× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 4f460e1f09b7c70e60e0960774ecc26d879991c4e60804fdde1a808ec90b7b71
File name: dbf7f44a5e52847754021ad82c900e2f
Detection ratio: 54 / 57
Analysis date: 2016-09-17 13:54:23 UTC ( 2 years, 5 months ago ) View latest
Antivirus Result Update
Ad-Aware Generic.Brontok.6CDA2F95 20160917
AegisLab Email.Worm.W32|2|103!c 20160917
AhnLab-V3 Worm/Win32.Brontok.N37641674 20160917
ALYac Worm.Brontok-F 20160917
Antiy-AVL Worm[Email]/Win32.Brontok 20160916
Arcabit Generic.Brontok.6CDA2F95 20160917
Avast Win32:Brontok-CE [Wrm] 20160917
AVG I-Worm/Brontok.X 20160917
Avira (no cloud) WORM/Rontobro.E 20160917
AVware Email-Worm.Win32.Brontok.ik (v) 20160917
Baidu Win32.Worm-Email.Brontok.b 20160914
BitDefender Generic.Brontok.6CDA2F95 20160917
Bkav W32.BrontokQ.Worm 20160917
CAT-QuickHeal W32.Brontok.Q 20160917
ClamAV Win.Worm.Brontok-15 20160916
CMC Generic.Win32.dbf7f44a5e!CMCRadar 20160916
Comodo Packed.Win32.Packer.~GEN 20160916
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20160725
Cyren W32/Brontok.C.gen!Eldorado 20160917
DrWeb BackDoor.Generic.1138 20160917
Emsisoft Generic.Brontok.6CDA2F95 (B) 20160917
ESET-NOD32 Win32/Brontok.BF 20160917
F-Prot W32/Brontok.FS@mm 20160917
F-Secure Generic.Brontok.6CDA2F95 20160917
Fortinet W32/Brontok.D@mm 20160917
GData Generic.Brontok.6CDA2F95 20160917
Ikarus Virus.Win32.Alman 20160917
Sophos ML generic.a 20160917
Jiangmin I-Worm/Brontok.ca 20160917
K7AntiVirus Trojan ( 003c84cb1 ) 20160917
K7GW Trojan ( 003c84cb1 ) 20160917
Kaspersky Email-Worm.Win32.Brontok.q 20160917
Malwarebytes Trojan.Dropper 20160917
McAfee W32/Rontokbro.gen@MM 20160917
McAfee-GW-Edition BehavesLike.Win32.Rontokbro.pc 20160917
Microsoft Worm:Win32/Brontok.AS@mm 20160917
eScan Generic.Brontok.6CDA2F95 20160917
NANO-Antivirus Trojan.Win32.Brontok.pxug 20160917
nProtect Worm/W32.Brontok.45374 20160917
Panda W32/Brontok.GS.worm 20160917
Qihoo-360 Win32/Worm.Email-Worm.343 20160917
Rising Trojan.Generic-gpQZbMmamyQ (cloud) 20160917
Sophos AV W32/Brontok-N 20160917
SUPERAntiSpyware Adware.Lop 20160917
Symantec W32.Rontokbro@mm 20160917
Tencent Trojan.Win32.FakeFolder.v 20160917
TheHacker W32/Brontok.q 20160916
TrendMicro WORM_RONTKBR.GEN 20160917
TrendMicro-HouseCall WORM_RONTKBR.GEN 20160917
VBA32 OScope.Trojan.VB.01849 20160917
VIPRE Email-Worm.Win32.Brontok.ik (v) 20160917
ViRobot I-Worm.Win32.Brontok.45374[h] 20160917
Yandex I-Worm.Brontok.Gen.2 20160916
Zillya Worm.Brontok.Win32.2627 20160915
Alibaba 20160914
Kingsoft 20160917
Zoner 20160917
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file.
Packers identified
Command MEW
PEiD MEW 11 SE v1.2 -> Northfox[HCC]
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Entry Point 0x00030F25
Number of sections 2
PE sections
PE imports
LoadLibraryA
GetProcAddress
Number of PE resources by type
RT_ICON 3
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 4
PE resources
ExifTool file metadata
FileAccessDate
2014:12:29 04:05:55+01:00

FileCreateDate
2014:12:29 04:05:55+01:00

File identification
MD5 dbf7f44a5e52847754021ad82c900e2f
SHA1 8111e6c8d746344ef00955834dd9836f2d1f00e2
SHA256 4f460e1f09b7c70e60e0960774ecc26d879991c4e60804fdde1a808ec90b7b71
ssdeep
768:anA/5XCC23x/yi9fl8+toI3XiS28AvLq+pmpLWNrLET2B3yE8PKv35BMCc:kw5XCCAnM+K6yS2NvLq+pmVWNrS2ByEA

authentihash 8d76cb76a4d5c4ffb30a9b9a6b33241df04ef6255a86b295964bb5c738d96982
imphash 87bed5a7cba00c7e1f4015f1bdae2183
File size 44.3 KB ( 45374 bytes )
File type Win32 EXE
Magic literal
MS-DOS executable, PE for MS Windows (GUI) Intel 80386 32-bit

TrID Mew compressed Win32 Executable (88.8%)
Win32 Executable (generic) (5.9%)
Generic Win/DOS Executable (2.6%)
DOS Executable Generic (2.6%)
Tags
mew peexe

VirusTotal metadata
First submission 2006-06-15 07:58:13 UTC ( 12 years, 8 months ago )
Last submission 2016-07-17 09:57:54 UTC ( 2 years, 7 months ago )
File names zq0W665xP5.gz
aa
2N3D4E.7z
Behaviour characterization
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Hooking activity
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.