× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 5270ba7da6c3d0423ccc340e2f95ff14bdbf3046f257584dc077e918e71a0b85
File name: Histogram
Detection ratio: 58 / 67
Analysis date: 2018-04-10 12:58:35 UTC ( 10 months, 2 weeks ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Symmi.39901 20180410
AegisLab Troj.W32.Generic!c 20180410
AhnLab-V3 Backdoor/Win32.Necurs.R101380 20180410
ALYac Gen:Variant.Symmi.39901 20180410
Antiy-AVL Trojan[Backdoor]/Win32.Symmi 20180410
Arcabit Trojan.Symmi.D9BDD 20180410
Avast Win32:Crypt-QYW [Trj] 20180410
AVG Win32:Crypt-QYW [Trj] 20180410
Avira (no cloud) TR/Dropper.Gen 20180410
AVware Trojan.Win32.Generic!BT 20180410
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9998 20180410
BitDefender Gen:Variant.Symmi.39901 20180410
CAT-QuickHeal TrojanPWS.Zbot.AP4 20180409
ClamAV Win.Trojan.Agent-1302076 20180410
Comodo TrojWare.Win32.Cidox.AKND 20180410
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20170201
Cylance Unsafe 20180410
Cyren W32/Zbot.XU.gen!Eldorado 20180410
DrWeb Trojan.Inject1.25849 20180410
Emsisoft Gen:Variant.Symmi.39901 (B) 20180410
Endgame malicious (high confidence) 20180403
ESET-NOD32 Win32/TrojanDownloader.Agent.AGV 20180410
F-Prot W32/Zbot.XU.gen!Eldorado 20180410
F-Secure Gen:Variant.Symmi.39901 20180410
Fortinet W32/ZBOT.QU!tr 20180410
GData Gen:Variant.Symmi.39901 20180410
Ikarus Virus.Win32.CeeInject 20180410
Sophos ML heuristic 20180121
Jiangmin TrojanSpy.Zbot.edda 20180410
K7AntiVirus Trojan ( 0040f7f41 ) 20180410
K7GW Trojan ( 0040f7f41 ) 20180410
Kaspersky HEUR:Trojan.Win32.Generic 20180410
Malwarebytes Trojan.Zbot 20180410
MAX malware (ai score=100) 20180410
McAfee Downloader-FYH!E3C3F84285AB 20180410
McAfee-GW-Edition Downloader-FYH!E3C3F84285AB 20180410
Microsoft TrojanDownloader:Win32/Zemot.A 20180410
eScan Gen:Variant.Symmi.39901 20180410
NANO-Antivirus Trojan.Win32.Cidox.cvaccz 20180410
nProtect Trojan-Spy/W32.ZBot.77828.I 20180410
Palo Alto Networks (Known Signatures) generic.ml 20180410
Panda Trj/Genetic.gen 20180409
Qihoo-360 Win32/Trojan.Spy.ee8 20180410
Rising Dropper.Generic!8.35E (KTSE) 20180410
SentinelOne (Static ML) static engine - malicious 20180225
Sophos AV Mal/Upatre-B 20180410
SUPERAntiSpyware Trojan.Agent/Gen-Zbot 20180410
Symantec Downloader.Ajuxery!g1 20180410
Tencent Win32.Trojan-downloader.Agent.Akyl 20180410
TheHacker Trojan/Downloader.Agent.agv 20180410
TrendMicro TROJ_UPATRE.SMSH 20180410
TrendMicro-HouseCall TROJ_UPATRE.SMSH 20180410
VBA32 Trojan.Cidox 20180409
VIPRE Trojan.Win32.Generic!BT 20180410
Webroot Trojan.Dropper.Gen 20180410
WhiteArmor Malware.HighConfidence 20180408
Yandex TrojanSpy.Zbot!4uYGcoEG/OY 20180408
ZoneAlarm by Check Point HEUR:Trojan.Win32.Generic 20180410
Alibaba 20180410
Avast-Mobile 20180410
Bkav 20180409
CMC 20180409
Cybereason None
eGambit 20180410
Kingsoft 20180410
Symantec Mobile Insight 20180406
TotalDefense 20180410
Trustlook 20180410
ViRobot 20180410
Zillya 20180409
Zoner 20180410
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (C) 2001

Product Histogram Application
Original name Histogram.EXE
Internal name Histogram
File version 1, 0, 0, 1
Description Histogram
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-03-13 15:15:57
Entry Point 0x000027C6
Number of sections 4
PE sections
Overlays
MD5 e9e80719acd086e69446e70015f4c382
File type data
Offset 77824
Size 4
Entropy 1.50
PE imports
SelectObject
CreatePen
CreateSolidBrush
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
GetModuleFileNameA
GetStartupInfoA
VirtualAlloc
CreateFileW
GetModuleHandleA
Ord(1775)
Ord(4080)
Ord(4710)
Ord(2414)
Ord(3597)
Ord(354)
Ord(1641)
Ord(3136)
Ord(4424)
Ord(665)
Ord(5440)
Ord(6375)
Ord(3626)
Ord(755)
Ord(3798)
Ord(1233)
Ord(3259)
Ord(5290)
Ord(2446)
Ord(2985)
Ord(1979)
Ord(3742)
Ord(815)
Ord(641)
Ord(2152)
Ord(5277)
Ord(2514)
Ord(4425)
Ord(4353)
Ord(567)
Ord(1134)
Ord(4465)
Ord(2863)
Ord(5300)
Ord(5199)
Ord(4627)
Ord(1168)
Ord(3738)
Ord(4853)
Ord(2982)
Ord(4234)
Ord(825)
Ord(3081)
Ord(3092)
Ord(5307)
Ord(4441)
Ord(6383)
Ord(540)
Ord(4078)
Ord(2554)
Ord(6376)
Ord(1727)
Ord(823)
Ord(2107)
Ord(5186)
Ord(2379)
Ord(2725)
Ord(4998)
Ord(800)
Ord(3749)
Ord(2512)
Ord(470)
Ord(4274)
Ord(5261)
Ord(4079)
Ord(1146)
Ord(3147)
Ord(2124)
Ord(2621)
Ord(3262)
Ord(1576)
Ord(3573)
Ord(5065)
Ord(4407)
Ord(4275)
Ord(3663)
Ord(3346)
Ord(3693)
Ord(2396)
Ord(3831)
Ord(6394)
Ord(6374)
Ord(5280)
Ord(3825)
Ord(2976)
Ord(323)
Ord(1089)
Ord(4297)
Ord(3922)
Ord(6052)
Ord(4160)
Ord(4376)
Ord(1776)
Ord(818)
Ord(324)
Ord(3830)
Ord(2385)
Ord(3079)
Ord(6880)
Ord(2055)
Ord(4837)
Ord(5241)
Ord(289)
Ord(5450)
Ord(2648)
Ord(5714)
Ord(5289)
Ord(4622)
Ord(561)
Ord(5302)
Ord(1640)
Ord(4133)
Ord(2841)
Ord(4486)
Ord(4698)
Ord(613)
Ord(5163)
Ord(6055)
Ord(5265)
Ord(4673)
Ord(3571)
Ord(5731)
Ord(3318)
__p__fmode
_acmdln
srand
__dllonexit
_except_handler3
_onexit
exit
_XcptFilter
__setusermatherr
rand
_adjust_fdiv
__CxxFrameHandler
memset
__p__commode
wcscat
__getmainargs
_controlfp
_setmbcp
time
_initterm
_exit
__set_app_type
GetSystemMetrics
SetTimer
AppendMenuA
InvalidateRect
GetWindowRect
EnableWindow
KillTimer
DrawIcon
SendMessageA
GetClientRect
GetSystemMenu
FillRect
IsIconic
LoadIconA
Number of PE resources by type
RT_DIALOG 2
RT_RCDATA 1
RT_STRING 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 4
NEUTRAL 1
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
6.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.0.0.1

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
65536

EntryPoint
0x27c6

OriginalFileName
Histogram.EXE

MIMEType
application/octet-stream

LegalCopyright
Copyright (C) 2001

FileVersion
1, 0, 0, 1

TimeStamp
2014:03:13 16:15:57+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Histogram

ProductVersion
1, 0, 0, 1

FileDescription
Histogram

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
8192

ProductName
Histogram Application

ProductVersionNumber
1.0.0.1

FileTypeExtension
exe

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 e3c3f84285ab617390f6cd2ba6b1258e
SHA1 b6354717ef5cae09a48c89215106af2cb6e2dc2c
SHA256 5270ba7da6c3d0423ccc340e2f95ff14bdbf3046f257584dc077e918e71a0b85
ssdeep
1536:PGCLKeKMUMX/69jVGEQmcfhDRpIlQUBwBLZq4l9vc:uheKMUMXCyElcpDjiQO43vc

authentihash 0c70cc4bdc7724830955c2a21f09d009d71dadbfadbc94d89b21d0be84561073
imphash a6740c7cdfc1d4fc5b938766f87943ef
File size 76.0 KB ( 77828 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe overlay

VirusTotal metadata
First submission 2014-03-14 01:43:20 UTC ( 4 years, 11 months ago )
Last submission 2017-04-15 21:00:00 UTC ( 1 year, 10 months ago )
File names Goon-EK-malware-payload-02.exe
radA0C15.tmp.exe
g2lP9_Cy.kwu
Histogram.EXE
Histogram
2014-03-14-Goon-EK-malware-payload-02.exe
Histogram.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Opened mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.