× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 42033709c722815b5b4fdc222fc3d56be9be9b217084ab878a144ed5550d4e79
File name: ksdjgdfhmsc.exe
Detection ratio: 35 / 57
Analysis date: 2016-10-29 04:14:31 UTC ( 2 years, 5 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.3644643 20161029
AegisLab Heur.Advml.Gen!c 20161029
AhnLab-V3 Trojan/Win32.Injector.N2141431394 20161028
Antiy-AVL Trojan/Win32.Trickster 20161029
Arcabit Trojan.Generic.D379CE3 20161029
Avast Win32:Trojan-gen 20161029
AVG Generic_vb.NJR 20161029
Avira (no cloud) TR/Dropper.VB.lnwqz 20161028
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20161028
BitDefender Trojan.GenericKD.3644643 20161029
Bkav HW32.Packed.20BC 20161029
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20161024
DrWeb Trojan.DownLoader22.63827 20161029
Emsisoft Trojan.GenericKD.3644643 (B) 20161029
ESET-NOD32 Win32/Agent.RYE 20161029
F-Secure Trojan.GenericKD.3644643 20161029
Fortinet W32/Trickster.M!tr 20161029
GData Trojan.GenericKD.3644643 20161029
Ikarus Trojan-Banker.TrickBot 20161028
Sophos ML trojanspy.win32.plimrost.b 20161018
K7AntiVirus Trojan ( 004f5bd31 ) 20161028
K7GW Trojan ( 004f5bd31 ) 20161029
Kaspersky Trojan.Win32.Trickster.m 20161029
Malwarebytes Trojan.TrickBot 20161029
McAfee RDN/Generic.grp 20161029
McAfee-GW-Edition BehavesLike.Win32.Autorun.dc 20161029
Microsoft Trojan:Win32/Donvba.A 20161029
eScan Trojan.GenericKD.3644643 20161029
Panda Trj/Agent.SM 20161028
Qihoo-360 Worm.Win32.Allaple.J 20161029
Sophos AV Troj/VB-JGZ 20161029
Symantec Trojan Horse 20161029
TrendMicro TSPY_TRICKLOAD.P 20161029
TrendMicro-HouseCall TSPY_TRICKLOAD.P 20161029
ViRobot Trojan.Win32.U.Agent.288777[h] 20161029
Alibaba 20161028
ALYac 20161029
AVware 20161029
CAT-QuickHeal 20161028
ClamAV 20161029
CMC 20161028
Comodo 20161028
Cyren 20161029
F-Prot 20161029
Jiangmin 20161029
Kingsoft 20161029
NANO-Antivirus 20161028
nProtect 20161028
Rising 20161029
SUPERAntiSpyware 20161029
Tencent 20161029
TheHacker 20161028
TotalDefense 20161028
VBA32 20161028
VIPRE 20161029
Yandex 20161028
Zillya 20161028
Zoner 20161029
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-10-25 11:05:41
Entry Point 0x00001114
Number of sections 3
PE sections
Overlays
MD5 e93b9d935c1981fa9673b6a228d77274
File type data
Offset 86016
Size 202761
Entropy 7.97
PE imports
EVENT_SINK_QueryInterface
Ord(546)
Ord(537)
Ord(516)
Ord(685)
Ord(525)
Ord(663)
EVENT_SINK_AddRef
Ord(707)
Ord(717)
__vbaExceptHandler
Ord(632)
MethCallEngine
DllFunctionCall
Ord(552)
Ord(608)
Ord(520)
Ord(100)
ProcCallEngine
Ord(711)
EVENT_SINK_Release
Ord(595)
Ord(706)
Ord(581)
Ord(716)
Ord(631)
Ord(545)
Number of PE resources by type
RT_ICON 5
Struct(0) 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 6
NEUTRAL DEFAULT 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2016:10:25 12:05:41+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
65536

LinkerVersion
6.0

FileTypeExtension
exe

InitializedDataSize
32768

SubsystemVersion
4.0

EntryPoint
0x1114

OSVersion
4.0

ImageVersion
1.0

UninitializedDataSize
0

File identification
MD5 a2968a42c8714aebfea34e7e26e01d6a
SHA1 3438fd1c88e870dc136f7033ad75a21fd05e00ef
SHA256 42033709c722815b5b4fdc222fc3d56be9be9b217084ab878a144ed5550d4e79
ssdeep
6144:DGSCTTcQfDgsYDtlh9GYFD2CQisUERy8sVfEpv6Om:DWfcsKtlhBZ27LRyZVfEpfm

authentihash f085c146e64dba6d35a9954a426a2195b476cbd13a517e3b6ecf40e8a6397165
imphash 0b46af27dc3d22ac7bc6db13fea58f23
File size 282.0 KB ( 288777 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (88.6%)
Win32 Executable (generic) (4.8%)
OS/2 Executable (generic) (2.1%)
Generic Win/DOS Executable (2.1%)
DOS Executable Generic (2.1%)
Tags
peexe overlay via-tor

VirusTotal metadata
First submission 2016-10-27 22:39:32 UTC ( 2 years, 5 months ago )
Last submission 2017-02-16 12:00:28 UTC ( 2 years, 2 months ago )
File names tH9cVI.tar.bz2
VirusShare_a2968a42c8714aebfea34e7e26e01d6a
ksdjgdfhmsc.exe
523ca37cc47bb540de23c09329b85b94ac4a9a48
aa
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Hooking activity
Runtime DLLs
Additional details
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.
UDP communications