× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 55d6e81f2d7933f10f1111c8eb1515e57d9a79a75d98e26d6c6a91cbfbb4b85f
File name: 2014-06-24-Magnitude-EK-malware-payload-5-of-6.exe
Detection ratio: 4 / 54
Analysis date: 2014-06-24 23:10:25 UTC ( 4 years, 11 months ago ) View latest
Antivirus Result Update
ESET-NOD32 a variant of Win32/Injector.BGMX 20140624
Malwarebytes Trojan.Kelihos.ED 20140624
McAfee-GW-Edition Heuristic.BehavesLike.Win32.Suspicious-DTR.K 20140624
Qihoo-360 Malware.QVM19.Gen 20140625
Ad-Aware 20140624
AegisLab 20140624
Yandex 20140624
AhnLab-V3 20140624
AntiVir 20140624
Antiy-AVL 20140624
Avast 20140624
AVG 20140624
Baidu-International 20140624
BitDefender 20140624
Bkav 20140624
ByteHero 20140625
CAT-QuickHeal 20140624
ClamAV 20140624
CMC 20140624
Commtouch 20140624
Comodo 20140624
DrWeb 20140624
Emsisoft 20140624
F-Prot 20140624
F-Secure 20140624
Fortinet 20140624
GData 20140624
Ikarus 20140624
Jiangmin 20140624
K7AntiVirus 20140624
K7GW 20140624
Kaspersky 20140624
Kingsoft 20140625
McAfee 20140624
Microsoft 20140624
eScan 20140624
NANO-Antivirus 20140624
Norman 20140624
nProtect 20140624
Panda 20140624
Rising 20140623
Sophos AV 20140624
SUPERAntiSpyware 20140624
Symantec 20140625
Tencent 20140625
TheHacker 20140624
TotalDefense 20140624
TrendMicro 20140624
TrendMicro-HouseCall 20140624
VBA32 20140624
VIPRE 20140624
ViRobot 20140624
Zillya 20140624
Zoner 20140616
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-06-15 17:12:33
Entry Point 0x000057FA
Number of sections 4
PE sections
Overlays
MD5 dcab1ef8556c8c89bed1dba5523e0ebf
File type data
Offset 118784
Size 12296
Entropy 7.86
PE imports
LineTo
SetROP2
SelectObject
MoveToEx
CreatePen
GetStockObject
DeleteObject
GetBkColor
Ellipse
Rectangle
GetLastError
HeapFree
GetStdHandle
LCMapStringW
SetHandleCount
GetModuleFileNameW
GetOEMCP
LCMapStringA
HeapDestroy
ExitProcess
IsBadWritePtr
FlushFileBuffers
GetEnvironmentStringsW
GetVersionExA
GetModuleFileNameA
RtlUnwind
LoadLibraryA
FreeEnvironmentStringsA
GetStartupInfoA
GetEnvironmentStrings
GetCurrentProcessId
OpenProcess
GetCPInfo
UnhandledExceptionFilter
MultiByteToWideChar
HeapSize
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
GetFileType
SetStdHandle
SetFilePointer
RaiseException
WideCharToMultiByte
GetStringTypeA
GetModuleHandleA
ReadFile
CreateFileA
WriteFile
GetCurrentProcess
CloseHandle
GetACP
HeapReAlloc
GetStringTypeW
TerminateProcess
SetUnhandledExceptionFilter
GetEnvironmentVariableA
HeapCreate
CreateFileW
VirtualFree
IsBadReadPtr
SetEndOfFile
IsBadCodePtr
HeapAlloc
GetVersion
VirtualAlloc
GetFileSize
GetModuleFileNameExW
GetMessageA
UpdateWindow
EndDialog
BeginPaint
PostQuitMessage
DefWindowProcA
ShowWindow
DispatchMessageA
EndPaint
PostMessageA
MessageBoxA
TranslateMessage
DialogBoxParamA
GetDC
RegisterClassExA
ReleaseDC
GetMenu
EnableMenuItem
InvalidateRect
LoadAcceleratorsA
CreateWindowExA
LoadCursorA
LoadIconA
TranslateAcceleratorA
DestroyWindow
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2014:06:15 18:12:33+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
53248

LinkerVersion
6.0

FileTypeExtension
exe

InitializedDataSize
73728

SubsystemVersion
4.0

EntryPoint
0x57fa

OSVersion
10.1

ImageVersion
0.0

UninitializedDataSize
0

Compressed bundles
PCAP parents
File identification
MD5 dfe64f658a94da5cd2e96c20b23b4471
SHA1 324b56d3393c4941e134d19a3a5f4e9cbbd9a00f
SHA256 55d6e81f2d7933f10f1111c8eb1515e57d9a79a75d98e26d6c6a91cbfbb4b85f
ssdeep
3072:Ns9Flca444/KtdBXtNafUsrlcRCCgEZwFLx0:Ns9TcaGwBdNbqlEs0

authentihash 3548beb4d98fc4b6b874828158d7b6173f5f6b2a1acb1753d7ea354ded510afb
imphash babe2b9e40e5bbc18ab8c7930cfe992b
File size 128.0 KB ( 131080 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit system file

TrID Win64 Executable (generic) (64.6%)
Win32 Dynamic Link Library (generic) (15.4%)
Win32 Executable (generic) (10.5%)
Generic Win/DOS Executable (4.6%)
DOS Executable Generic (4.6%)
Tags
peexe overlay

VirusTotal metadata
First submission 2014-06-24 23:10:25 UTC ( 4 years, 11 months ago )
Last submission 2017-04-16 00:49:05 UTC ( 2 years, 1 month ago )
File names Magnitude-EK-malware-payload-5-of-6.exe
DFE64F658A94DA5CD2E96C20B23B4471
2014-06-24-Magnitude-EK-malware-payload-5-of-6.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created processes
Code injections in the following processes
Opened mutexes
Runtime DLLs