× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 4adfe64c662fa794d5fe6f7cb80847a33c05df735e7b5661b24397a6e653c16b
File name: rakatest2.exe
Detection ratio: 25 / 52
Analysis date: 2014-05-25 14:56:22 UTC ( 5 years ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Zusy.79963 20140525
AhnLab-V3 Trojan/Win32.Agent 20140525
AntiVir BDS/Backdoor.Gen5 20140525
Avast Win32:Malware-gen 20140525
AVG Dropper.Generic9.RUT 20140525
BitDefender Gen:Variant.Zusy.79963 20140525
DrWeb Trojan.Siggen6.5763 20140525
Emsisoft Gen:Variant.Zusy.79963 (B) 20140525
ESET-NOD32 a variant of Win32/Injector.AWFH 20140525
F-Secure Gen:Variant.Zusy.79963 20140525
Fortinet W32/Injector.fam!tr 20140525
GData Gen:Variant.Zusy.79963 20140525
Ikarus Virus.Win32.DelfInject 20140525
Microsoft VirTool:Win32/DelfInject.gen!BI 20140525
eScan Gen:Variant.Zusy.79963 20140525
NANO-Antivirus Trojan.Win32.PEF.csrqea 20140525
Norman Inject.!gen 20140525
Panda Trj/Genetic.gen 20140525
Qihoo-360 Malware.QVM01.Gen 20140525
SUPERAntiSpyware Trojan.Agent/Gen-Autorun[Swisyn] 20140524
Symantec Suspicious.Cloud.5 20140525
TheHacker Posible_Worm32 20140525
TrendMicro PAK_Generic.005 20140525
TrendMicro-HouseCall PAK_Generic.005 20140525
VBA32 Backdoor.DarkKomet 20140523
AegisLab 20140525
Yandex 20140525
Antiy-AVL 20140525
Baidu-International 20140525
Bkav 20140523
ByteHero 20140525
CAT-QuickHeal 20140525
ClamAV 20140525
CMC 20140525
Commtouch 20140525
Comodo 20140524
F-Prot 20140525
Jiangmin 20140525
K7AntiVirus 20140523
K7GW 20140523
Kaspersky 20140525
Kingsoft 20140525
Malwarebytes 20140525
McAfee 20140525
McAfee-GW-Edition 20140525
nProtect 20140525
Rising 20140524
Sophos AV 20140525
Tencent 20140515
TotalDefense 20140525
VIPRE 20140525
ViRobot 20140525
Zillya 20140524
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
F-PROT UPX
PEiD UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-01-15 09:06:55
Entry Point 0x00021990
Number of sections 3
PE sections
PE imports
VirtualFree
ExitProcess
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
RegCloseKey
NtUnmapViewOfSection
SysFreeString
MessageBoxA
Number of PE resources by type
RT_RCDATA 2
BFILES 2
Number of PE resources by language
NEUTRAL 2
NEUTRAL SYS DEFAULT 2
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2014:01:15 10:06:55+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
69632

LinkerVersion
2.25

FileAccessDate
2014:05:25 15:54:31+01:00

EntryPoint
0x21990

InitializedDataSize
4096

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

FileCreateDate
2014:05:25 15:54:31+01:00

UninitializedDataSize
65536

File identification
MD5 a3cd5f2d22e45f28baaef955a92beaac
SHA1 0e764e6a2fe7071f596304a9a9dccbf11b59b44d
SHA256 4adfe64c662fa794d5fe6f7cb80847a33c05df735e7b5661b24397a6e653c16b
ssdeep
768:hb+9nA2qc+KLInE5p71TM4VTRZIUiriSLLRFerhYEzJJDWRhmBU47Qg8CNncqtz:hbA3+KLk6pf9yNLCmEje5yQ2hIOq

imphash a1c8b71d7011fb9af74f566ccb0fa95c
File size 69.0 KB ( 70656 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID UPX compressed Win32 Executable (41.1%)
Win32 EXE Yoda's Crypter (35.7%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Win16/32 Executable Delphi generic (2.7%)
Tags
peexe upx via-tor

VirusTotal metadata
First submission 2014-05-25 14:56:22 UTC ( 5 years ago )
Last submission 2014-05-25 14:56:22 UTC ( 5 years ago )
File names rakatest2.exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Shell commands
Opened mutexes
Searched windows
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.