× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 53526bbae233619bf60aeb0be66aed674b2a0f1fa9559e58772d028ce1002c13
File name: bin.exe
Detection ratio: 5 / 57
Analysis date: 2015-02-17 16:16:58 UTC ( 2 years, 7 months ago ) View latest
Antivirus Result Update
Kaspersky UDS:DangerousObject.Multi.Generic 20150217
McAfee-GW-Edition BehavesLike.Win32.Expiro.mh 20150216
Norman Sinowal.PDB 20150216
Panda Trj/Chgt.O 20150216
Rising PE:Malware.XPACK-LNR/Heur!1.5594 20150216
Ad-Aware 20150217
AegisLab 20150217
Yandex 20150216
AhnLab-V3 20150216
Alibaba 20150217
ALYac 20150217
Antiy-AVL 20150216
Avast 20150217
AVG 20150217
Avira (no cloud) 20150217
AVware 20150217
Baidu-International 20150216
BitDefender 20150217
Bkav 20150213
ByteHero 20150217
CAT-QuickHeal 20150217
ClamAV 20150217
CMC 20150214
Comodo 20150217
Cyren 20150217
DrWeb 20150217
Emsisoft 20150217
ESET-NOD32 20150217
F-Prot 20150217
F-Secure 20150217
Fortinet 20150216
GData 20150217
Ikarus 20150217
Jiangmin 20150216
K7AntiVirus 20150217
K7GW 20150217
Kingsoft 20150217
Malwarebytes 20150217
McAfee 20150217
Microsoft 20150217
eScan 20150217
NANO-Antivirus 20150216
nProtect 20150216
Qihoo-360 20150217
Sophos AV 20150217
SUPERAntiSpyware 20150215
Symantec 20150217
Tencent 20150217
TheHacker 20150217
TotalDefense 20150216
TrendMicro 20150217
TrendMicro-HouseCall 20150217
VBA32 20150216
VIPRE 20150217
ViRobot 20150216
Zillya 20150216
Zoner 20150216
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Microsoft® Windows® Operating System
Original name DynaMon.dll
Internal name DynaMon.dll
File version 5.1.2600.5512 (xpsp.080413-0852)
Description Standard Dynamic Printing Port Monitor DLL
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-02-17 10:58:42
Entry Point 0x00005D00
Number of sections 6
PE sections
PE imports
JetSetCurrentIndex
JetGetTableInfo
JetTruncateLog
JetRestore2
ExitProcess
FreeConsole
MessageBoxW
IsWindow
GetForegroundWindow
ChooseColorA
FindTextA
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
5.0

LinkerVersion
6.1

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
5.1.2600.5512

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
65536

EntryPoint
0x5d00

OriginalFileName
DynaMon.dll

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights reserved.

FileVersion
5.1.2600.5512 (xpsp.080413-0852)

TimeStamp
2015:02:17 11:58:42+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
DynaMon.dll

ProductVersion
5.1.2600.5512

FileDescription
Standard Dynamic Printing Port Monitor DLL

OSVersion
5.0

FileOS
Windows NT 32-bit

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
20480

ProductName
Microsoft Windows Operating System

ProductVersionNumber
5.1.2600.5512

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 c4a201e941312fa605316e7b2909612e
SHA1 af607441125d45e21e0a85a81af75999be336b74
SHA256 53526bbae233619bf60aeb0be66aed674b2a0f1fa9559e58772d028ce1002c13
ssdeep
1536:RI6qTUWoGeWbbK4UU+12ayNZ6pvi5dLa8FwjO1vRX/Wkc4MCZhzzd4u:RIVTUWoGeSYFM6E5c8OjoV4CPau

authentihash 4e16279d9d598cf119d18f507f4638d5213a0242c18ccbe364e6c3dac4b8a846
imphash 98e7fd8464bccc8ed54aea6fd7209fa1
File size 82.0 KB ( 83968 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Tags
peexe

VirusTotal metadata
First submission 2015-02-17 13:07:38 UTC ( 2 years, 7 months ago )
Last submission 2016-01-28 00:40:30 UTC ( 1 year, 7 months ago )
File names DynaMon.dll
bin.exe
bin(1).exe
OdQaOPjZ.exe
c4a201e941312fa605316e7b2909612e.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Deleted files
Created processes
Created mutexes
Opened mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
HTTP requests
TCP connections