× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 470b18a305ca1975fd5dcf6ea10cb9fcb32f0444c59c40f9c19d8d25b616f920
File name: c718edef52e643037ab3a8a5aa83f04cf1b818f3
Detection ratio: 5 / 56
Analysis date: 2015-06-25 01:02:46 UTC ( 3 years, 9 months ago ) View latest
Antivirus Result Update
Avast Win32:Trojan-gen 20150625
ESET-NOD32 Win32/Spy.Zbot.ACB 20150624
Fortinet W32/Zbot.ACB!tr.spy 20150625
Panda Trj/Chgt.O 20150624
Rising PE:Malware.XPACK-HIE/Heur!1.9C48 20150623
Ad-Aware 20150625
AegisLab 20150624
Yandex 20150624
AhnLab-V3 20150624
Alibaba 20150624
ALYac 20150625
Antiy-AVL 20150625
Arcabit 20150625
AVG 20150624
Avira (no cloud) 20150625
AVware 20150625
Baidu-International 20150624
BitDefender 20150625
Bkav 20150625
ByteHero 20150625
CAT-QuickHeal 20150624
ClamAV 20150624
Comodo 20150625
Cyren 20150625
DrWeb 20150625
Emsisoft 20150625
F-Prot 20150624
F-Secure 20150624
GData 20150625
Ikarus 20150625
Jiangmin 20150624
K7AntiVirus 20150624
K7GW 20150624
Kaspersky 20150624
Kingsoft 20150625
Malwarebytes 20150625
McAfee 20150625
McAfee-GW-Edition 20150625
Microsoft 20150625
eScan 20150625
NANO-Antivirus 20150625
nProtect 20150624
Qihoo-360 20150625
Sophos AV 20150625
SUPERAntiSpyware 20150625
Symantec 20150625
Tencent 20150625
TheHacker 20150624
TotalDefense 20150624
TrendMicro 20150625
TrendMicro-HouseCall 20150625
VBA32 20150624
VIPRE 20150625
ViRobot 20150625
Zillya 20150624
Zoner 20150625
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © 2002-2013 Gimmal

Product SuddenGirl
Original name brokean.exe
Internal name SuddenGirl
File version 13.5.1154.5841
Description SuddenGirl
Comments SuddenGirl
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-06-24 10:37:50
Entry Point 0x0000232C
Number of sections 4
PE sections
PE imports
GetSystemTime
GetLastError
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
SetHandleCount
LoadLibraryA
SetTapeParameters
GetOEMCP
QueryPerformanceCounter
IsDebuggerPresent
HeapAlloc
TlsAlloc
GetEnvironmentStringsW
GetVersionExA
GetModuleFileNameA
RtlUnwind
GetACP
GetLocalTime
FreeEnvironmentStringsA
DeleteCriticalSection
GetStartupInfoA
GetDateFormatA
LoadLibraryExA
GetEnvironmentStrings
GetLocaleInfoA
GetCurrentProcessId
OpenProcess
LCMapStringA
GetWindowsDirectoryA
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
HeapSize
FreeEnvironmentStringsW
GetCPInfo
GetCommandLineA
GetProcAddress
SetEnvironmentVariableA
GetStringTypeA
GetProcessHeap
LeaveCriticalSection
GetFileTime
CompareStringW
CompareStringA
WideCharToMultiByte
TlsFree
GetModuleHandleA
SetUnhandledExceptionFilter
WriteFile
GetCurrentProcess
GetTimeFormatA
GetSystemTimeAsFileTime
GetSystemDirectoryA
HeapReAlloc
GetStringTypeW
HeapDestroy
TerminateProcess
GetTimeZoneInformation
InitializeCriticalSection
LoadResource
VirtualFree
InterlockedDecrement
Sleep
GetFileType
GetTickCount
TlsSetValue
CreateFileA
ExitProcess
GetCurrentThreadId
FindResourceA
VirtualAlloc
HeapCreate
SetLastError
InterlockedIncrement
Number of PE resources by type
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 2
PE resources
ExifTool file metadata
SubsystemVersion
4.0

Comments
SuddenGirl

LinkerVersion
8.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
13.5.1154.5841

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

FileDescription
SuddenGirl

CharacterSet
Unicode

InitializedDataSize
143360

EntryPoint
0x232c

OriginalFileName
brokean.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright 2002-2013 Gimmal

FileVersion
13.5.1154.5841

TimeStamp
2015:06:24 11:37:50+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
SuddenGirl

ProductVersion
13.5.1154.5841

UninitializedDataSize
0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Gimmal

CodeSize
155648

ProductName
SuddenGirl

ProductVersionNumber
13.5.1154.5841

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 3fb1bd1ac982d23454ad5e55d4156fed
SHA1 c718edef52e643037ab3a8a5aa83f04cf1b818f3
SHA256 470b18a305ca1975fd5dcf6ea10cb9fcb32f0444c59c40f9c19d8d25b616f920
ssdeep
6144:uJCoLevzOfHCw6sEdZHdQH/yp1p4sycJj3c:ILSyDQdZ9yw4ac

authentihash 1b21fdbbe9774f6c187b4e7926e2a9d2b6473a3ff38826a8a4a1e644c5c8fb05
imphash d2712978a533145ef8076a468e8d77e9
File size 268.0 KB ( 274432 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2015-06-25 01:02:46 UTC ( 3 years, 9 months ago )
Last submission 2015-06-25 01:02:46 UTC ( 3 years, 9 months ago )
File names SuddenGirl
brokean.exe
Advanced heuristic and reputation engines
TrendMicro-HouseCall
TrendMicro's heuristic engine has flagged this file as: TROJ_GEN.R01TC0CG115.

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.