× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 458368decda97fec659b805d17962e2772642b765c93bed1a7e144ce0caff5fc
File name: a9820530c6dab025604412f5f30c2ce8fea4f43a
Detection ratio: 7 / 55
Analysis date: 2014-12-20 00:42:53 UTC ( 4 years, 3 months ago ) View latest
Antivirus Result Update
Avast Win32:Malware-gen 20141219
AVG Inject2.BITO 20141220
Avira (no cloud) TR/Crypt.Xpack.118351 20141220
Kaspersky Trojan-Spy.Win32.Zbot.uszm 20141220
Malwarebytes Trojan.Agent.ED 20141220
McAfee Generic-FAVX!EED4518D139C 20141220
Rising PE:Malware.Obscure!1.9C59 20141218
Ad-Aware 20141220
AegisLab 20141219
Yandex 20141219
AhnLab-V3 20141219
ALYac 20141219
Antiy-AVL 20141219
AVware 20141219
Baidu-International 20141219
BitDefender 20141219
Bkav 20141219
ByteHero 20141220
CAT-QuickHeal 20141219
ClamAV 20141220
CMC 20141218
Comodo 20141219
Cyren 20141220
DrWeb 20141220
Emsisoft 20141219
F-Prot 20141220
F-Secure 20141219
Fortinet 20141219
GData 20141219
Ikarus 20141219
Jiangmin 20141219
K7AntiVirus 20141219
K7GW 20141219
Kingsoft 20141220
McAfee-GW-Edition 20141220
Microsoft 20141219
eScan 20141220
NANO-Antivirus 20141219
Norman 20141219
nProtect 20141219
Panda 20141219
Qihoo-360 20141220
Sophos AV 20141220
SUPERAntiSpyware 20141219
Symantec 20141220
Tencent 20141220
TheHacker 20141219
TotalDefense 20141219
TrendMicro 20141220
TrendMicro-HouseCall 20141219
VBA32 20141219
VIPRE 20141220
ViRobot 20141220
Zillya 20141219
Zoner 20141219
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-12-18 17:16:09
Entry Point 0x000039CE
Number of sections 6
PE sections
PE imports
SetBkMode
GetPixel
SelectObject
GetSystemTime
LocalFree
GetDateFormatA
SetCommState
GetModuleFileNameW
GetCommState
VirtualFree
CreateFileA
GetStartupInfoW
SetEndOfFile
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCurrentThreadId
GetModuleFileNameA
GetModuleHandleW
GetLocalTime
Ord(3820)
Ord(2406)
Ord(6113)
Ord(4621)
Ord(4884)
Ord(6332)
Ord(354)
Ord(2980)
Ord(6371)
Ord(2438)
Ord(5237)
Ord(4073)
Ord(6048)
Ord(5996)
Ord(5278)
Ord(5257)
Ord(3733)
Ord(5736)
Ord(2244)
Ord(5236)
Ord(4523)
Ord(5727)
Ord(3744)
Ord(3711)
Ord(4616)
Ord(3167)
Ord(5298)
Ord(2873)
Ord(3917)
Ord(4717)
Ord(4852)
Ord(1569)
Ord(4539)
Ord(6370)
Ord(554)
Ord(815)
Ord(4525)
Ord(3257)
Ord(2717)
Ord(641)
Ord(4292)
Ord(3449)
Ord(2388)
Ord(5277)
Ord(5256)
Ord(2354)
Ord(338)
Ord(4343)
Ord(2502)
Ord(3076)
Ord(4414)
Ord(4233)
Ord(1739)
Ord(4430)
Ord(3142)
Ord(3060)
Ord(3193)
Ord(4714)
Ord(5285)
Ord(4617)
Ord(3569)
Ord(5233)
Ord(3476)
Ord(1165)
Ord(794)
Ord(2486)
Ord(617)
Ord(5006)
Ord(366)
Ord(4154)
Ord(4604)
Ord(5710)
Ord(4692)
Ord(5276)
Ord(4146)
Ord(567)
Ord(4401)
Ord(2874)
Ord(3341)
Ord(6050)
Ord(4606)
Ord(4335)
Ord(3345)
Ord(4886)
Ord(1767)
Ord(2371)
Ord(4527)
Ord(4480)
Ord(4229)
Ord(2294)
Ord(823)
Ord(2047)
Ord(4537)
Ord(4958)
Ord(813)
Ord(2504)
Ord(609)
Ord(4236)
Ord(4607)
Ord(5157)
Ord(4298)
Ord(6051)
Ord(5261)
Ord(3074)
Ord(4334)
Ord(2613)
Ord(3592)
Ord(364)
Ord(4609)
Ord(6107)
Ord(4459)
Ord(4458)
Ord(4381)
Ord(2619)
Ord(3688)
Ord(3397)
Ord(2977)
Ord(2116)
Ord(4418)
Ord(1718)
Ord(5784)
Ord(2641)
Ord(1834)
Ord(4268)
Ord(3053)
Ord(796)
Ord(4957)
Ord(674)
Ord(2382)
Ord(4831)
Ord(5070)
Ord(4954)
Ord(2618)
Ord(1089)
Ord(4158)
Ord(5573)
Ord(975)
Ord(6076)
Ord(2715)
Ord(4426)
Ord(3398)
Ord(784)
Ord(5848)
Ord(4269)
Ord(4992)
Ord(5297)
Ord(4608)
Ord(4883)
Ord(520)
Ord(4817)
Ord(3743)
Ord(986)
Ord(2377)
Ord(4893)
Ord(6211)
Ord(4419)
Ord(4074)
Ord(1719)
Ord(2640)
Ord(2109)
Ord(4421)
Ord(807)
Ord(4520)
Ord(3254)
Ord(2506)
Ord(4947)
Ord(4128)
Ord(4237)
Ord(4390)
Ord(4451)
Ord(5273)
Ord(472)
Ord(4582)
Ord(2971)
Ord(2534)
Ord(1817)
Ord(4347)
Ord(5248)
Ord(1658)
Ord(324)
Ord(560)
Ord(2391)
Ord(1937)
Ord(2527)
Ord(790)
Ord(1768)
Ord(4704)
Ord(4341)
Ord(3793)
Ord(4955)
Ord(3826)
Ord(5193)
Ord(4847)
Ord(5468)
Ord(1720)
Ord(4075)
Ord(2854)
Ord(652)
Ord(5094)
Ord(4420)
Ord(5097)
Ord(1131)
Ord(4364)
Ord(2546)
Ord(4435)
Ord(5303)
Ord(4518)
Ord(6171)
Ord(5208)
Ord(4583)
Ord(6617)
Ord(2567)
Ord(561)
Ord(527)
Ord(3054)
Ord(3658)
Ord(5296)
Ord(6372)
Ord(3131)
Ord(825)
Ord(1833)
Ord(5059)
Ord(2879)
Ord(3825)
Ord(4072)
Ord(4103)
Ord(529)
Ord(4370)
Ord(2083)
Ord(296)
Ord(5649)
Ord(5239)
Ord(5286)
Ord(4690)
Ord(3621)
__p__fmode
__wgetmainargs
_ftol
fread
fclose
__dllonexit
_except_handler3
?terminate@@YAXXZ
fseek
_onexit
ftell
exit
_XcptFilter
rewind
__setusermatherr
_controlfp
_wcmdln
_adjust_fdiv
__CxxFrameHandler
__p__commode
_wfopen
_initterm
cos
sin
_exit
__set_app_type
SystemParametersInfoA
GetSystemMetrics
SetTimer
GetDoubleClickTime
SendMessageW
ReleaseDC
IsDialogMessageW
EnableWindow
SetWindowPlacement
RegisterWindowMessageA
GetDesktopWindow
KillTimer
GetMessageW
DestroyWindow
UpdateWindow
GetDC
InvalidateRect
Number of PE resources by type
RT_STRING 5
RT_DIALOG 2
RT_ICON 1
Struct(241) 1
RT_MENU 1
RT_ACCELERATOR 1
RT_BITMAP 1
RT_GROUP_ICON 1
Number of PE resources by language
HUNGARIAN DEFAULT 5
CHINESE SIMPLIFIED 5
NEUTRAL 2
ENGLISH US 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2014:12:18 18:16:09+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
16384

LinkerVersion
6.0

FileAccessDate
2015:02:09 14:41:54+01:00

EntryPoint
0x39ce

InitializedDataSize
32768

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

FileCreateDate
2015:02:09 14:41:54+01:00

UninitializedDataSize
0

File identification
MD5 eed4518d139cd89ac436000f605db326
SHA1 a9820530c6dab025604412f5f30c2ce8fea4f43a
SHA256 458368decda97fec659b805d17962e2772642b765c93bed1a7e144ce0caff5fc
ssdeep
6144:zapwqUkoLXPYAJ2Pbxm9MQ5F8VpWeLQiLB/re:OYXAAcjxm9/D8XWeLD9/re

authentihash 9ecfee7ac1df6cd6e209526796a86823ea70c40904d42e7c16a948f1c9dd24e8
imphash 9904b2aedebdc1d42379491f97caf197
File size 254.1 KB ( 260192 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe

VirusTotal metadata
First submission 2014-12-20 00:42:53 UTC ( 4 years, 3 months ago )
Last submission 2015-01-15 10:03:45 UTC ( 4 years, 2 months ago )
File names a9820530c6dab025604412f5f30c2ce8fea4f43a
458368decda97fec659b805d17962e2772642b765c93bed1a7e144ce0caff5fc.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Code injections in the following processes
Opened mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
UDP communications