× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 4d625ef05f063f7a101acbacbd1e083c1df1a9f9e6bf12ae8eaf1e43d15d5340
File name: 39deac2.exe
Detection ratio: 8 / 42
Analysis date: 2012-10-17 12:09:54 UTC ( 5 years, 10 months ago ) View latest
Antivirus Result Update
AVG Win32/Cryptor 20121017
BitDefender Gen:Variant.Kazy.97197 20121017
ESET-NOD32 a variant of Win32/Kryptik.ANFA 20121017
F-Secure Gen:Variant.Kazy.97197 20121017
Fortinet W32/Kryptik.XUW!tr 20121017
GData Gen:Variant.Kazy.97197 20121017
eScan Gen:Variant.Kazy.97197 20121017
Panda Suspicious file 20121016
Yandex 20121016
AhnLab-V3 20121017
AntiVir 20121017
Antiy-AVL 20121017
Avast 20121017
ByteHero 20121016
CAT-QuickHeal 20121017
ClamAV 20121017
Commtouch 20121017
Comodo 20121017
eSafe 20121017
F-Prot 20121017
Ikarus 20121017
Jiangmin 20121017
K7AntiVirus 20121016
Kaspersky 20121017
Kingsoft 20121008
McAfee 20121017
McAfee-GW-Edition 20121017
Microsoft 20121017
Norman 20121017
nProtect 20121017
PCTools 20121017
Rising 20121017
Sophos AV 20121017
SUPERAntiSpyware 20121017
Symantec 20121017
TheHacker 20121016
TotalDefense 20121017
TrendMicro 20121017
TrendMicro-HouseCall 20121017
VBA32 20121016
VIPRE 20121017
ViRobot 20121017
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
n3F6mIiqqS

Publisher 9d6ZZuqsnLqer
Product 9RHP
Original name XoldVjhD
Internal name jhFDglFS
File version 223.136.29712.61702
Description 5a6zzN
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2006-06-28 06:53:39
Entry Point 0x00002068
Number of sections 3
PE sections
PE imports
GlobalFindAtomW
GetConsoleCP
LZDone
LCMapStringA
ExitProcess
SetFileApisToANSI
GetSystemDefaultLCID
GetHandleInformation
LoadLibraryA
GetCommTimeouts
GetLocaleInfoA
GetCommProperties
CreateIoCompletionPort
SetProcessPriorityBoost
GetDateFormatW
SetCommMask
LoadModule
GetUserDefaultLCID
GetCurrentThread
RestoreLastError
SetFirmwareEnvironmentVariableW
GlobalWire
GetModuleHandleA
CreateDirectoryExA
EnumResourceNamesA
GetSystemTimeAsFileTime
TermsrvAppInstallMode
IsValidLocale
GlobalLock
GetBinaryTypeA
FindActCtxSectionStringW
GetMailslotInfo
LocalFree
GetThreadPriority
FindFirstVolumeMountPointW
CreateEventA
IsBadReadPtr
SetMessageWaitingIndicator
VirtualAlloc
CryptCATCDFEnumMembersByCDFTagEx
CryptCATCDFClose
CryptCATVerifyMember
CryptCATOpen
CryptCATCDFEnumAttributesWithCDFTag
MsCatFreeHashTag
CryptCATPutCatAttrInfo
MsCatConstructHashTag
CryptCATGetAttrInfo
CryptCATAdminAddCatalog
CryptCATGetMemberInfo
CryptCATCDFEnumMembers
CryptCATEnumerateCatAttr
CryptCATPutAttrInfo
CryptCATStoreFromHandle
CryptCATCatalogInfoFromContext
CryptCATPutMemberInfo
CryptCATAdminAcquireContext
CryptCATCDFEnumAttributes
CryptCATClose
IsCatalogFile
CryptCATGetCatAttrInfo
CryptCATPersistStore
CryptCATAdminReleaseCatalogContext
CryptCATEnumerateAttr
CryptCATCDFEnumCatAttributes
CryptCATCDFOpen
CryptCATAdminEnumCatalogFromHash
CryptCATAdminReleaseContext
CatalogCompactHashDatabase
DrawAnimatedRects
CallMsgFilterA
WCSToMBEx
CheckRadioButton
DdeGetQualityOfService
PrivateExtractIconsA
GetListBoxInfo
SetDeskWallpaper
InsertMenuItemW
LookupIconIdFromDirectory
DialogBoxParamW
MessageBoxA
GetDlgItemInt
GetMenuBarInfo
MenuWindowProcW
CreateDialogParamW
RemovePropA
FreeDDElParam
IsCharLowerA
EnumDisplaySettingsA
GetWindowTextW
EnumPropsW
ChangeDisplaySettingsA
UnhookWindowsHookEx
PtInRect
WinStationSendWindowMessage
ServerLicensingGetPolicy
_NWLogonSetAdmin
ServerLicensingDeactivateCurrentPolicy
_WinStationNotifyLogoff
WinStationBroadcastSystemMessage
WinStationEnumerateLicenses
WinStationInstallLicense
WinStationEnumerateA
_WinStationGetApplicationInfo
_WinStationNotifyDisconnectPipe
WinStationGetProcessSid
WinStationActivateLicense
WinStationReset
WinStationTerminateProcess
ServerLicensingGetAvailablePolicyIds
WinStationRenameA
ServerLicensingClose
WinStationGetAllProcesses
WinStationIsHelpAssistantSession
_WinStationUpdateSettings
WinStationCheckLoopBack
WinStationConnectCallback
_WinStationCheckForApplicationName
WinStationCloseServer
WinStationQueryLogonCredentialsW
LogonIdFromWinStationNameA
_WinStationUpdateClientCachedCredentials
WinStationRegisterConsoleNotification
WinStationDisconnect
WinStationEnumerate_IndexedW
WinStationSetInformationW
WinStationQueryLicense
ServerLicensingUnloadPolicy
mssip32DllRegisterServer
WVTAsn1SpcFinancialCriteriaInfoDecode
CryptCATCatalogInfoFromContext
WVTAsn1SpcStatementTypeDecode
SoftpubAuthenticode
CryptCATAdminPauseServiceForBackup
WinVerifyTrustEx
SoftpubDefCertInit
WTHelperGetProvCertFromChain
CryptSIPGetRegWorkingFlags
CryptCATAdminAddCatalog
GenericChainFinalProv
CryptSIPGetInfo
DriverFinalPolicy
AddPersonalTrustDBPages
WTHelperCertFindIssuerCertificate
SoftpubLoadMessage
CryptCATPutAttrInfo
WTHelperGetKnownUsages
FindCertsByIssuer
WVTAsn1SpcIndirectDataContentDecode
WVTAsn1SpcPeImageDataEncode
MsCatFreeHashTag
WTHelperGetProvPrivateDataFromChain
WintrustRemoveActionID
SoftpubCleanup
TrustOpenStores
CryptCATCDFOpen
WintrustLoadFunctionPointers
SoftpubDumpStructure
WahOpenApcHelper
WahCompleteRequest
WahCreateSocketHandle
WahDestroyHandleContextTable
WahEnumerateHandleContexts
WahOpenCurrentThread
WahOpenNotificationHandleHelper
WahCreateNotificationHandle
WahCreateHandleContextTable
WahCloseHandleHelper
WahNotifyAllProcesses
WahQueueUserApc
WahEnableNonIFSHandleSupport
WahWaitForNotification
WahInsertHandleContext
WahCloseThread
WahCloseSocketHandle
WahDisableNonIFSHandleSupport
WahCloseNotificationHandleHelper
WahCloseApcHelper
WahOpenHandleHelper
WahRemoveHandleContext
WahReferenceContextByHandle
Number of PE resources by type
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
ENGLISH NZ 1
NEUTRAL 1
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
11.0

ImageVersion
5.1

FileSubtype
0

FileVersionNumber
208.0.30156.55727

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

CharacterSet
Unicode

InitializedDataSize
10752

FileOS
Windows NT 32-bit

MIMEType
application/octet-stream

LegalCopyright
n3F6mIiqqS

FileVersion
223.136.29712.61702

TimeStamp
2006:06:28 07:53:39+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
jhFDglFS

ProductVersion
187.150.52500.65389

FileDescription
5a6zzN

OSVersion
5.0

OriginalFilename
XoldVjhD

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
9d6ZZuqsnLqer

CodeSize
39936

ProductName
9RHP

ProductVersionNumber
208.0.30156.55727

EntryPoint
0x2068

ObjectFileType
Executable application

File identification
MD5 2113aa0cdd14fb46c2a3a765ed38da7d
SHA1 425b3565e2d01eafdd863e7f820404e787b811b2
SHA256 4d625ef05f063f7a101acbacbd1e083c1df1a9f9e6bf12ae8eaf1e43d15d5340
ssdeep
768:sFdslspOG8fbZudfRKoUVJcPI0ZLNDdYZPyLSuDQW03sWy:6yspOffbZudpKoQaXLpdYZPyvoly

File size 50.5 KB ( 51712 bytes )
File type Win32 EXE
Magic literal
MS-DOS executable PE for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable Generic (59.6%)
Win32 Executable MS Visual C++ (generic) (26.2%)
Win32 Executable Generic (5.9%)
Win32 Dynamic Link Library (generic) (5.2%)
Generic Win/DOS Executable (1.3%)
Tags
peexe

VirusTotal metadata
First submission 2012-10-17 11:53:49 UTC ( 5 years, 10 months ago )
Last submission 2012-10-25 14:10:43 UTC ( 5 years, 9 months ago )
File names 39deac2.exe
2113aa0cdd14fb46c2a3a765ed38da7d
jhFDglFS
2113aa0cdd14fb46c2a3a765ed3
XoldVjhD
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
HTTP requests
DNS requests
TCP connections
UDP communications