× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 45186539e70565c96ec0192bc1ebdd34eb0db3b02dbb73b81e561dc99ce9f79f
File name: 2014-04-14-Magnitude-EK-malware-payload-02.exe
Detection ratio: 52 / 62
Analysis date: 2017-04-16 12:21:10 UTC ( 7 months ago )
Antivirus Result Update
Ad-Aware Trojan.VIZ.Gen.1 20170416
AegisLab Troj.W32.Gen.lKKk 20170414
AhnLab-V3 Trojan/Win32.Tepfer.R103803 20170416
ALYac Trojan.VIZ.Gen.1 20170416
Antiy-AVL Trojan/Win32.Badur 20170416
Arcabit Trojan.VIZ.Gen.1 20170416
Avast Win32:Agent-ATIE [Trj] 20170416
AVG Agent 20170416
Avira (no cloud) TR/Crypt.XPACK.Gen3 20170416
AVware Trojan.Win32.Kryptik.mwe (v) 20170410
Baidu Win32.Trojan.Kryptik.fe 20170414
BitDefender Trojan.VIZ.Gen.1 20170416
CAT-QuickHeal Backdoor.Kelihos 20170415
Comodo TrojWare.Win32.Kryptik.BZOO 20170416
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20170130
Cyren W32/Badur.AD.gen!Eldorado 20170416
DrWeb Trojan.DownLoad3.28912 20170416
Emsisoft Trojan.VIZ.Gen.1 (B) 20170416
Endgame malicious (high confidence) 20170413
ESET-NOD32 a variant of Win32/Kryptik.BZTB 20170416
F-Prot W32/Badur.AD.gen!Eldorado 20170416
F-Secure Trojan.VIZ.Gen.1 20170416
Fortinet W32/Kelihos.BDPK!tr 20170416
GData Trojan.VIZ.Gen.1 20170416
Ikarus Trojan.Crypt 20170416
Sophos ML generic.a 20170413
Jiangmin Trojan/Badur.cjq 20170416
K7AntiVirus Trojan ( 00498ad31 ) 20170416
K7GW Trojan ( 00498ad31 ) 20170416
Kaspersky HEUR:Trojan.Win32.Generic 20170416
McAfee Generic-FANP!FA1A4222772C 20170416
McAfee-GW-Edition BehavesLike.Win32.Downloader.lh 20170416
Microsoft Backdoor:Win32/Kelihos.F 20170416
eScan Trojan.VIZ.Gen.1 20170416
NANO-Antivirus Trojan.Win32.Crypted.dwcsxd 20170416
Palo Alto Networks (Known Signatures) generic.ml 20170416
Panda Trj/Genetic.gen 20170416
Qihoo-360 Win32/Trojan.d7c 20170416
Rising Trojan.Generic (cloud:5lnkfuTV7HD) 20170416
Sophos AV Mal/FakeAV-UF 20170416
SUPERAntiSpyware Trojan.Agent/Gen-Symmi 20170416
Symantec Downloader 20170415
Tencent Win32.Backdoor.Agent.Ecjy 20170416
TrendMicro TROJ_FRS.BMA000B515 20170416
TrendMicro-HouseCall TROJ_FRS.BMA000B515 20170416
VBA32 Trojan.FakeAV.01657 20170414
VIPRE Trojan.Win32.Kryptik.mwe (v) 20170416
ViRobot Trojan.Win32.S.Badur.18961.A[h] 20170416
Webroot W32.Trojan.Gen 20170416
Yandex Trojan.Badur! 20170414
Zillya Trojan.PackedGen.Win32.1 20170414
ZoneAlarm by Check Point HEUR:Trojan.Win32.Generic 20170416
Alibaba 20170415
Bkav 20170415
ClamAV 20170416
CMC 20170416
Kingsoft 20170416
Malwarebytes 20170416
nProtect 20170416
SentinelOne (Static ML) 20170330
Symantec Mobile Insight 20170414
TheHacker 20170412
TotalDefense 20170416
Trustlook 20170416
WhiteArmor 20170409
Zoner 20170416
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1991-06-10 12:37:39
Entry Point 0x000025B5
Number of sections 3
PE sections
Overlays
MD5 4f3fc553924d8ed1c857588f8edfc4e3
File type ASCII text
Offset 18944
Size 17
Entropy 0.32
PE imports
GetLastError
MoveFileA
GetCurrentDirectoryW
GetModuleHandleA
GetConsoleTitleW
CreateSemaphoreW
GetVolumeInformationW
CreateMutexW
GetFileType
VirtualProtect
lstrlenW
SQLGetInstalledDrivers
SQLInstallDriver
SQLGetAvailableDrivers
SQLInstallODBC
Number of PE resources by type
RT_MANIFEST 1
Struct(26) 1
Number of PE resources by language
NEUTRAL 1
ENGLISH US 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
1991:06:10 13:37:39+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
4096

LinkerVersion
8.0

FileTypeExtension
exe

InitializedDataSize
0

SubsystemVersion
4.0

EntryPoint
0x25b5

OSVersion
4.0

ImageVersion
0.0

UninitializedDataSize
0

Compressed bundles
PCAP parents
File identification
MD5 fa1a4222772ca5ea96a6b778a0bf8dec
SHA1 a6a83361e677b79fff7f18a03b9cfeb5df5b2e0d
SHA256 45186539e70565c96ec0192bc1ebdd34eb0db3b02dbb73b81e561dc99ce9f79f
ssdeep
384:6ufGoAKeVncO+6vvv4XyTYDatL2XSWn9Z:lp4TaatL2X7Z

authentihash 8bb121c590d3464859fa3b0d73642bdd62f43bc23cf09e0080dc27cbc90e39ae
imphash 484492310cc26cf172fd870180669781
File size 18.5 KB ( 18961 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
VXD Driver (0.2%)
Tags
peexe overlay

VirusTotal metadata
First submission 2014-04-14 02:45:56 UTC ( 3 years, 7 months ago )
Last submission 2017-04-16 12:21:10 UTC ( 7 months ago )
File names file-7121372_
FA1A4222772CA5EA96A6B778A0BF8DEC
2014-04-14-Magnitude-EK-malware-payload-02.exe
5gEwOtL.wsf
Magnitude-EK-malware-payload-02.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
HTTP requests
TCP connections
UDP communications