× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 4fc2a626a2cae789d0099812ac551665f2ab63ba23fce1f5d7598f475f22d4ba
File name: crypted121med.exe
Detection ratio: 5 / 53
Analysis date: 2016-02-02 14:23:05 UTC ( 3 years, 2 months ago ) View latest
Antivirus Result Update
AegisLab Uds.Dangerousobject.Multi!c 20160202
Kaspersky UDS:DangerousObject.Multi.Generic 20160202
Qihoo-360 HEUR/QVM07.1.Malware.Gen 20160202
TrendMicro TSPY_DRIDEX.BYX 20160202
TrendMicro-HouseCall TSPY_DRIDEX.BYX 20160202
Ad-Aware 20160202
Yandex 20160202
AhnLab-V3 20160202
Alibaba 20160202
ALYac 20160202
Antiy-AVL 20160202
Arcabit 20160202
Avast 20160202
AVG 20160202
Avira (no cloud) 20160202
Baidu-International 20160202
BitDefender 20160202
Bkav 20160202
ByteHero 20160202
CAT-QuickHeal 20160202
ClamAV 20160202
Comodo 20160202
Cyren 20160202
DrWeb 20160202
Emsisoft 20160202
ESET-NOD32 20160202
F-Prot 20160129
F-Secure 20160202
Fortinet 20160202
GData 20160202
Ikarus 20160202
Jiangmin 20160202
K7AntiVirus 20160202
K7GW 20160202
Malwarebytes 20160202
McAfee 20160202
McAfee-GW-Edition 20160202
Microsoft 20160202
eScan 20160202
NANO-Antivirus 20160202
nProtect 20160201
Panda 20160201
Rising 20160202
Sophos AV 20160202
SUPERAntiSpyware 20160202
Symantec 20160201
Tencent 20160202
TheHacker 20160130
VBA32 20160202
VIPRE 20160202
ViRobot 20160202
Zillya 20160201
Zoner 20160202
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2006-08-30 05:13:21
Entry Point 0x000428D0
Number of sections 4
PE sections
PE imports
SetTokenInformation
RevertToSelf
GetTrusteeFormA
IsValidSecurityDescriptor
GetSidSubAuthorityCount
SymGetSymPrev
GetTimestampForLoadedLibrary
StackWalk
SymGetLineFromName
SymGetLinePrev
CheckSumMappedFile
EnumerateLoadedModules
SymGetOptions
ImageGetDigestStream
SymGetSymFromAddr
UnDecorateSymbolName
SymEnumerateSymbols
MapFileAndCheckSumA
MakeSureDirectoryPathExists
RemoveRelocations
GetImageConfigInformation
SymSetOptions
ImagehlpApiVersion
SymUnloadModule
FindDebugInfoFile
ImageGetCertificateData
SymSetSearchPath
SymGetSearchPath
GetProfileIntW
GetModuleHandleA
GetCommState
GetStartupInfoA
CompareStringA
FoldStringW
EnumResourceLanguagesA
GetEnvironmentStringsW
DeleteFileA
LZOpenFileW
__p__tzname
__p__fmode
log
_acmdln
__p__commode
__setusermatherr
_mbctype
fputs
__getmainargs
_initterm
_controlfp
_adjust_fdiv
__set_app_type
VarDecFromUI4
SysStringByteLen
VarUI1FromBool
VarMul
VarDecFromStr
LHashValOfNameSysA
BSTR_UserFree
VarCyFromI2
VarCyFromI1
VarDecMul
VarUI1FromUI4
LPSAFEARRAY_UserMarshal
VarUI2FromDate
VarBoolFromR4
VarPow
LoadTypeLibEx
VarR8FromI1
VarR8FromI2
SafeArrayLock
VARIANT_UserFree
VarI1FromI2
VarI1FromI4
VarCySub
VarDecAdd
BSTR_UserUnmarshal
OleLoadPictureEx
VarUI4FromDec
VarDecFromCy
SysAllocString
SafeArrayCopy
VarDateFromUdate
SysReAllocString
VarUI4FromR8
VarDateFromStr
VarFix
SafeArrayPutElement
VarR4FromDec
VarFormat
SafeArraySetIID
SafeArrayCreateVector
BSTR_UserMarshal
SafeArrayGetIID
VarCyCmpR8
VarDateFromR8
SysReAllocStringLen
VarDecSub
GetRecordInfoFromTypeInfo
VarBoolFromCy
OleLoadPicturePath
VarR4CmpR8
VarFormatCurrency
VARIANT_UserMarshal
VarR8Round
DispGetIDsOfNames
VarR4FromBool
VarDecAbs
VarUI2FromDisp
RegisterActiveObject
LPSAFEARRAY_UserSize
VarI4FromDisp
SafeArrayCreateVectorEx
VarNumFromParseNum
VarR4FromI4
VarDateFromDec
CreateTypeLib
VarCyRound
VarBoolFromI1
SafeArrayDestroyDescriptor
VarBstrFromI4
VarUI2FromBool
SafeArrayUnaccessData
VarUI2FromI1
LoadTypeLib
VarSub
VarI1FromUI4
DosDateTimeToVariantTime
LoadRegTypeLib
VarAbs
VarWeekdayName
VarUI4FromDate
VarCyAdd
VarFormatNumber
DispInvoke
VarUI4FromStr
ClearCustData
VarUI1FromDate
VarR4FromDate
VarI2FromUI2
VariantCopy
VarI2FromUI4
VarI4FromDec
SafeArrayGetDim
SafeArrayDestroyData
VarUI1FromCy
VarUI1FromStr
QueryPathOfRegTypeLib
VarCyFromUI2
VarCyFromUI1
VariantChangeTypeEx
VarUI4FromI4
VarBstrFromUI1
VarBstrFromUI2
VarBstrFromUI4
VarUI4FromI1
VarI1FromCy
VarUI2FromR8
VarDateFromI1
SafeArrayUnlock
VarDateFromI2
VarDateFromI4
VarIdiv
SafeArrayCreateEx
VarBstrCat
SafeArrayGetElement
VarCyFromDate
VarUI2FromI2
VarMonthName
VarBoolFromUI2
CreateStdDispatch
SafeArrayRedim
VarI4FromUI2
VarI4FromUI1
VarI1FromR8
VarAdd
VarDecDiv
VarUI1FromR8
VarUI2FromStr
VarNot
VarR8FromCy
VarOr
GetAltMonthNames
VarR8FromBool
VarFormatDateTime
VarDateFromUI4
VarDateFromUI2
VarParseNumFromStr
midiOutLongMsg
midiOutGetID
midiOutGetDevCapsA
waveOutUnprepareHeader
mmioWrite
sndPlaySoundA
mmioDescend
mciGetErrorStringA
midiStreamStop
mixerGetLineControlsA
waveInOpen
midiOutMessage
midiOutGetNumDevs
timeBeginPeriod
midiOutGetErrorTextA
waveOutGetNumDevs
midiOutShortMsg
PlaySoundA
waveInPrepareHeader
midiOutUnprepareHeader
midiOutGetVolume
waveInMessage
mciGetCreatorTask
timeEndPeriod
midiInGetID
midiInReset
mmioSendMessage
mmioClose
midiStreamOut
joyGetDevCapsA
joyGetPosEx
mmioStringToFOURCCA
waveInGetDevCapsW
midiOutGetDevCapsW
PlaySoundW
waveInAddBuffer
timeGetTime
waveInClose
mmioAscend
midiInGetNumDevs
timeGetDevCaps
waveOutRestart
midiStreamClose
mmioStringToFOURCCW
waveInUnprepareHeader
midiOutClose
mixerGetID
midiInAddBuffer
midiStreamProperty
midiStreamPause
midiOutPrepareHeader
mixerSetControlDetails
midiOutCacheDrumPatches
midiStreamOpen
waveInGetPosition
midiInGetErrorTextW
mixerGetControlDetailsA
waveOutGetVolume
midiStreamRestart
mciSendCommandA
waveOutPause
DefDriverProc
midiInPrepareHeader
PrintDlgA
GetFileTitleA
ReplaceTextA
FindTextA
GetOpenFileNameW
ChooseFontW
GetSaveFileNameW
PageSetupDlgA
GetOpenFileNameA
FindTextW
ReplaceTextW
PrintDlgW
GetSaveFileNameA
ChooseFontA
Number of PE resources by type
RT_ICON 5
RT_MENU 5
RT_GROUP_ICON 5
RT_ACCELERATOR 2
IFYyR40baX 1
RT_BITMAP 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 12
JAPANESE DEFAULT 8
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
7.0

ImageVersion
0.0

FileVersionNumber
0.118.18.210

UninitializedDataSize
0

LanguageCode
Neutral

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
172032

EntryPoint
0x428d0

OriginalFileName
Clearing.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright 2012

FileVersion
120, 100, 8, 189

TimeStamp
2006:08:30 06:13:21+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Cleancut

ProductVersion
109, 102, 230, 112

FileDescription
Trumpeter

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

CompanyName
Primax Electronics Ltd.

CodeSize
270336

FileSubtype
0

ProductVersionNumber
0.130.99.58

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 dd5e10d90e9bff2791003822bf20f755
SHA1 7b66b40c1b07cca4681c3b7484925de4d6db6935
SHA256 4fc2a626a2cae789d0099812ac551665f2ab63ba23fce1f5d7598f475f22d4ba
ssdeep
6144:S7R8rcBkXJZzclVjNO24yytOX5ipea3t2qBOTEkjZtDS:e6rcBcwlVjNOhtO0eXZjfD

authentihash 7dad14cd50ca4bd3e8f42715a9159801de0c43352f79433084d97b1e055d2dac
imphash 81f7f7a65c9de55c5a6dcfa0ea041c49
File size 332.0 KB ( 339968 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Tags
peexe

VirusTotal metadata
First submission 2016-02-02 10:06:01 UTC ( 3 years, 2 months ago )
Last submission 2016-06-20 23:38:31 UTC ( 2 years, 10 months ago )
File names crypted121med.exe
test.bin
yFUYIdsf.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Code injections in the following processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
DNS requests
TCP connections
UDP communications