× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 413e359d19f3ea2416b065d6167d1b6d846a0d58fb3b13d21d5d15f335a7b559
File name: output.9221869.txt
Detection ratio: 41 / 68
Analysis date: 2018-06-11 17:08:02 UTC ( 11 months, 1 week ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Mikey.65528 20180611
AhnLab-V3 Trojan/Win32.Xema.C119304 20180611
ALYac Gen:Variant.Mikey.65528 20180611
Antiy-AVL Trojan/Win32.SGeneric 20180611
Arcabit Trojan.Mikey.DFFF8 20180611
Avast Win32:IDialer-A [Dialer] 20180611
AVG Win32:IDialer-A [Dialer] 20180611
Avira (no cloud) DIAL/Dialer.Gen 20180611
AVware Trojan.Win32.Generic!BT 20180611
Babable Malware.HighConfidence 20180406
BitDefender Gen:Variant.Mikey.65528 20180611
CAT-QuickHeal Trojan.IGENERIC 20180611
ClamAV Win.Trojan.Dialer-697 20180611
Comodo .UnclassifiedMalware 20180611
Cybereason malicious.c6ee81 20180225
Cylance Unsafe 20180611
DrWeb Dialer.Joggy.17 20180611
Emsisoft Gen:Variant.Mikey.65528 (B) 20180611
ESET-NOD32 a variant of Win32/Dialer.IDialer 20180611
F-Secure Gen:Variant.Mikey.65528 20180611
Fortinet W32/IdiDial.A 20180611
GData Gen:Variant.Mikey.65528 20180611
Ikarus not-a-virus:Porn-Dialer.Win32.IDialer 20180611
Jiangmin Trojan/PSW.Delf.oo 20180611
MAX malware (ai score=99) 20180611
McAfee Generic PUP 20180611
McAfee-GW-Edition BehavesLike.Win32.Upatre.kt 20180611
eScan Gen:Variant.Mikey.65528 20180611
NANO-Antivirus Trojan.Win32.IdiDialA.bdrpja 20180611
Panda Dialer.Gen 20180611
Qihoo-360 HEUR/Malware.QVM07.Gen 20180611
Sophos AV Mal/IdiDial-A 20180611
Symantec Dialer.Generic 20180611
Tencent Win32.Risk.Dialer.Svri 20180611
TrendMicro DIAL_RAS.JG 20180611
TrendMicro-HouseCall DIAL_RAS.JG 20180611
VBA32 PornDialer.IDialer 20180611
VIPRE Trojan.Win32.Generic!BT 20180611
Webroot W32.Trojan.Gen 20180611
Yandex Dialer.IDialer!KNjrRUOovCs 20180609
Zillya Dialer.IDialer.Win32.80 20180611
AegisLab 20180611
Alibaba 20180611
Avast-Mobile 20180611
Baidu 20180611
Bkav 20180611
CMC 20180611
CrowdStrike Falcon (ML) 20180530
Cyren 20180611
eGambit 20180611
Endgame 20180507
F-Prot 20180611
Sophos ML 20180601
K7AntiVirus 20180611
K7GW 20180611
Kaspersky 20180611
Kingsoft 20180611
Malwarebytes 20180611
Microsoft 20180611
Palo Alto Networks (Known Signatures) 20180611
Rising 20180611
SentinelOne (Static ML) 20180225
SUPERAntiSpyware 20180611
Symantec Mobile Insight 20180605
TACHYON 20180611
TheHacker 20180608
TotalDefense 20180611
Trustlook 20180611
ViRobot 20180611
ZoneAlarm by Check Point 20180611
Zoner 20180611
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
PEiD Armadillo v1.71
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2002-10-31 17:14:03
Entry Point 0x00002760
Number of sections 4
PE sections
PE imports
RegOpenKeyExA
RegQueryValueA
RegCloseKey
HeapFree
GetStdHandle
LCMapStringW
SetHandleCount
lstrcmpiA
GlobalFree
GetOEMCP
LCMapStringA
HeapDestroy
HeapAlloc
GetEnvironmentStringsW
GetVersionExA
LoadLibraryA
RtlUnwind
GetModuleFileNameA
WinExec
FreeEnvironmentStringsA
GetCurrentProcess
GetEnvironmentStrings
lstrcatA
WideCharToMultiByte
UnhandledExceptionFilter
MultiByteToWideChar
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
GetCPInfo
GetStringTypeA
GetModuleHandleA
ReadFile
WriteFile
GetStartupInfoA
CloseHandle
lstrcpynA
GetACP
HeapReAlloc
GetStringTypeW
TerminateProcess
GetEnvironmentVariableA
HeapCreate
lstrcpyA
GlobalAlloc
VirtualFree
Sleep
GetFileType
CreateFileA
ExitProcess
GetVersion
VirtualAlloc
RasSetEntryPropertiesA
RasEnumConnectionsA
RasValidateEntryNameA
RasEnumDevicesA
RasGetErrorStringA
RasGetConnectStatusA
RasDeleteEntryA
RasHangUpA
RasDialA
ExtractIconA
ShellExecuteA
Shell_NotifyIconA
GetMessageA
UpdateWindow
EndDialog
KillTimer
DestroyMenu
PostQuitMessage
DefWindowProcA
SetWindowTextA
AppendMenuA
DispatchMessageA
MessageBoxA
TranslateMessage
DialogBoxParamA
RegisterClassExA
GetCursorPos
CreatePopupMenu
DestroyIcon
ShowWindow
SendMessageA
CreateWindowExA
GetDlgItem
CreateDialogParamA
RegisterClassA
wsprintfA
SetTimer
LoadCursorA
LoadIconA
TrackPopupMenu
LoadImageA
GetWindowTextA
IsDialogMessageA
SetCursor
Number of PE resources by type
RT_DIALOG 3
RT_BITMAP 1
RT_ICON 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL SYS DEFAULT 4
ITALIAN 1
DUTCH 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2002:10:31 18:14:03+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
20480

LinkerVersion
6.0

FileTypeExtension
exe

InitializedDataSize
94208

SubsystemVersion
4.0

EntryPoint
0x2760

OSVersion
4.0

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 5676ac7c6ee8174f28d499db883db230
SHA1 0bf9fc444eb98cea7839361c30724a01200d3642
SHA256 413e359d19f3ea2416b065d6167d1b6d846a0d58fb3b13d21d5d15f335a7b559
ssdeep
768:QxM0sMw98Ea2wUB0vIPzy9FvoGpAYhiI:Q2tMs/SAPWjoG6Yh

authentihash aa70b3d54b987cdcdd84ee6a49d5e31315c2566ab18ed8c227fe513ad0ccd037
imphash 0b10fc79cfb07483310795b74a8a8249
File size 68.0 KB ( 69632 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe armadillo

VirusTotal metadata
First submission 2012-12-25 02:56:18 UTC ( 6 years, 4 months ago )
Last submission 2018-06-20 00:36:00 UTC ( 11 months ago )
File names 9221869
5676ac7c6ee8174f28d499db883db230
aa
e-cuoco.exe
dK5G.lnk
output.9221869.txt
e-cuoco.exe
413e359d19f3ea2416b065d6167d1b6d846a0d58fb3b13d21d5d15f335a7b559
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
UDP communications