× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 4a9b7ea661c119714853b00bdad3b5a4b203ece1c0d1514a7eb9f8d6c02e7e76
File name: dssss.exe
Detection ratio: 45 / 66
Analysis date: 2018-04-11 11:23:52 UTC ( 1 year ago ) View latest
Antivirus Result Update
Ad-Aware Generic.Malware.SM!Yd.BCD8D3AB 20180411
AegisLab Troj.W32.Zonidel!c 20180411
AhnLab-V3 Malware/Win32.Generic.C2441591 20180411
ALYac Generic.Malware.SM!Yd.BCD8D3AB 20180411
Arcabit Generic.Malware.SM!Yd.BCD8D3AB 20180411
Avast Win32:Crypt-PQQ [Trj] 20180411
AVG Win32:Crypt-PQQ [Trj] 20180411
Avira (no cloud) WORM/Phorpiex.mblxe 20180411
AVware Backdoor.IRCBot 20180411
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9991 20180411
BitDefender Generic.Malware.SM!Yd.BCD8D3AB 20180411
Bkav W32.RsGrabATTc.Worm 20180410
Comodo .UnclassifiedMalware 20180411
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20170201
Cylance Unsafe 20180411
Cyren W32/IRCBot-based!Maximus 20180411
DrWeb DLOADER.IRC.Trojan 20180411
Emsisoft Generic.Malware.SM!Yd.BCD8D3AB (B) 20180411
Endgame malicious (high confidence) 20180403
ESET-NOD32 a variant of Win32/Phorpiex.G 20180411
F-Prot W32/IRCBot-based!Maximus 20180411
F-Secure Generic.Malware.SM!Yd.BCD8D3AB 20180411
Fortinet W32/Phorpiex.G!tr 20180411
GData Generic.Malware.SM!Yd.BCD8D3AB 20180411
Sophos ML heuristic 20180121
Jiangmin Trojan.Zonidel.sl 20180411
K7GW Trojan ( 005292521 ) 20180411
Kaspersky Trojan.Win32.Zonidel.czp 20180410
MAX malware (ai score=99) 20180411
McAfee Trojan-FPLH!C2ED522C625F 20180411
McAfee-GW-Edition BehavesLike.Win32.Backdoor.ph 20180410
Microsoft Backdoor:Win32/Kirts.A 20180411
eScan Generic.Malware.SM!Yd.BCD8D3AB 20180411
Palo Alto Networks (Known Signatures) generic.ml 20180411
Panda Generic Malware 20180410
Qihoo-360 Win32/Trojan.e03 20180411
Sophos AV Mal/Generic-S 20180411
Symantec Trojan.Gen.2 20180411
Tencent Win32.Worm.Phorpiex.Szll 20180411
TrendMicro TROJ_GEN.R020C0PD918 20180411
TrendMicro-HouseCall TROJ_GEN.R020C0PD918 20180411
VIPRE Backdoor.IRCBot 20180411
ViRobot Trojan.Win32.Z.Phorpiex.45568.E 20180411
Webroot W32.Malware.Gen 20180411
ZoneAlarm by Check Point Trojan.Win32.Zonidel.czp 20180411
Alibaba 20180411
Antiy-AVL 20180411
Avast-Mobile 20180411
CAT-QuickHeal 20180410
ClamAV 20180411
CMC 20180410
Cybereason None
eGambit 20180411
K7AntiVirus 20180411
Kingsoft 20180411
Malwarebytes 20180411
NANO-Antivirus 20180411
nProtect 20180411
Rising 20180411
SentinelOne (Static ML) 20180225
SUPERAntiSpyware 20180411
Symantec Mobile Insight 20180406
TheHacker 20180410
TotalDefense 20180411
Trustlook 20180411
VBA32 20180410
WhiteArmor 20180408
Yandex 20180411
Zillya 20180410
Zoner 20180411
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-04-09 14:34:11
Entry Point 0x00008548
Number of sections 5
PE sections
PE imports
RegDeleteValueW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegSetValueExW
DnsFree
DnsQuery_A
GetSystemTime
GetLastError
CopyFileW
TerminateThread
lstrlenA
GetModuleFileNameW
WaitForSingleObject
ExitProcess
GetLocalTime
GetStartupInfoA
FileTimeToLocalFileTime
GetLocaleInfoA
GetFileSize
CreateDirectoryW
DeleteFileW
FileTimeToSystemTime
CreateMutexA
SetFilePointer
CreateThread
ExpandEnvironmentStringsW
ReadFile
lstrcpyA
CloseHandle
ExitThread
GetTimeZoneInformation
WriteFile
CreateFileW
CreateProcessW
Sleep
SetFileAttributesW
GetTickCount
GetModuleHandleA
strncmp
__p__fmode
malloc
rand
_wfopen
fclose
strcat
_snwprintf
fprintf
strchr
fgets
strlen
strncpy
_except_handler3
memset
strtok
feof
wcslen
wcscmp
exit
_XcptFilter
_snprintf
__setusermatherr
_controlfp
sprintf
_adjust_fdiv
_acmdln
srand
__p__commode
atoi
__getmainargs
_initterm
strstr
fscanf
memmove
strcpy
_exit
strcmp
__set_app_type
PathFindFileNameA
PathFileExistsW
wsprintfA
CharUpperA
InternetOpenUrlA
InternetReadFile
InternetCloseHandle
InternetOpenA
InternetOpenUrlW
InternetOpenW
htons
socket
recv
inet_addr
send
WSACleanup
WSAStartup
gethostbyname
connect
getnameinfo
inet_pton
closesocket
select
URLDownloadToFileW
Number of PE resources by type
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2018:04:09 16:34:11+02:00

FileType
Win32 EXE

PEType
PE32

CodeSize
30720

LinkerVersion
9.0

ImageFileCharacteristics
Executable, 32-bit

EntryPoint
0x8548

InitializedDataSize
13824

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
0

File identification
MD5 c2ed522c625f99a5b5f81ac1ab2c0853
SHA1 426fa5f73a96369fff5a024385e15bd6da0e6efa
SHA256 4a9b7ea661c119714853b00bdad3b5a4b203ece1c0d1514a7eb9f8d6c02e7e76
ssdeep
768:Ct+/E7Cos+MQIDlYoIvfHtwnoxhip6nnugjhhv:C4hC4lYTeQCgNB

authentihash ffc65a5d00d26031e9766b766a503fe5de4d10f72479f4fd5315c2468b05c53c
imphash 6aea99b443fa2f09005b613f57953b58
File size 44.5 KB ( 45568 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (45.0%)
Microsoft Visual C++ compiled executable (generic) (26.9%)
Win32 Dynamic Link Library (generic) (10.7%)
Win32 Executable (generic) (7.3%)
OS/2 Executable (generic) (3.3%)
Tags
peexe

VirusTotal metadata
First submission 2018-04-10 06:53:43 UTC ( 1 year ago )
Last submission 2018-07-03 05:35:11 UTC ( 9 months, 3 weeks ago )
File names flareFile
dssss.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!