× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 57d38131879efe1b8c03af580a1b417aeeba7ee4339f4766b0727b732697f7c0
File name: 454sd.exe
Detection ratio: 39 / 55
Analysis date: 2015-12-04 11:59:30 UTC ( 3 years ago ) View latest
Antivirus Result Update
Yandex Trojan.Injector!zUlJIdOhtsQ 20151203
AhnLab-V3 Trojan/Win32.Tinba 20151203
ALYac Trojan.GenericKD.2901884 20151204
Antiy-AVL Trojan/Win32.SGeneric 20151204
Arcabit Trojan.Generic.D2C477C 20151204
Avast Win32:Malware-gen 20151204
AVG Zbot.AKJU 20151204
Avira (no cloud) TR/Crypt.Xpack.335442 20151204
AVware Trojan.Win32.Generic!BT 20151204
Baidu-International Trojan.Win32.Inject.vmwz 20151204
BitDefender Trojan.GenericKD.2901884 20151204
Cyren W32/Trojan.CICV-8823 20151204
Emsisoft Trojan.GenericKD.2901884 (B) 20151204
ESET-NOD32 a variant of Win32/Injector.CNJS 20151204
F-Prot W32/Trojan3.SQP 20151204
F-Secure Trojan.GenericKD.2901884 20151204
Fortinet W32/Injector.F7C0!tr 20151204
GData Trojan.GenericKD.2901884 20151204
Ikarus Trojan.Win32.Injector 20151204
K7AntiVirus Trojan ( 004d838e1 ) 20151202
K7GW Trojan ( 004d838e1 ) 20151202
Kaspersky Trojan.Win32.Inject.vmwz 20151204
Malwarebytes Trojan.Xcsidl 20151204
McAfee RDN/Drixed-FBL 20151204
McAfee-GW-Edition BehavesLike.Win32.Sality.cc 20151204
Microsoft Backdoor:Win32/Drixed.M 20151204
eScan Trojan.GenericKD.2901884 20151204
NANO-Antivirus Trojan.Win32.Dridex.dyyxja 20151204
nProtect Trojan/W32.Inject.192512.AB 20151204
Panda Trj/Dridex.B 20151204
Qihoo-360 HEUR/QVM07.1.Malware.Gen 20151204
Rising PE:Malware.Obscure/Heur!1.9E03 [F] 20151203
Sophos AV Troj/Ransom-BSG 20151204
Symantec Trojan.Gen.2 20151203
Tencent Win32.Trojan.Inject.Eacy 20151204
TrendMicro TSPY_DRIDEX.YYSPG 20151204
TrendMicro-HouseCall TSPY_DRIDEX.YYSPG 20151204
VIPRE Trojan.Win32.Generic!BT 20151204
ViRobot Trojan.Win32.Agent.192512.CO[h] 20151204
Ad-Aware 20151130
AegisLab 20151204
Alibaba 20151204
Bkav 20151204
ByteHero 20151204
CAT-QuickHeal 20151204
ClamAV 20151204
CMC 20151201
Comodo 20151202
DrWeb 20151204
Jiangmin 20151203
SUPERAntiSpyware 20151204
TheHacker 20151202
VBA32 20151203
Zillya 20151204
Zoner 20151204
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-11-26 18:51:11
Entry Point 0x0000269C
Number of sections 6
PE sections
PE imports
RegDeleteValueW
RegEnumKeyW
Polyline
GetTextMetricsA
CreateSolidBrush
CreatePalette
Rectangle
GetSystemTime
HeapFree
GetOEMCP
FindNextFileA
FlushFileBuffers
GetModuleFileNameA
GetStartupInfoA
UnhandledExceptionFilter
ClearCommBreak
FreeEnvironmentStringsW
GetModuleHandleA
FindFirstFileA
GetCurrentProcess
FindNextFileW
FindFirstFileW
GetACP
HeapReAlloc
TerminateProcess
GetTimeZoneInformation
HeapCreate
VirtualQuery
FindClose
SetEndOfFile
CreateFileA
VirtualAlloc
CompareStringA
Ord(1775)
Ord(4080)
Ord(537)
Ord(4710)
Ord(3597)
Ord(3136)
Ord(6375)
Ord(755)
Ord(3798)
Ord(2621)
Ord(3259)
Ord(5290)
Ord(2446)
Ord(815)
Ord(922)
Ord(641)
Ord(5277)
Ord(2514)
Ord(4425)
Ord(3716)
Ord(567)
Ord(1134)
Ord(4465)
Ord(2863)
Ord(5300)
Ord(6111)
Ord(4627)
Ord(1168)
Ord(3738)
Ord(4853)
Ord(2982)
Ord(4234)
Ord(825)
Ord(3081)
Ord(5199)
Ord(5307)
Ord(4441)
Ord(4424)
Ord(540)
Ord(4078)
Ord(2554)
Ord(6376)
Ord(1727)
Ord(3402)
Ord(2379)
Ord(2725)
Ord(4998)
Ord(800)
Ord(3749)
Ord(4694)
Ord(2512)
Ord(470)
Ord(4274)
Ord(5261)
Ord(4079)
Ord(1146)
Ord(3147)
Ord(2124)
Ord(6052)
Ord(3262)
Ord(1576)
Ord(4353)
Ord(5065)
Ord(4407)
Ord(6877)
Ord(858)
Ord(2396)
Ord(3831)
Ord(6374)
Ord(5280)
Ord(3825)
Ord(2976)
Ord(1089)
Ord(2985)
Ord(3922)
Ord(3346)
Ord(4160)
Ord(4376)
Ord(1776)
Ord(324)
Ord(3830)
Ord(790)
Ord(2385)
Ord(4278)
Ord(3079)
Ord(2055)
Ord(4837)
Ord(5241)
Ord(2648)
Ord(5714)
Ord(5289)
Ord(4622)
Ord(561)
Ord(2302)
Ord(4486)
Ord(4698)
Ord(5163)
Ord(6055)
Ord(5265)
Ord(4673)
Ord(5302)
Ord(5731)
_except_handler3
__p__fmode
strtol
_acmdln
__CxxFrameHandler
_setmbcp
_exit
__p__commode
__setusermatherr
__dllonexit
_onexit
exit
_XcptFilter
__getmainargs
_initterm
_controlfp
_adjust_fdiv
__set_app_type
CreateDialogParamW
SystemParametersInfoA
GetSystemMetrics
LoadIconA
InvalidateRect
DispatchMessageA
EnableWindow
SetClipboardData
BeginPaint
DrawIcon
SendMessageA
GetClientRect
GetSystemMenu
ShowCaret
GetMessageW
PostQuitMessage
IsIconic
GetClipboardData
AppendMenuA
waveOutSetVolume
waveOutGetVolume
Number of PE resources by type
RT_ICON 1
RMVB 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 3
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2015:11:26 19:51:11+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
268451840

LinkerVersion
6.0

EntryPoint
0x269c

InitializedDataSize
172032

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 f41c59b82e16c18b57bdd47844e53414
SHA1 6600990bd616f11aa1539b95aeead50518e39674
SHA256 57d38131879efe1b8c03af580a1b417aeeba7ee4339f4766b0727b732697f7c0
ssdeep
3072:BTG94Xp76Jf1djmqrtqOEbZf7fuUJJe7maTvsqSQsi:BT040Jf11mqrtqOEbp6aJe7/Aq7p

authentihash d2bc80d70381deda8f6874f0b666a7358b544f21115f43619a9f67985ebc6342
imphash 93f546fc62ee62bf4682f221c06a76b6
File size 188.0 KB ( 192512 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2015-11-30 11:32:19 UTC ( 3 years ago )
Last submission 2016-05-26 06:05:00 UTC ( 2 years, 6 months ago )
File names f41c59b82e16c18b57bdd47844e53414.exe
454sd.exe
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Code injections in the following processes
Opened mutexes
Runtime DLLs