× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 4eefe9144ebd04a18fae6e9d13ca7c42df2b608fc8cc0860d2dd310046037c29
File name: 61b2133.exe
Detection ratio: 40 / 53
Analysis date: 2014-10-23 03:13:21 UTC ( 4 years, 3 months ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKD.1743041 20141023
AegisLab Troj.W32.Gen 20141023
Yandex Backdoor.Azbreg!A5NU3mzX5X0 20141021
AhnLab-V3 Dropper/Win32.Necurs 20141022
Antiy-AVL Trojan[Backdoor]/Win32.Androm 20141022
Avast Win32:Malware-gen 20141023
AVG Inject2.ANAO 20141023
Avira (no cloud) TR/Crypt.Xpack.76112 20141023
AVware Trojan.Win32.Generic.pak!cobra 20141023
Baidu-International Trojan.Win32.Injector.40 20141022
BitDefender Trojan.GenericKD.1743041 20141023
CAT-QuickHeal TrojanRansom.Crowti.A6 20141022
Comodo UnclassifiedMalware 20141023
DrWeb BackDoor.IRC.NgrBot.42 20141023
Emsisoft Trojan.GenericKD.1743041 (B) 20141023
ESET-NOD32 a variant of Win32/Injector.BHGI 20141023
F-Prot W32/Powessere.A.gen!Eldorado 20141021
F-Secure Trojan.GenericKD.1743041 20141023
Fortinet W32/Yakes.FHJN!tr 20141022
GData Trojan.GenericKD.1743041 20141023
Ikarus Backdoor.Win32.Azbreg 20141023
Jiangmin Backdoor/Agent.dszn 20141020
K7AntiVirus Trojan ( 0040f8c91 ) 20141020
K7GW Trojan ( 0040f8c91 ) 20141021
Kaspersky Backdoor.Win32.Azbreg.aafk 20141023
Malwarebytes Backdoor.IRCBot 20141023
McAfee RDN/Generic BackDoor!yy 20141023
McAfee-GW-Edition RDN/Generic BackDoor!yy 20141023
Microsoft Trojan:Win32/Lethic.B 20141023
eScan Trojan.GenericKD.1743041 20141022
NANO-Antivirus Trojan.Win32.Ngrbot.dcaqal 20141023
Norman Injector.GZGT 20141022
nProtect Trojan.GenericKD.1743041 20141022
Qihoo-360 Win32/Trojan.Multi.daf 20141023
Sophos AV Troj/Wonton-ES 20141023
Symantec Trojan.Gen 20141023
Tencent Win32.Backdoor.Azbreg.Szlb 20141023
TrendMicro TROJ_GEN.R0CBC0DG814 20141023
VBA32 Malware-Cryptor.Limpopo 20141021
VIPRE Trojan.Win32.Generic.pak!cobra 20141023
Bkav 20141022
ByteHero 20141023
ClamAV 20141023
CMC 20141021
Cyren 20141023
Kingsoft 20141023
Rising 20141022
SUPERAntiSpyware 20141023
TheHacker 20141022
TotalDefense 20141022
ViRobot 20141022
Zillya 20141022
Zoner 20141020
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (C) 2000-2012 Oleh Yuschuk

Publisher Softwareentwicklung Yuschuk
Product SND 2.2
Original name SND 2.2
Internal name SND 2.2
File version 2.1.0.4
Description Free 32-bit Analysing Debugger
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-07-05 20:32:28
Entry Point 0x0000B553
Number of sections 4
PE sections
PE imports
CommDlgExtendedError
GetCharABCWidthsFloatW
CreateHalftonePalette
CreatePen
GetPaletteEntries
LPtoDP
RemoveFontMemResourceEx
GetClipBox
GetPixel
Rectangle
GetObjectA
CreateDCA
DeleteDC
GetTextColor
SetPixel
CreateSolidBrush
BitBlt
GetDeviceCaps
SetAbortProc
PaintRgn
AngleArc
GetStockObject
CreateDIBitmap
GetPolyFillMode
ExtTextOutA
GetDCPenColor
AddFontMemResourceEx
CreateCompatibleDC
StrokeAndFillPath
StretchBlt
AddFontResourceExA
SelectObject
GetTextExtentPoint32A
GetNearestPaletteIndex
GetWinMetaFileBits
Ellipse
AddFontResourceExW
SetWindowOrgEx
Polyline
DPtoLP
SetBkColor
UpdateICMRegKeyW
GdiTransparentBlt
DeleteObject
CreateCompatibleBitmap
GetStdHandle
CreateFileMappingA
GetFileAttributesA
WaitForSingleObject
HeapDestroy
GetHandleInformation
GetTapeParameters
DeleteCriticalSection
GetCurrentProcess
GetLocaleInfoA
lstrcatA
GetSystemDefaultLCID
ExitProcess
FreeEnvironmentStringsW
SetStdHandle
GetTempPathA
WideCharToMultiByte
GetStringTypeA
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
SetFileAttributesA
GetOEMCP
GetThreadPriority
InitializeCriticalSection
LoadResource
FindClose
TlsGetValue
FormatMessageA
OutputDebugStringA
SetLastError
GetModuleFileNameW
HeapAlloc
GetVersionExA
GetModuleFileNameA
FlushViewOfFile
GetPriorityClass
LoadLibraryExA
GetPrivateProfileStringA
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
WritePrivateProfileSectionA
SetFilePointer
FreeEnvironmentStringsA
GetPrivateProfileSectionA
SetUnhandledExceptionFilter
MulDiv
GetSystemDirectoryA
MoveFileExA
SetPriorityClass
TerminateProcess
VirtualQuery
LocalFileTimeToFileTime
GetVersion
InterlockedIncrement
HeapFree
EnterCriticalSection
SetHandleCount
GetLastError
FreeLibrary
QueryPerformanceCounter
GetTickCount
TlsAlloc
VirtualProtect
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetStartupInfoA
GetFileSize
CreateDirectoryA
DeleteFileA
GetWindowsDirectoryA
GetProcAddress
CreateNamedPipeW
lstrcmpA
FindFirstFileA
lstrcpyA
CompareStringA
GetTempFileNameA
QueryInformationJobObject
FindNextFileA
GetProcessAffinityMask
GetFileType
TlsSetValue
CreateFileA
GetCurrentThreadId
LeaveCriticalSection
GlobalGetAtomNameW
DosDateTimeToFileTime
LCMapStringW
UnmapViewOfFile
GetSystemInfo
lstrlenA
LCMapStringA
GetEnvironmentStringsW
IsDBCSLeadByte
RemoveDirectoryA
GetShortPathNameA
GetEnvironmentStrings
WritePrivateProfileStringA
GetCurrentProcessId
LockResource
SetFileTime
GetCPInfo
GetCommandLineA
MapViewOfFile
TlsFree
GetModuleHandleA
ReadFile
CloseHandle
lstrcpynA
GetACP
GetModuleHandleW
GetDiskFreeSpaceA
CreateProcessA
HeapCreate
VirtualFree
Sleep
GetProcessVersion
FindResourceA
VirtualAlloc
Ord(8)
ColorHLSToRGB
Ord(10)
SendNotifyMessageA
DrawAnimatedRects
GetForegroundWindow
CreateDialogIndirectParamW
GetScrollRange
SetLayeredWindowAttributes
DrawStateA
BroadcastSystemMessageA
CopyIcon
GetRawInputDeviceList
SetProcessDefaultLayout
DrawFocusRect
DlgDirListComboBoxA
SetClipboardViewer
BeginDeferWindowPos
IsWindow
DefFrameProcW
RegisterClipboardFormatA
DlgDirSelectComboBoxExW
PeekMessageA
CharToOemBuffW
GetWindowTextLengthA
IsWindowEnabled
MsgWaitForMultipleObjectsEx
GetClipboardSequenceNumber
GetWindowWord
ChangeClipboardChain
UpdateLayeredWindow
WaitMessage
LockWorkStation
DestroyIcon
UnregisterClassA
GetMouseMovePointsEx
AnyPopup
GetSystemMetrics
SetWindowTextW
IsCharLowerW
RealGetWindowClassA
GetPriorityClipboardFormat
SendMessageTimeoutA
ShowCursor
SetWindowContextHelpId
LoadImageA
GetUpdateRect
SetCursor
WindowFromDC
Number of PE resources by type
RT_ICON 4
RT_VERSION 1
JPEG 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 5
NEUTRAL 2
PE resources
ExifTool file metadata
SubsystemVersion
5.0

LinkerVersion
9.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
2.1.0.4

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Windows, Latin1

InitializedDataSize
38400

FileOS
Win32

MIMEType
application/octet-stream

LegalCopyright
Copyright (C) 2000-2012 Oleh Yuschuk

FileVersion
2.1.0.4

TimeStamp
2014:07:05 21:32:28+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
SND 2.2

FileAccessDate
2014:10:23 04:13:30+01:00

ProductVersion
2.1.0.4

FileDescription
Free 32-bit Analysing Debugger

OSVersion
5.0

FileCreateDate
2014:10:23 04:13:30+01:00

OriginalFilename
SND 2.2

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Softwareentwicklung Yuschuk

CodeSize
68096

ProductName
SND 2.2

ProductVersionNumber
2.1.0.4

EntryPoint
0xb553

ObjectFileType
Executable application

File identification
MD5 cb536546ef2c3e0bcdd9228b05d63107
SHA1 343721e7f105660124aea793b6a1e0468b6c8674
SHA256 4eefe9144ebd04a18fae6e9d13ca7c42df2b608fc8cc0860d2dd310046037c29
ssdeep
1536:ddEc4Tl40lHoWjKNbTLZA3vtkH042HykweF7GGGGGV4:j54TlzzjKhTESlQyGZGGGGGV4

authentihash 0cd031328ce1249e86c237d96e05f8ca43fc47838c182234e57622c5f18e1f0b
imphash 6d6ce5e9dee5665388c578892d500df7
File size 105.0 KB ( 107520 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.1%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2014-07-05 23:09:51 UTC ( 4 years, 7 months ago )
Last submission 2014-10-23 03:13:21 UTC ( 4 years, 3 months ago )
File names SND 2.2
4EEFE9144EBD04A18FAE6E9D13CA7C42DF2B608FC8CC0860D2DD310046037C29
61b2133.exe
61b2133.exe
dasdd.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
Behaviour characterization
Zemana
clipboard-monitor

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Created processes
Code injections in the following processes
Opened mutexes
Runtime DLLs