× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 47a772a3bfa5b07aeb78d41dd7187bed41271795df3d95813fb0ad336b360311
File name: 21bba0102a3a44fdd6609d03be5e9c11fa185116
Detection ratio: 37 / 53
Analysis date: 2014-07-11 11:10:33 UTC ( 4 years, 8 months ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Graftor.141447 20140711
Yandex Trojan.Caphaw!TBcakTZ+aUg 20140711
AhnLab-V3 Backdoor/Win32.Caphaw 20140710
AntiVir TR/Crypt.Xpack.57810 20140711
Antiy-AVL Trojan/Win32.SGeneric 20140711
Avast Win32:Crypt-QUS [Trj] 20140711
AVG Agent4.BTUT 20140711
Baidu-International Trojan.Win32.Caphaw.BU 20140711
BitDefender Gen:Variant.Graftor.141447 20140711
CAT-QuickHeal Backdoor.Caphaw.r5 20140711
Comodo UnclassifiedMalware 20140711
DrWeb BackDoor.Caphaw.77 20140711
Emsisoft Gen:Variant.Graftor.141447 (B) 20140711
ESET-NOD32 Win32/Caphaw.U 20140711
F-Secure Gen:Variant.Graftor.141447 20140711
Fortinet W32/Kryptik.CAHA!tr 20140711
GData Gen:Variant.Graftor.141447 20140711
Ikarus Trojan.Crypt3 20140711
K7AntiVirus Trojan ( 00497bb31 ) 20140710
K7GW Trojan ( 050000001 ) 20140711
Kaspersky HEUR:Trojan.Win32.Generic 20140711
Malwarebytes Trojan.Agent.ED 20140711
McAfee RDN/Generic.bfr!ha 20140711
McAfee-GW-Edition RDN/Generic.bfr!ha 20140711
Microsoft Backdoor:Win32/Caphaw.AI 20140711
eScan Gen:Variant.Graftor.141447 20140711
NANO-Antivirus Trojan.Win32.Caphaw.cxeupj 20140711
Norman Kryptik.CDQD 20140711
Panda Trj/Genetic.gen 20140711
Qihoo-360 HEUR/Malware.QVM20.Gen 20140711
Rising PE:Malware.XPACK-HIE/Heur!1.9C48 20140711
Symantec WS.Reputation.1 20140711
Tencent Win32.Trojan.Generic.Hoyh 20140711
TrendMicro TROJ_GEN.R0CBC0DDP14 20140711
TrendMicro-HouseCall TROJ_GEN.R0CBC0DDP14 20140711
VBA32 BScope.Backdoor.Caphaw 20140710
VIPRE Backdoor.Win32.Caphaw 20140711
AegisLab 20140711
Bkav 20140711
ByteHero 20140711
ClamAV 20140711
CMC 20140711
Commtouch 20140711
F-Prot 20140711
Jiangmin 20140711
Kingsoft 20140711
nProtect 20140711
SUPERAntiSpyware 20140711
TheHacker 20140708
TotalDefense 20140710
ViRobot 20140711
Zillya 20140710
Zoner 20140711
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-01-27 11:28:27
Entry Point 0x000047D0
Number of sections 5
PE sections
PE imports
GetTextMetricsA
GetCharWidthFloatA
GetLastError
HeapFree
GetStdHandle
LCMapStringW
GetSystemInfo
WaitForSingleObject
FreeLibrary
LCMapStringA
ExitProcess
GetStringTypeExA
VirtualProtect
FlushFileBuffers
GetModuleFileNameA
RtlUnwind
LoadLibraryA
GetACP
GetTapeParameters
HeapAlloc
HeapReAlloc
SetThreadPriority
GetCurrentProcessId
GetCPInfo
MultiByteToWideChar
GetCommandLineA
GetProcAddress
GetProcessHeap
SetStdHandle
SetFilePointer
CreateSemaphoreA
CreateThread
GetStringTypeA
GetModuleHandleA
InterlockedExchange
WriteFile
GetCurrentProcess
CloseHandle
GetSystemTimeAsFileTime
GetComputerNameA
ExitThread
SetComputerNameA
GetStringTypeW
GetOEMCP
TerminateProcess
QueryPerformanceCounter
WideCharToMultiByte
OpenSemaphoreA
VirtualQuery
VirtualFree
CreateEventA
Sleep
GetLocaleInfoA
GetTickCount
GetCurrentThreadId
VirtualAlloc
GetRoleTextW
GetRoleTextA
GetWindowLongA
BeginPaint
ShowCaret
DrawTextA
UnregisterHotKey
EndPaint
PostQuitMessage
HideCaret
GetClientRect
CloseClipboard
MessageBoxA
wsprintfA
SetWindowLongA
TranslateAcceleratorA
DefWindowProcA
FindWindowA
MessageBeep
SetRect
DrawTextExA
OpenClipboard
timeBeginPeriod
SCardListCardsA
SCardAccessStartedEvent
GetClassFile
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2014:01:27 12:28:27+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
294912

LinkerVersion
3.0

FileAccessDate
2014:07:11 12:12:55+01:00

EntryPoint
0x47d0

InitializedDataSize
364528

SubsystemVersion
4.0

ImageVersion
4.1

OSVersion
4.0

FileCreateDate
2014:07:11 12:12:55+01:00

UninitializedDataSize
0

File identification
MD5 2177ea3661fac7cb093743092b0d4b25
SHA1 21bba0102a3a44fdd6609d03be5e9c11fa185116
SHA256 47a772a3bfa5b07aeb78d41dd7187bed41271795df3d95813fb0ad336b360311
ssdeep
6144:vNQqy2XPTaCsr2bh1OpgRoiet9TOQ7hjnBr8IfPb2:vNQ2XbaJqb/SiqBOytr8aPb2

imphash 4c19bef61566ec3b001db3aace9c53ae
File size 328.0 KB ( 335872 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (40.5%)
UPX compressed Win32 Executable (39.7%)
Win32 Dynamic Link Library (generic) (8.5%)
Win32 Executable (generic) (5.8%)
Generic Win/DOS Executable (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2014-04-22 18:55:11 UTC ( 4 years, 11 months ago )
Last submission 2014-04-22 18:55:11 UTC ( 4 years, 11 months ago )
File names 21bba0102a3a44fdd6609d03be5e9c11fa185116
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
HTTP requests
DNS requests
TCP connections
UDP communications