× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 45307e675e133d91dda6e3e34fb472f9a68b6bd179db5b9525b1513e02ce1faa
File name: N80v7XyUtM.exe
Detection ratio: 41 / 54
Analysis date: 2014-11-06 15:18:34 UTC ( 9 months, 3 weeks ago )
Antivirus Result Update
AVG Crypt2.CIYE 20141106
AVware Trojan.Win32.Caphaw.ljb (v) 20141106
Ad-Aware Gen:Variant.Symmi.39217 20141106
AegisLab Troj.W32.Gen 20141106
Agnitum Trojan.Kryptik!LH3BaT35kgY 20141106
AhnLab-V3 Backdoor/Win32.Caphaw 20141106
Antiy-AVL Trojan/Win32.Fsysna 20141106
Avast Win32:Malware-gen 20141106
Avira TR/Crypt.ZPACK.Gen8 20141106
Baidu-International Adware.Win32.iBryte.BTHB 20141103
BitDefender Gen:Variant.Symmi.39217 20141106
CAT-QuickHeal Backdoor.Caphaw.A5 20141106
CMC Packed.Win32.Fareit.3!O 20141106
Comodo UnclassifiedMalware 20141106
DrWeb BackDoor.Caphaw.2 20141106
ESET-NOD32 a variant of Win32/Kryptik.BTHB 20141106
Emsisoft Gen:Variant.Symmi.39217 (B) 20141106
F-Secure Gen:Variant.Symmi.39217 20141106
Fortinet W32/Kryptik.BRHK!tr 20141106
GData Gen:Variant.Symmi.39217 20141106
Ikarus Trojan.Agent4 20141106
K7AntiVirus Trojan ( 00493c881 ) 20141106
K7GW Trojan ( 00493c881 ) 20141106
Kaspersky HEUR:Trojan.Win32.Generic 20141106
Kingsoft Win32.Troj.Generic.a.(kcloud) 20141106
Malwarebytes Trojan.Agent 20141106
McAfee Generic.rk 20141106
McAfee-GW-Edition Generic.rk 20141106
MicroWorld-eScan Gen:Variant.Symmi.39217 20141105
Microsoft Backdoor:Win32/Caphaw.A 20141106
NANO-Antivirus Trojan.Win32.ZPACK.csvkaa 20141106
Norman Troj_Generic.SHBBW 20141106
Qihoo-360 HEUR/Malware.QVM08.Gen 20141106
Rising PE:Malware.Obscure!1.9C59 20141106
Sophos Mal/Agent-ANR 20141106
Symantec Trojan.Zbot 20141106
Tencent Win32.Trojan.Generic.Liqv 20141106
TrendMicro BKDR_CAPHAW.SM4 20141106
TrendMicro-HouseCall BKDR_CAPHAW.SM4 20141106
VBA32 BScope.Backdoor.Caphaw 20141106
VIPRE Trojan.Win32.Caphaw.ljb (v) 20141106
Bkav 20141106
ByteHero 20141106
ClamAV 20141106
Cyren 20141106
F-Prot 20141106
Jiangmin 20141106
SUPERAntiSpyware 20141106
TheHacker 20141104
TotalDefense 20141106
ViRobot 20141106
Zillya 20141105
Zoner 20141104
nProtect 20141106
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-01-20 17:34:40
Link date 6:34 PM 1/20/2014
Entry Point 0x0002B6AA
Number of sections 5
PE sections
PE imports
GetLastError
HeapFree
GetStdHandle
LCMapStringW
SetHandleCount
TerminateThread
LoadLibraryW
VirtualProtect
GetOEMCP
QueryPerformanceCounter
HeapDestroy
GetTickCount
GetVersionExA
GetEnvironmentStringsW
FlushFileBuffers
GetModuleFileNameA
RtlUnwind
LoadLibraryA
FreeEnvironmentStringsA
HeapAlloc
GetStartupInfoA
GetEnvironmentStrings
SetThreadPriority
GetCurrentProcessId
GetCPInfo
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
HeapSize
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
GetSystemInfo
SetStdHandle
GetModuleHandleA
WideCharToMultiByte
GetStringTypeA
SetFilePointer
ReadFile
InterlockedExchange
WriteFile
GetCurrentProcess
CloseHandle
GetSystemTimeAsFileTime
GetACP
HeapReAlloc
GetStringTypeW
TerminateProcess
ResumeThread
LCMapStringA
HeapCreate
VirtualQuery
VirtualFree
GetFileType
GetLocaleInfoA
ExitProcess
GetCurrentThreadId
VirtualAlloc
InterlockedIncrement
ReleaseDC
LoadCursorA
LoadStringA
EnableWindow
EnumWindows
ShowWindow
LoadBitmapA
GetDC
closesocket
SCardSetCardTypeProviderNameW
SCardForgetCardTypeW
Number of PE resources by type
RT_CURSOR 56
RT_GROUP_CURSOR 7
RT_VERSION 1
Number of PE resources by language
RUSSIAN 64
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
7.1

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
3.0.2.2

UninitializedDataSize
0

LanguageCode
Russian

FileFlagsMask
0x0017

CharacterSet
Unknown (34B1)

InitializedDataSize
335872

FileOS
Unknown (0)

MIMEType
application/octet-stream

LegalCopyright
Cop 12

FileVersion
132, 75, 14,6001

TimeStamp
2014:01:20 18:34:40+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
DEKLARE

FileAccessDate
2014:11:06 22:40:30+01:00

ProductVersion
52, 10, 10, 9

FileDescription
KEX WMAsys

OSVersion
4.0

FileCreateDate
2014:11:06 22:40:30+01:00

OriginalFilename
sipPRO.exe

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
196608

ProductName
iJAX Application

ProductVersionNumber
3.0.2.2

EntryPoint
0x2b6aa

ObjectFileType
Unknown

PCAP parents
File identification
MD5 319d8d0e194d4d565108cced5dac3ad8
SHA1 6978fcdcf3eb8e71b7a424aeb2d4fb4868a52225
SHA256 45307e675e133d91dda6e3e34fb472f9a68b6bd179db5b9525b1513e02ce1faa
ssdeep
6144:3VHSyD1bBNy9mGl6Ev7Ve2P45UU9JNUoF75BzTTzzT:3tR/y9mr87VehJreoF75

authentihash 0e31e8bcc259089b84884fa9f1c7ffdda96964bcb0e23043d87dc9308073739b
imphash 7f7574ae7381d9335b1e36563770ce3f
File size 512.0 KB ( 524288 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2014-01-21 13:22:18 UTC ( 1 year, 7 months ago )
Last submission 2014-01-27 21:51:39 UTC ( 1 year, 7 months ago )
File names Bad.exe
juxjywenucjixwwmpvc.exe
vti-rescan
hdhd
N80v7XyUtM.exe
xnfynulehlribqhqfeq.exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: http://www.clamav.net/doc/pua.html .

Symantec reputation Suspicious.Insight
Behaviour characterization
Zemana
dll-injection

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Runtime DLLs
HTTP requests
DNS requests
TCP connections
UDP communications