42adeee948953668be472e63c992b201b88ae2390053c1f6520d7aef8e1
File name: 34ff998ac0bd7f4081c48da69d0a3cf1
Detection ratio: 52 / 55
Analysis date: 2014-11-10 18:58:02 UTC ( 4 years, 3 months ago ) View latest
Antivirus Result Update
Ad-Aware Worm.Generic.73749 20141110
Yandex I-Worm.Brontok.O 20141110
AhnLab-V3 Win-Trojan/Xema.variant 20141110
Antiy-AVL Worm[Email]/Win32.Brontok 20141110
Avast Win32:Rontokbr-N [Wrm] 20141110
AVG Worm/Brontok.GV 20141110
Avira (no cloud) Worm/Rontok.D 20141110
AVware Worm.Win32.Brontok.1!cobra (v) 20141110
Baidu-International Worm.Win32.Brontok.AQOn 20141107
BitDefender Worm.Generic.73749 20141110
Bkav W32.Rontokbro.Worm 20141110
CAT-QuickHeal W32.Brontok.Q 20141110
ClamAV Worm.Brontok.Y 20141110
CMC Email-Worm.Win32.Brontok!O 20141110
Comodo Worm.Win32.Brontok.G 20141110
Cyren W32/Brontok.C.gen!Eldorado 20141110
DrWeb BackDoor.Generic.3334 20141110
Emsisoft Worm.Generic.73749 (B) 20141110
ESET-NOD32 Win32/Brontok.G 20141110
F-Prot W32/EmailWorm.GCX 20141110
F-Secure Worm.Generic.73749 20141110
GData Worm.Generic.73749 20141110
Ikarus Email-Worm.Win32.Brontok 20141110
Jiangmin I-Worm/Brontok.d 20141110
K7AntiVirus Riskware ( 0015e4f11 ) 20141110
K7GW Riskware ( 0015e4f11 ) 20141110
Kaspersky Email-Worm.Win32.Brontok.q 20141110
Kingsoft Worm.MailBrontok.b.(kcloud) 20141110
Malwarebytes Malware.Gen 20141110
McAfee W32/Rontokbro.gen@MM 20141110
McAfee-GW-Edition BehavesLike.Win32.Ramnit.cz 20141110
Microsoft Worm:Win32/Brontok.DF@mm 20141110
eScan Worm.Generic.73749 20141110
NANO-Antivirus Trojan.Win32.Brontok.gxvt 20141110
Norman Rontokbro 20141110
nProtect Worm.Generic.73749 20141110
Panda W32/Brontok.CX.worm 20141110
Qihoo-360 HEUR/Malware.QVM18.Gen 20141110
Rising PE:Malware.FakeFolder@CV!1.6AA9 20141110
Sophos AV W32/Brontok-DB 20141110
SUPERAntiSpyware Trojan.Agent/Gen-Krotche 20141110
Symantec W32.Rontokbro@mm 20141110
Tencent Trojan.Win32.FakeFolder.v 20141110
TheHacker W32/Brontok.a 20141110
TotalDefense Win32/Robknot.H 20141110
TrendMicro WORM_RONTOKBRO.H 20141110
TrendMicro-HouseCall WORM_RONTOKBRO.H 20141110
VBA32 Trojan.Brontok.1205 20141110
VIPRE Worm.Win32.Brontok.1!cobra (v) 20141110
ViRobot I-Worm.Win32.A.Brontok.65024 20141110
Zillya Worm.Brontok.Win32.2083 20141110
Zoner I-Worm.Brontok.G.autodetect.985 20141110
AegisLab 20141110
ByteHero 20141110
Fortinet 20141110
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file.
Packers identified
PEiD MEW 11 SE v1.2 -> Northfox[HCC]
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Entry Point 0x0002DF90
Number of sections 2
PE sections
Overlays
MD5 79bfd1d69b2829b17ae13b80a6b48489
File type ASCII text
Offset 41385
Size 139264
Entropy 0.00
PE imports
LoadLibraryA
GetProcAddress
Number of PE resources by type
RT_ICON 3
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 4
PE resources
ExifTool file metadata
FileAccessDate
2014:11:10 20:25:30+01:00

FileCreateDate
2014:11:10 20:25:30+01:00

Compressed bundles
File identification
MD5 34ff998ac0bd7f4081c48da69d0a3cf1
SHA1 a06553991fac4e76230b92d64cf86007e74d9bc7
SHA256 3e98e42adeee948953668be472e63c992b201b88ae2390053c1f6520d7aef8e1
ssdeep
768:iwi/q/onRp+quFZEsoK+mW09PA+ezFuXD3XJXYyfIo3jv35BMC:4Xo7FusoK+mzabuLXNHD3T5

authentihash 87fc37576d45d0988096993265f3d8e7eb26e2bf0d579c59a64f991970f47c7d
imphash 87bed5a7cba00c7e1f4015f1bdae2183
File size 176.4 KB ( 180649 bytes )
File type Win32 EXE
Magic literal
MS-DOS executable, PE for MS Windows (GUI) Intel 80386 32-bit

TrID Mew compressed Win32 Executable (88.8%)
Win32 Executable (generic) (5.9%)
Generic Win/DOS Executable (2.6%)
DOS Executable Generic (2.6%)
Tags
mew peexe overlay

VirusTotal metadata
First submission 2013-02-26 11:20:16 UTC ( 5 years, 11 months ago )
Last submission 2013-02-26 11:20:16 UTC ( 5 years, 11 months ago )
File names ???.exe
34ff998ac0bd7f4081c48da69d0a3cf1
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Hooking activity
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.
UDP communications