× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 4b0b5e2e0c218e8c77631e0635d2abd6cc646cab00af06e2e09590eda29c1e86
File name: suka.exe
Detection ratio: 2 / 55
Analysis date: 2015-12-08 11:33:54 UTC ( 3 years, 3 months ago ) View latest
Antivirus Result Update
Kaspersky UDS:DangerousObject.Multi.Generic 20151208
Qihoo-360 HEUR/QVM07.1.Malware.Gen 20151208
Ad-Aware 20151208
AegisLab 20151208
Yandex 20151207
AhnLab-V3 20151208
Alibaba 20151208
ALYac 20151208
Antiy-AVL 20151208
Arcabit 20151208
Avast 20151208
AVG 20151208
Avira (no cloud) 20151208
AVware 20151208
Baidu-International 20151208
BitDefender 20151208
Bkav 20151207
ByteHero 20151208
CAT-QuickHeal 20151208
ClamAV 20151208
CMC 20151201
Comodo 20151202
Cyren 20151208
DrWeb 20151208
Emsisoft 20151208
ESET-NOD32 20151208
F-Prot 20151208
F-Secure 20151208
Fortinet 20151208
GData 20151208
Ikarus 20151208
Jiangmin 20151207
K7AntiVirus 20151208
K7GW 20151208
Malwarebytes 20151207
McAfee 20151208
McAfee-GW-Edition 20151208
Microsoft 20151208
eScan 20151208
NANO-Antivirus 20151208
nProtect 20151208
Panda 20151208
Rising 20151207
Sophos AV 20151208
SUPERAntiSpyware 20151208
Symantec 20151207
Tencent 20151208
TheHacker 20151205
TrendMicro 20151208
TrendMicro-HouseCall 20151208
VBA32 20151207
VIPRE 20151208
ViRobot 20151208
Zillya 20151208
Zoner 20151208
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2007-04-07 21:55:44
Entry Point 0x0003DA20
Number of sections 4
PE sections
PE imports
GetTrusteeTypeA
DuplicateToken
IsTokenRestricted
ImageList_Read
InitializeFlatSB
ImageList_Replace
ImageList_SetImageCount
ImageList_GetDragImage
Ord(17)
Ord(16)
ImageList_SetIconSize
ImageList_DragEnter
Ord(13)
GetDIBColorTable
CreateFontIndirectA
AnimatePalette
GetViewportOrgEx
GetEnhMetaFilePixelFormat
GetColorAdjustment
GetTextExtentExPointA
DeleteDC
CreateDIBSection
GetICMProfileW
ExtTextOutW
SetAbortProc
CreateFontA
GdiFlush
StrokeAndFillPath
GetRasterizerCaps
ArcTo
CreateColorSpaceA
StartDocA
SetBitmapDimensionEx
ExtCreatePen
GetViewportExtEx
GetTextCharacterExtra
GetStartupInfoA
GetModuleHandleA
DosDateTimeToFileTime
__p__fmode
signal
_acmdln
_adjust_fdiv
__setusermatherr
_getw
sin
_controlfp
__getmainargs
_initterm
__p__commode
__set_app_type
VarDecFromUI4
VarNumFromParseNum
VarDecFromStr
VarCyFromI2
VarCyFromI1
SafeArrayGetElemsize
SafeArrayAccessData
LPSAFEARRAY_UserMarshal
VarBoolFromDate
VARIANT_UserFree
VarCySub
CreateTypeLib2
VarDecRound
DispGetParam
VarBstrFromBool
VarUI1FromI2
VarUI1FromI4
VarBstrFromDisp
VarDecFromR4
SysReAllocString
VarDecFromI2
VarDecFromI1
VarDecFromI4
VarUI2FromUI4
VariantCopy
SafeArraySetIID
VarI1FromDec
SafeArrayCreateVector
BSTR_UserMarshal
VarCyCmpR8
GetRecordInfoFromGuids
VarDecSub
VarR4FromCy
SysFreeString
SysAllocStringByteLen
OleLoadPicturePath
VarR4CmpR8
SafeArrayGetVartype
DispGetIDsOfNames
VarR4FromDate
VarDecAbs
LPSAFEARRAY_UserSize
VarI4FromDisp
VariantTimeToDosDateTime
OleLoadPictureFileEx
VarR8Pow
VarCyFromR8
VarBoolFromI4
SafeArrayGetIID
SafeArrayDestroyDescriptor
UnRegisterTypeLib
DosDateTimeToVariantTime
VariantChangeType
VarNeg
VarBoolFromDec
VarCyAdd
VarAnd
RegisterTypeLib
SysReAllocStringLen
VarBstrFromR4
VarI2FromUI4
VarCyInt
VarDateFromDisp
VarR8FromR4
VarDecNeg
VarUI4FromUI2
VARIANT_UserUnmarshal
VarUI4FromUI1
VarBstrFromDate
VarBstrFromUI1
VarBstrFromUI2
VarBstrFromUI4
VarDecFromCy
SafeArrayUnlock
VarDateFromI4
VarIdiv
VarUI1FromUI2
VariantInit
VarBoolFromUI1
VarMonthName
VarUI2FromI1
VarBoolFromUI4
VarR4FromUI4
DispCallFunc
BstrFromVector
SafeArrayRedim
VarI4FromUI4
VarR8FromCy
VariantClear
GetAltMonthNames
VarI1FromStr
CreateStdDispatch
VarDateFromUI2
timeKillEvent
midiInGetErrorTextA
mmioWrite
mciSendStringW
waveOutGetDevCapsA
waveOutSetPitch
midiInGetErrorTextW
waveOutGetDevCapsW
mciSendStringA
waveInGetErrorTextA
joyGetDevCapsA
waveInGetDevCapsW
midiOutGetDevCapsW
waveInAddBuffer
mixerMessage
mmioOpenA
mmioSetBuffer
waveInGetNumDevs
mmioInstallIOProcW
mixerGetControlDetailsW
midiInGetNumDevs
waveOutPrepareHeader
waveInGetPosition
mixerGetControlDetailsA
mmioInstallIOProcA
mciSendCommandA
midiOutLongMsg
waveOutReset
midiInOpen
mciGetDeviceIDFromElementIDA
waveOutSetPlaybackRate
midiOutShortMsg
mixerGetNumDevs
midiOutMessage
midiInGetID
auxGetNumDevs
waveOutGetID
mmioRenameA
midiInMessage
waveOutClose
waveOutBreakLoop
midiOutOpen
mmioRenameW
midiStreamClose
mixerGetID
midiInAddBuffer
CloseDriver
midiOutGetNumDevs
waveInStart
mciGetDeviceIDFromElementIDW
sndPlaySoundA
GetDriverModuleHandle
waveInStop
midiStreamStop
midiOutSetVolume
mmioSendMessage
mmioFlush
mmioSeek
midiOutGetVolume
waveOutGetNumDevs
auxSetVolume
mixerGetLineInfoW
midiStreamOut
PlaySoundW
midiInGetDevCapsW
mciSetYieldProc
mmioCreateChunk
midiInGetDevCapsA
midiOutCacheDrumPatches
joySetThreshold
waveOutRestart
midiOutPrepareHeader
mixerClose
midiStreamPause
waveOutWrite
DefDriverProc
mixerGetLineControlsW
midiOutGetErrorTextW
midiStreamPosition
mixerGetLineControlsA
auxGetDevCapsW
midiOutGetErrorTextA
waveInPrepareHeader
mciGetCreatorTask
mmioClose
joyGetPosEx
waveInGetID
timeGetTime
waveInClose
timeGetDevCaps
mciGetDeviceIDW
midiStreamRestart
mixerSetControlDetails
PlaySoundA
midiStreamOpen
waveOutGetVolume
waveInReset
Number of PE resources by type
RT_MENU 8
RT_ICON 5
RT_GROUP_ICON 5
RT_ACCELERATOR 2
RT_VERSION 1
RT_BITMAP 1
pR8Da0Oq 1
Number of PE resources by language
ENGLISH UK 14
CHINESE SINGAPORE 9
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
7.0

ImageVersion
0.0

FileVersionNumber
0.164.12.93

UninitializedDataSize
0

LanguageCode
Neutral

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
167936

EntryPoint
0x3da20

OriginalFileName
Overworking.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright 2011

FileVersion
176, 20, 210, 256

TimeStamp
2007:04:07 22:55:44+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Lowish

ProductVersion
59, 141, 184, 53

FileDescription
Hanover

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

CompanyName
CommWorks

CodeSize
249856

FileSubtype
0

ProductVersionNumber
0.62.47.123

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 c4909fa2d363136cb762084048fa0b52
SHA1 cde04d1a2099ca6649f6fb07e63fd57c35c7c42a
SHA256 4b0b5e2e0c218e8c77631e0635d2abd6cc646cab00af06e2e09590eda29c1e86
ssdeep
6144:/Xu3Rw0RUyISeAV4h6hHU4kZxy6c4G4czAsW+eQZl6vyWDgVqmHAj3BeZ:/euqguKJ/y6zczbvH6vR8VqmHo3Y

authentihash ca0c37341c0f408d1b41d8e7a8c4da5b077a14571ea4b5dea226fa141aa91c69
imphash 4f1e5bb5e57ec4c6903483940a05a8b1
File size 312.0 KB ( 319488 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Tags
peexe

VirusTotal metadata
First submission 2015-12-08 11:04:06 UTC ( 3 years, 3 months ago )
Last submission 2016-12-17 02:07:19 UTC ( 2 years, 3 months ago )
File names dridex-120.exe
kaspiyskiygruz.exe_
kaspiyskiygruz.exe
suka.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Code injections in the following processes
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Runtime DLLs
HTTP requests
DNS requests
TCP connections