× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 4fe3b362a288a92261019d8c25214069e8d7297fd8fee03118f97ad4fa06d848
File name: f2d93d1f0ca5a507ffcca32c8252e9f5
Detection ratio: 35 / 55
Analysis date: 2015-05-01 03:02:06 UTC ( 3 years, 10 months ago )
Antivirus Result Update
Ad-Aware Trojan.Generic.13264711 20150503
Yandex Trojan.Inject!HyDp5IS3io0 20150502
AhnLab-V3 Win-Trojan/CTBLocker.Gen 20150503
ALYac Trojan.Generic.13264711 20150503
Antiy-AVL Trojan/Win32.Inject 20150503
Avast Win32:Malware-gen 20150503
AVG Zbot.ABEA 20150503
AVware Trojan.Win32.Generic!BT 20150503
Baidu-International Trojan.Win32.Inject.fsw 20150503
BitDefender Trojan.Generic.13264711 20150503
CMC Packed.Win32.FakeAV-Crypter.6!O 20150501
Cyren W32/Trojan.GKMW-7926 20150503
DrWeb Trojan.PWS.Panda.8087 20150503
Emsisoft Trojan.Generic.13264711 (B) 20150503
ESET-NOD32 Win32/Spy.Zbot.ACB 20150503
F-Secure Trojan.Generic.13264711 20150503
Fortinet W32/Inject.ACB!tr 20150503
GData Trojan.Generic.13264711 20150503
Ikarus Trojan-Spy.Agent 20150503
K7AntiVirus Spyware ( 004a08e61 ) 20150503
K7GW Spyware ( 004a08e61 ) 20150503
Kaspersky Trojan.Win32.Inject.fsw 20150503
McAfee Artemis!F2D93D1F0CA5 20150503
Microsoft PWS:Win32/Zbot.gen!VM 20150503
eScan Trojan.Generic.13264711 20150503
NANO-Antivirus Trojan.Win32.Inject.drawmh 20150503
nProtect Trojan.Generic.13264711 20150430
Panda Generic Suspicious 20150503
Qihoo-360 HEUR/QVM10.1.Malware.Gen 20150503
Sophos AV Mal/Generic-S 20150503
Symantec Trojan.Gen 20150503
TrendMicro TROJ_FORUCON.BMC 20150503
TrendMicro-HouseCall TROJ_FORUCON.BMC 20150503
VIPRE Trojan.Win32.Generic!BT 20150503
Zillya Trojan.Inject.Win32.164758 20150503
AegisLab 20150503
Alibaba 20150503
Bkav 20150425
ByteHero 20150503
CAT-QuickHeal 20150502
ClamAV 20150503
Comodo 20150503
F-Prot 20150503
Jiangmin 20150430
Kingsoft 20150503
McAfee-GW-Edition 20150503
Norman 20150503
Rising 20150503
SUPERAntiSpyware 20150502
Tencent 20150503
TheHacker 20150502
TotalDefense 20150430
VBA32 20150501
ViRobot 20150503
Zoner 20150430
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-04-25 21:19:48
Entry Point 0x00005700
Number of sections 6
PE sections
PE imports
LookupAccountNameA
AuthzFreeResourceManager
AuthzInitializeResourceManager
ImageList_ReplaceIcon
CreateToolbarEx
ImageList_Create
InitCommonControlsEx
ImageList_Add
GetOpenFileNameA
GetBitmapBits
PatBlt
CreatePen
TextOutA
CombineRgn
GetPixel
Rectangle
GetObjectA
ExcludeClipRect
LineTo
DeleteDC
SetBkMode
SetPixel
BitBlt
CreateHatchBrush
GetDeviceCaps
MoveToEx
CreateBitmap
CreateFontA
GetStockObject
ExtTextOutA
CreateCompatibleDC
CreateRectRgn
SelectObject
CreateCompatibleBitmap
CreateSolidBrush
SetTextColor
SetBkColor
DeleteObject
Ellipse
GetStdHandle
WaitForSingleObject
EncodePointer
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
LocalAlloc
FreeEnvironmentStringsW
SetStdHandle
GetCPInfo
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
LocalFree
AllocConsole
InterlockedDecrement
SetLastError
GetModuleFileNameW
IsDebuggerPresent
HeapAlloc
GetModuleFileNameA
HeapSetInformation
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
SetFilePointer
CreateSemaphoreA
SetUnhandledExceptionFilter
MulDiv
IsProcessorFeaturePresent
DecodePointer
TerminateProcess
SetEndOfFile
GetCurrentThreadId
InterlockedIncrement
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
LoadLibraryW
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetStartupInfoW
GetProcAddress
GetProcessHeap
GetProfileStringA
CreateFileMappingA
GlobalLock
CreateFileW
CreateEventA
GetFileType
TlsSetValue
CreateFileA
ExitProcess
LeaveCriticalSection
GetLastError
LCMapStringW
lstrlenA
GlobalFree
GetConsoleCP
GetEnvironmentStringsW
lstrlenW
GetCurrentProcessId
LockResource
GetCurrentDirectoryA
HeapSize
GetCommandLineA
RaiseException
ReleaseSemaphore
MapViewOfFile
TlsFree
GetModuleHandleA
ReadFile
CloseHandle
GetACP
GetModuleHandleW
WideCharToMultiByte
IsValidCodePage
HeapCreate
Sleep
OleCreatePictureIndirect
RpcImpersonateClient
SetupCreateDiskSpaceListA
SHGetFileInfoA
SHGetFolderPathW
SHGetSpecialFolderLocation
SHGetMalloc
SHGetSpecialFolderPathA
PathCompactPathA
EmptyClipboard
GetMessageA
GetWindowTextA
EndDialog
BeginPaint
OffsetRect
MoveWindow
CreateDialogIndirectParamA
KillTimer
PostQuitMessage
DefWindowProcA
FindWindowA
LoadBitmapA
SetWindowPos
GetSystemMetrics
IsWindow
GetMenu
GetWindowRect
DispatchMessageA
EndPaint
PostMessageA
SetRectEmpty
EnumChildWindows
MessageBoxA
GetWindowDC
DrawIcon
TranslateMessage
IsWindowEnabled
GetWindow
GetSysColor
SetMenuItemBitmaps
GetDC
CopyImage
SystemParametersInfoA
GetDlgCtrlID
SetWindowTextA
CheckMenuItem
DestroyIcon
GetSubMenu
ShowWindow
SetClipboardData
DrawIconEx
SendMessageA
DialogBoxParamA
GetClientRect
CreateWindowExA
GetDlgItem
DrawMenuBar
ClientToScreen
InvalidateRect
GetWindowLongA
FindWindowExA
SetTimer
LoadCursorA
LoadIconA
DestroyWindow
FillRect
GetMenuItemID
GetMenuState
LoadImageA
GetFocus
CreateWindowExW
ReleaseDC
CloseClipboard
RegisterClassExA
PostThreadMessageA
OpenClipboard
DrawThemeBackground
GdipLoadImageFromFile
GdiplusShutdown
GdipDisposeImage
GdipSaveImageToFile
GdipAlloc
GdipFree
GdipCloneImage
GdiplusStartup
CoInitializeEx
CoUninitialize
CoInitialize
CreateStreamOnHGlobal
CoCreateInstance
CoSuspendClassObjects
GetHGlobalFromStream
CoWaitForMultipleHandles
Number of PE resources by type
RT_DIALOG 15
RT_STRING 6
RT_GROUP_CURSOR 2
RT_MANIFEST 1
PACK_DATA 1
Number of PE resources by language
ENGLISH US 25
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2015:04:25 22:19:48+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
69120

LinkerVersion
10.0

EntryPoint
0x5700

InitializedDataSize
241152

SubsystemVersion
5.1

ImageVersion
0.0

OSVersion
5.1

UninitializedDataSize
0

File identification
MD5 f2d93d1f0ca5a507ffcca32c8252e9f5
SHA1 f1cfa0ec150230944d3ed64e9b5957ef28154e70
SHA256 4fe3b362a288a92261019d8c25214069e8d7297fd8fee03118f97ad4fa06d848
ssdeep
6144:LwGQscqi6+GgThxJGB5SMtzQb6U6j6NNRBxFFuWitjaIhb:LwGQ7qi6JnSMtzQ+78RBQj1

authentihash e61b4a3f8c246556e84ce360b1c1449b3c050d7b3fd1dd2d8389d6a5538c15c0
imphash b5ae5e10d67005fa95fcb7f876a36e94
File size 304.0 KB ( 311296 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2015-04-29 18:19:16 UTC ( 3 years, 10 months ago )
Last submission 2015-04-29 18:19:16 UTC ( 3 years, 10 months ago )
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
UDP communications