× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 547e5bced5248ca375c9d20f806417baf9272dfe288987c81a8e375f61c9bf4f
File name: ews_des.exe
Detection ratio: 24 / 54
Analysis date: 2014-08-05 16:29:27 UTC ( 3 years ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Graftor.119774 20140805
Antiy-AVL Trojan[Dropper]/Win32.Dycler 20140805
Avast Win32:Rat-H [Trj] 20140805
AVG Dropper.Generic7.BEBM 20140805
BitDefender Gen:Variant.Graftor.119774 20140805
DrWeb Trojan.Siggen4.41333 20140805
Emsisoft Gen:Variant.Graftor.119774 (B) 20140805
ESET-NOD32 Win32/Farfli.JZ 20140805
F-Secure Gen:Variant.Graftor.119774 20140805
Fortinet W32/Injector.WDX!tr 20140805
GData Gen:Variant.Graftor.119774 20140805
Ikarus Backdoor.Win32.Bifrose 20140805
Jiangmin TrojanDropper.Dycler.ft 20140805
K7AntiVirus Backdoor ( 04c5154b1 ) 20140805
K7GW Backdoor ( 04c5154b1 ) 20140805
Kaspersky Trojan-Dropper.Win32.Dycler.phq 20140805
Malwarebytes Backdoor.Agent 20140805
eScan Gen:Variant.Graftor.119774 20140805
NANO-Antivirus Trojan.Win32.Dycler.crkwih 20140805
Norman Obfuscated_MA 20140805
Sophos AV Troj/Wmonder-A 20140805
TrendMicro BKDR_EVILOGE.SM 20140805
TrendMicro-HouseCall BKDR_EVILOGE.SM 20140805
VBA32 BScope.Trojan.SvcHorse.01643 20140805
AegisLab 20140805
Yandex 20140804
AhnLab-V3 20140805
AntiVir 20140805
AVware 20140805
Baidu-International 20140805
Bkav 20140805
ByteHero 20140805
CAT-QuickHeal 20140805
ClamAV 20140805
CMC 20140804
Commtouch 20140805
Comodo 20140805
F-Prot 20140805
Kingsoft 20140805
McAfee 20140805
McAfee-GW-Edition 20140804
Microsoft 20140805
nProtect 20140805
Panda 20140805
Qihoo-360 20140805
Rising 20140805
SUPERAntiSpyware 20140804
Symantec 20140805
Tencent 20140805
TheHacker 20140805
TotalDefense 20140805
VIPRE 20140805
ViRobot 20140805
Zoner 20140729
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-01-05 01:44:01
Entry Point 0x00002CCF
Number of sections 4
PE sections
PE imports
HeapFree
GetStdHandle
LCMapStringW
SetHandleCount
GetOEMCP
LCMapStringA
CopyFileA
GetTickCount
IsBadWritePtr
GetEnvironmentStringsW
GetVersionExA
LoadLibraryA
RtlUnwind
GetModuleFileNameA
FreeEnvironmentStringsA
HeapAlloc
GetStartupInfoA
SetSystemTime
GetEnvironmentStrings
VirtualFreeEx
UnhandledExceptionFilter
CreateFileA
ExitProcess
MultiByteToWideChar
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
GetFileType
GetCPInfo
GetStringTypeA
GetModuleHandleA
SetUnhandledExceptionFilter
WriteFile
GetCurrentProcess
CloseHandle
GetACP
HeapReAlloc
GetStringTypeW
ExpandEnvironmentStringsA
TerminateProcess
ResumeThread
WideCharToMultiByte
GetEnvironmentVariableA
HeapCreate
VirtualFree
HeapDestroy
Sleep
IsBadReadPtr
IsBadCodePtr
GetCurrentThreadId
GetVersion
VirtualAlloc
SHGetSpecialFolderPathA
SHSetValueA
SHDeleteValueA
GetMessageA
GetInputState
PostThreadMessageA
Number of PE resources by type
RT_ICON 1
RT_GROUP_ICON 1
Number of PE resources by language
CHINESE SIMPLIFIED 2
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2013:01:05 02:44:01+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
24576

LinkerVersion
6.0

FileAccessDate
2014:08:05 17:29:32+01:00

EntryPoint
0x2ccf

InitializedDataSize
126976

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

FileCreateDate
2014:08:05 17:29:32+01:00

UninitializedDataSize
0

File identification
MD5 f09de88d525c15a36f984d999d271e0b
SHA1 8de1c6ede40540792e0432226cf23ad0c16d421d
SHA256 547e5bced5248ca375c9d20f806417baf9272dfe288987c81a8e375f61c9bf4f
ssdeep
3072:BWr0xNkaZVR2zcMXZPs4tet/0DB4a779yp:BkMVRycMR/fBJty

imphash b531bf2a521bf0c9b1dd90dff330f129
File size 155.7 KB ( 159416 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2014-08-05 16:29:27 UTC ( 3 years ago )
Last submission 2014-08-05 16:29:27 UTC ( 3 years ago )
File names ews_des.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Created processes
Opened mutexes
Runtime DLLs