× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 50e0225370492c5df702dd6d3bf4586c14447dffa496ac33ff3704f4b271a132
File name: 931193892918037a1951c77c0c875508.virus
Detection ratio: 39 / 68
Analysis date: 2017-12-19 19:33:48 UTC ( 6 months, 1 week ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Razy.227149 20171219
AhnLab-V3 Trojan/Win32.Emotet.R215810 20171219
ALYac Gen:Variant.Razy.227149 20171219
Arcabit Trojan.Razy.D3774D 20171219
Avast Win32:Malware-gen 20171219
AVG Win32:Malware-gen 20171219
Avira (no cloud) TR/Crypt.ZPACK.hubgg 20171219
AVware Trojan.Win32.Generic!BT 20171219
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9998 20171219
BitDefender Gen:Variant.Razy.227149 20171219
Comodo UnclassifiedMalware 20171219
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20171016
Cybereason malicious.669cc0 20171103
Cylance Unsafe 20171219
Emsisoft Gen:Variant.Razy.227149 (B) 20171219
Endgame malicious (high confidence) 20171130
ESET-NOD32 a variant of Win32/Kryptik.GARX 20171219
F-Secure Gen:Variant.Razy.227149 20171219
Fortinet W32/Kryptik.FZTF!tr 20171219
GData Win32.Trojan-Spy.Emotet.HW 20171219
Sophos ML heuristic 20170914
Kaspersky Trojan.Win32.Dovs.eat 20171219
Malwarebytes Trojan.Downloader 20171219
MAX malware (ai score=88) 20171219
McAfee GenericR-LEG!931193892918 20171219
McAfee-GW-Edition BehavesLike.Win32.PWSZbot.ch 20171219
Microsoft Trojan:Win32/Pynamer.B!ac 20171219
eScan Gen:Variant.Razy.227149 20171219
Palo Alto Networks (Known Signatures) generic.ml 20171219
Panda Trj/Genetic.gen 20171219
Qihoo-360 HEUR/QVM20.1.EE61.Malware.Gen 20171219
SentinelOne (Static ML) static engine - malicious 20171207
Sophos AV Mal/EncPk-ANR 20171219
Symantec Trojan.Gen.2 20171219
TrendMicro TROJ_GEN.R039C0DLJ17 20171219
TrendMicro-HouseCall TROJ_GEN.R039C0DLJ17 20171219
VIPRE Trojan.Win32.Generic!BT 20171219
Webroot W32.Trojan.Emotet 20171219
ZoneAlarm by Check Point Trojan.Win32.Dovs.eat 20171219
AegisLab 20171219
Alibaba 20171219
Antiy-AVL 20171219
Avast-Mobile 20171219
Bkav 20171218
CAT-QuickHeal 20171219
ClamAV 20171219
CMC 20171218
Cyren 20171219
DrWeb 20171219
eGambit 20171219
F-Prot 20171219
Ikarus 20171219
Jiangmin 20171219
K7AntiVirus 20171219
K7GW 20171219
Kingsoft 20171219
NANO-Antivirus 20171219
nProtect 20171219
Rising 20171219
SUPERAntiSpyware 20171219
Symantec Mobile Insight 20171219
Tencent 20171219
TheHacker 20171219
TotalDefense 20171219
Trustlook 20171219
VBA32 20171219
ViRobot 20171219
WhiteArmor 20171204
Yandex 20171219
Zillya 20171219
Zoner 20171219
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright© Bucanier Rom Comp 1999-2010

Product Custom Sata Collectors Doorin
Original name pircdse
Internal name pircds
File version 2.0.7
Description Custom Sata Collect Doors
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-12-18 03:11:21
Entry Point 0x00001960
Number of sections 7
PE sections
PE imports
GetCharWidthA
DeleteObject
CreateRectRgn
SetTextColor
GetLastError
IsWow64Process
CreateFileW
CreateThread
lstrlenA
lstrcatA
lstrcpyA
WaitForSingleObject
WriteFile
Sleep
FindNextChangeNotification
GetUserDefaultLCID
CloseHandle
SetupGetTargetPathW
SetupGetSourceFileLocationW
GetCursorPos
GetWindowRgn
IsClipboardFormatAvailable
GetCaretBlinkTime
GetIconInfo
LoadIconA
SetClipboardData
LoadMenuA
EnumWindows
DialogBoxParamA
FindWindowA
timeGetSystemTime
Number of PE resources by type
RT_DIALOG 14
RT_GROUP_ICON 2
RT_VERSION 1
Number of PE resources by language
ITALIAN 17
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
12.14

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
2.1.0.17

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Windows, Latin1

InitializedDataSize
114688

EntryPoint
0x1960

OriginalFileName
pircdse

MIMEType
application/octet-stream

LegalCopyright
Copyright Bucanier Rom Comp 1999-2010

FileVersion
2.0.7

TimeStamp
2017:12:18 04:11:21+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
pircds

ProductVersion
4.30.6

FileDescription
Custom Sata Collect Doors

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Bucanier Rom

CodeSize
0

ProductName
Custom Sata Collectors Doorin

ProductVersionNumber
2.1.0.17

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 931193892918037a1951c77c0c875508
SHA1 1f18957669cc060416c1934b7cc25448b2979baf
SHA256 50e0225370492c5df702dd6d3bf4586c14447dffa496ac33ff3704f4b271a132
ssdeep
3072:aekJ/+ZgHxQ2ye6POwgBXIX2zJ1Gr8soLnT:aDEOrNIuIGL

authentihash e1a6accb6fce6b3ab3e8086393b27db99753848d5eb5417df5ce5578e4dfc21b
imphash d97629579d50782db1eecb58cfbf880b
File size 124.0 KB ( 126976 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Tags
peexe

VirusTotal metadata
First submission 2017-12-19 19:33:48 UTC ( 6 months, 1 week ago )
Last submission 2017-12-19 19:33:48 UTC ( 6 months, 1 week ago )
File names 931193892918037a1951c77c0c875508.virus
pircds
pircdse
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Searched windows
UDP communications