× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 4c3c04c6f2265a8155b9e0df212bb1c2f698b7c0e88e5953fad5ba62ce5b600e
File name: e53f74da2a001c1408716194.exe
Detection ratio: 43 / 55
Analysis date: 2014-09-04 13:58:44 UTC ( 4 years, 8 months ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKD.1818361 20140904
Yandex Backdoor.Symmi!9SJZdPcuQ8c 20140903
AhnLab-V3 Trojan/Win32.Agent 20140903
Antiy-AVL Trojan[Spy]/Win32.Zbot 20140904
Avast Win32:Dropper-gen [Drp] 20140904
AVG Inject2.ASNH 20140904
Avira (no cloud) TR/Dropper.A.28184 20140904
AVware Trojan.Win32.Generic!BT 20140904
Baidu-International Backdoor.Win32.Symmi.aRML 20140904
BitDefender Trojan.GenericKD.1818361 20140904
CAT-QuickHeal Backdoor.Symmi.r5 20140904
Comodo UnclassifiedMalware 20140904
Cyren W32/Trojan.RQAP-2478 20140904
DrWeb Trojan.Winlock.11550 20140904
Emsisoft Trojan.GenericKD.1818361 (B) 20140904
ESET-NOD32 Win32/Glupteba.M 20140904
F-Secure Trojan.GenericKD.1818361 20140904
Fortinet W32/Symmi.ROS!tr.bdr 20140904
GData Trojan.GenericKD.1818361 20140904
Ikarus Trojan-Spy.Win32.Zbot 20140904
K7AntiVirus Trojan ( 004a0a941 ) 20140904
K7GW Trojan ( 004a0a941 ) 20140904
Kaspersky Backdoor.Win32.Symmi.ros 20140904
Kingsoft Win32.Heur.KVMH008.a.(kcloud) 20140904
Malwarebytes Trojan.Agent 20140904
McAfee Artemis!9399808BACD1 20140904
McAfee-GW-Edition BehavesLike.Win32.StartPage.lc 20140903
Microsoft Trojan:Win32/Peaac.gen!A 20140904
eScan Trojan.GenericKD.1818361 20140904
NANO-Antivirus Trojan.Win32.Symmi.decrkf 20140904
Norman Injector.HFIQ 20140904
nProtect Trojan.GenericKD.1818361 20140904
Panda Trj/Chgt.D 20140904
Qihoo-360 Win32/Backdoor.9ab 20140904
Sophos AV Mal/Generic-S 20140904
SUPERAntiSpyware Trojan.Agent/Gen-Zbot 20140904
Symantec Trojan.Gen.SMH 20140904
Tencent Win32.Backdoor.Symmi.Htcb 20140904
TrendMicro TROJ_GEN.R08NC0DHP14 20140904
TrendMicro-HouseCall TROJ_GEN.R08NC0DHP14 20140904
VBA32 Backdoor.Symmi 20140903
VIPRE Trojan.Win32.Generic!BT 20140904
Zillya Backdoor.Symmi.Win32.457 20140903
AegisLab 20140904
Bkav 20140904
ByteHero 20140904
ClamAV 20140904
CMC 20140904
F-Prot 20140904
Jiangmin 20140903
Rising 20140904
TheHacker 20140904
TotalDefense 20140904
ViRobot 20140904
Zoner 20140901
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file.
Packers identified
F-PROT NSIS
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2009-12-05 22:50:58
Entry Point 0x0000325E
Number of sections 5
PE sections
Number of PE resources by type
RT_DIALOG 3
RT_ICON 2
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 6
PE resources
PCAP parents
File identification
MD5 9399808bacd12ce0f02bc53e36df2fb1
SHA1 2a341520a5c6cf5115f548f98a0fad52f7b2592b
SHA256 4c3c04c6f2265a8155b9e0df212bb1c2f698b7c0e88e5953fad5ba62ce5b600e
ssdeep
1536:VSV8/DcCDCMMkG0DaXJo/rvz/TvvSj3XSmX/oH5czvRiv9mq0br5e/3n0WJ/qKUc:VS8BCfoDaXJo/rvz/TvvSj3XSmX/oczA

imphash 099c0646ea7282d232219f8807883be0
File size 75.8 KB ( 77581 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID NSIS - Nullsoft Scriptable Install System (94.8%)
Win32 Executable MS Visual C++ (generic) (3.4%)
Win32 Dynamic Link Library (generic) (0.7%)
Win32 Executable (generic) (0.5%)
Generic Win/DOS Executable (0.2%)
Tags
nsis peexe

VirusTotal metadata
First submission 2014-08-22 20:56:31 UTC ( 4 years, 9 months ago )
Last submission 2014-08-29 19:42:36 UTC ( 4 years, 8 months ago )
File names lodyoathsk.php
vti-rescan
e53f74da2a001c1408716194.exe
9399808bacd12ce0f02bc53e36df2fb1
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Moved files
Deleted files
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
UDP communications