× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 556140429ad90142a2f29ffdd63d68378a38f9c7b5dbf74ae3b08c4f825f1f3a
File name: file
Detection ratio: 29 / 54
Analysis date: 2014-11-03 20:54:51 UTC ( 8 months ago )
Antivirus Result Update
AVware Trojan.Win32.Generic!BT 20141103
Agnitum Backdoor.Androm!JGGrrDD2dR4 20141103
AhnLab-V3 Win-Trojan/Dimegup.434271 20141103
Antiy-AVL Trojan[Downloader]/Win32.Hatchet 20141103
Avast Win32:GenMalicious-QL [Trj] 20141103
Avira TR/Dldr.Dimegup.A.117 20141103
Baidu-International Backdoor.Win32.Androm.ap 20141103
Bkav HW32.Packed.6777 20141027
CAT-QuickHeal TrojanDownloader.Dimegup.r4 20141103
ClamAV Win.Trojan.Generickdz-328 20141103
Comodo UnclassifiedMalware 20141103
DrWeb Trojan.DownLoader10.24520 20141103
ESET-NOD32 Win32/Injector.ALXX 20141103
Fortinet W32/Androm.AUQL!tr.bdr 20141103
GData Win32.Trojan.Agent.GWAZP4 20141103
Jiangmin Backdoor/DarkKomet.fle 20141103
K7AntiVirus Trojan ( 0040f6f11 ) 20141103
K7GW Trojan ( 0040f6f11 ) 20141103
Kaspersky Backdoor.Win32.Androm.auql 20141103
Kingsoft Win32.Hack.Darkkomet.bb.(kcloud) 20141103
McAfee Artemis!014543EE6449 20141103
McAfee-GW-Edition BehavesLike.Win32.Trojan.gc 20141103
Microsoft TrojanDownloader:Win32/Dimegup.A 20141103
NANO-Antivirus Trojan.Win32.Androm.dcdhjt 20141103
Norman Troj_Generic.QNHKU 20141103
Qihoo-360 Win32/Trojan.152 20141103
Sophos Mal/Generic-S 20141103
Symantec WS.Reputation.1 20141103
VIPRE Trojan.Win32.Generic!BT 20141103
AVG 20141103
Ad-Aware 20141103
AegisLab 20141103
BitDefender 20141103
ByteHero 20141103
CMC 20141103
Cyren 20141103
Emsisoft 20141103
F-Prot 20141103
F-Secure 20141103
Ikarus 20141103
Malwarebytes 20141103
MicroWorld-eScan 20141103
Rising 20141103
SUPERAntiSpyware 20141103
Tencent 20141103
TheHacker 20141102
TotalDefense 20141102
TrendMicro 20141103
TrendMicro-HouseCall 20141103
VBA32 20141103
ViRobot 20141103
Zillya 20141103
Zoner 20141031
nProtect 20141103
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
Developer metadata
Copyright
Copyright Info

Publisher Your Company
Product Product Name
File version 1.0.0.0
Description Product Description
Packers identified
PEiD Armadillo v1.71
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-02-26 19:08:03
Link date 8:08 PM 2/26/2013
Entry Point 0x00009416
Number of sections 4
PE sections
PE imports
GetLastError
ReadConsoleInputA
HeapFree
GetStdHandle
LCMapStringW
SetHandleCount
GetFileAttributesA
SetConsoleMode
WaitForSingleObject
GetExitCodeProcess
GetEnvironmentStringsW
HeapDestroy
ExitProcess
SetConsoleTextAttribute
SetConsoleCursorPosition
FlushFileBuffers
GetModuleFileNameA
RtlUnwind
LoadLibraryA
FreeEnvironmentStringsA
HeapAlloc
GetCurrentProcess
GetVolumeInformationA
GetEnvironmentStrings
GetConsoleMode
CompareStringW
GetCPInfo
UnhandledExceptionFilter
MultiByteToWideChar
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
SetStdHandle
SetFilePointer
GetTempPathA
WideCharToMultiByte
GetStringTypeA
GetModuleHandleA
ReadFile
WriteFile
GetStartupInfoA
CloseHandle
SetConsoleCursorInfo
GetACP
HeapReAlloc
GetStringTypeW
SetEnvironmentVariableA
GetOEMCP
TerminateProcess
CreateProcessA
LCMapStringA
WriteConsoleA
HeapCreate
VirtualFree
Sleep
GetFileType
SetEndOfFile
CreateFileA
GetTickCount
GetVersion
VirtualAlloc
CompareStringA
timeGetTime
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
NEUTRAL 1
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
6.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.0.0.0

UninitializedDataSize
0

LanguageCode
Neutral

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
16384

MIMEType
application/octet-stream

LegalCopyright
Copyright Info

FileVersion
1.0.0.0

TimeStamp
2013:02:26 20:08:03+01:00

FileType
Win32 EXE

PEType
PE32

FileAccessDate
2014:11:03 22:06:19+01:00

ProductVersion
1.0.0.0

FileDescription
Product Description

OSVersion
4.0

FileCreateDate
2014:11:03 22:06:19+01:00

FileOS
Windows NT 32-bit

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

CompanyName
Your Company

CodeSize
61440

ProductName
Product Name

ProductVersionNumber
1.0.0.0

EntryPoint
0x9416

ObjectFileType
Dynamic link library

PE resource-wise parents
File identification
MD5 014543ee64491bac496fabda3f1c8932
SHA1 8731411f309d6bf29c708bd7292504ee18f68efa
SHA256 556140429ad90142a2f29ffdd63d68378a38f9c7b5dbf74ae3b08c4f825f1f3a
ssdeep
12288:SrAeSyeKQKMA3AcwjaGgkq0+p86mDqOjs4:EAZyFQKMAw27kURQqOjh

authentihash 759775496864fc84ec606948adf8d7909164dcf05f27a0cea1069fb677df606c
imphash 9a95b6d3ff8ae63a9daf274497c1722c
File size 424.1 KB ( 434271 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.1%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe armadillo

VirusTotal metadata
First submission 2013-10-06 22:10:09 UTC ( 1 year, 9 months ago )
Last submission 2013-10-06 22:10:09 UTC ( 1 year, 9 months ago )
File names file
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Opened mutexes
Runtime DLLs
DNS requests
TCP connections