× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 587e784f8c54b49f25c01e0e8f71c205bd422e2b673fb7fbf28d721aa768e055
File name: 1ecb6e64fa03f0315955383aa82f9ed5
Detection ratio: 42 / 57
Analysis date: 2015-03-06 06:05:55 UTC ( 4 months ago )
Antivirus Result Update
AVG BackDoor.Generic_r.ERM 20150305
AVware Trojan.Win32.Generic!BT 20150306
Ad-Aware Gen:Variant.FakeAlert.11 20150306
Agnitum Trojan.FakeAlert!h6Ix0YaknP0 20150228
AhnLab-V3 Trojan/Win32.FakeAlert 20150306
Antiy-AVL Trojan[Spy]/Win32.IISn 20150306
Avast Win64:IISniffer-A [Spy] 20150306
Avira TR/Rogue.1448599 20150306
Baidu-International Trojan.Win32.IISn.a 20150305
BitDefender Gen:Variant.FakeAlert.11 20150306
CAT-QuickHeal TrojanSpy.Vorsii.r5 20150306
Comodo UnclassifiedMalware 20150306
Cyren W32/IISniff.JQSU-7695 20150306
DrWeb Trojan.IISniff.1 20150306
ESET-NOD32 Win32/Spy.IISniff.A 20150306
Emsisoft Gen:Variant.FakeAlert.11 (B) 20150306
F-Prot W32/IISniff.A 20150306
F-Secure Gen:Variant.FakeAlert.11 20150306
Fortinet W32/IISniff.A!tr.spy 20150306
GData Gen:Variant.FakeAlert.11 20150306
Ikarus Trojan.IIsMod 20150306
K7AntiVirus Spyware ( 004911691 ) 20150305
K7GW Spyware ( 004911691 ) 20150306
Kaspersky Trojan-Spy.Win32.IISn.a 20150306
Kingsoft Win32.Troj.Generic.a.(kcloud) 20150306
Malwarebytes Spyware.Sniffer 20150306
McAfee Generic Packed 20150306
McAfee-GW-Edition BehavesLike.Win32.Rootkit.jh 20150306
MicroWorld-eScan Gen:Variant.FakeAlert.11 20150306
Microsoft TrojanDropper:Win32/Vorsii.A 20150306
NANO-Antivirus Trojan.Win64.IISniff.csyqej 20150306
Norman MalIIS.A 20150305
Panda Trj/CI.A 20150305
Qihoo-360 Win32/Trojan.Spy.e5a 20150306
Sophos Mal/Generic-S 20150306
Symantec Infostealer.Isniffer 20150306
Tencent Win32.Trojan-spy.Iisn.Ecvb 20150306
TrendMicro TSPY_IISNIFF.NIL 20150306
TrendMicro-HouseCall TSPY_IISNIFF.NIL 20150306
VBA32 TrojanSpy.IISn 20150305
VIPRE Trojan.Win32.Generic!BT 20150306
Zillya Trojan.IISn.Win32.1 20150305
ALYac 20150306
AegisLab 20150306
Alibaba 20150306
Bkav 20150305
ByteHero 20150306
CMC 20150304
ClamAV 20150306
Jiangmin 20150306
Rising 20150305
SUPERAntiSpyware 20150306
TheHacker 20150303
TotalDefense 20150306
ViRobot 20150306
Zoner 20150303
nProtect 20150305
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-09-11 10:59:18
Link date 11:59 AM 9/11/2013
Entry Point 0x00007B75
Number of sections 5
PE sections
PE imports
SetSecurityDescriptorDacl
FreeSid
AddAccessAllowedAce
AllocateAndInitializeSid
InitializeSecurityDescriptor
InitializeAcl
SetFileSecurityA
GetStdHandle
GetConsoleOutputCP
FreeEnvironmentStringsA
CreatePipe
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
LocalAlloc
FreeEnvironmentStringsW
GetLocaleInfoW
SetStdHandle
GetCPInfo
GetStringTypeA
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
LocalFree
InitializeCriticalSection
LoadResource
TlsGetValue
SetLastError
PeekNamedPipe
IsDebuggerPresent
ExitProcess
GetModuleFileNameA
EnumSystemLocalesA
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
GetModuleHandleA
DeleteCriticalSection
SetUnhandledExceptionFilter
GetSystemDirectoryA
SetHandleInformation
TerminateProcess
WriteConsoleA
GetVersion
GetCurrentThreadId
InterlockedIncrement
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetStartupInfoA
CreateDirectoryA
DeleteFileA
GetUserDefaultLCID
IsValidLocale
GetProcAddress
GetFileType
TlsSetValue
CreateFileA
HeapAlloc
LeaveCriticalSection
GetLastError
LCMapStringW
GetConsoleCP
LCMapStringA
GetEnvironmentStringsW
SizeofResource
GetCurrentProcessId
LockResource
GetCurrentDirectoryA
HeapSize
GetCommandLineA
RaiseException
TlsFree
SetFilePointer
ReadFile
CloseHandle
GetACP
GetModuleHandleW
GetEnvironmentStrings
CreateProcessA
WideCharToMultiByte
IsValidCodePage
HeapCreate
VirtualFree
Sleep
FindResourceA
VirtualAlloc
OemToCharA
wvsprintfA
Number of PE resources by type
LIB 5
RT_MANIFEST 1
Number of PE resources by language
RUSSIAN 5
ENGLISH US 1
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2013:09:11 11:59:18+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
76288

LinkerVersion
9.0

EntryPoint
0x7b75

InitializedDataSize
620032

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
0

Compressed bundles
File identification
MD5 1ecb6e64fa03f0315955383aa82f9ed5
SHA1 1d2218d064ed62fabb343a92a2757e31ffaf5b1a
SHA256 587e784f8c54b49f25c01e0e8f71c205bd422e2b673fb7fbf28d721aa768e055
ssdeep
6144:2bQGrHs2fJuzsZybndmCxUslC9lkfUR+U7eiGs1wxU++gN+YL0hMjKS:2bFrHs2fJsKMndxx8R+U7es1eUQCho

authentihash 1713bc6d3b0cdced826f59cda0758f5ca4280f1601537e3d19b0a3c52a96fd2b
imphash 63e45a09d562021500a10b16ba24400d
File size 681.0 KB ( 697344 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2013-12-06 11:19:31 UTC ( 1 year, 7 months ago )
Last submission 2014-04-07 20:50:25 UTC ( 1 year, 3 months ago )
File names 1d2218d064ed62fabb343a92a2757e31ffaf5b1a
vti-rescan
isn.exe
file-6319725_
1ecb6e64fa03f0315955383aa82f9ed5
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Opened mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.