× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 592ecb3d6acaefbccc69987604110bd3ed98465b9b727ed9f4e013c300078d33
File name: 2015-12-27-Sundown-EK-Payload.exe
Detection ratio: 23 / 54
Analysis date: 2015-12-29 01:31:00 UTC ( 1 year, 5 months ago ) View latest
Antivirus Result Update
ALYac Trojan.GenericKD.2950304 20151229
Antiy-AVL Trojan/Win32.Diple 20151229
Arcabit Trojan.Generic.D2D04A0 20151229
Avast Win32:Malware-gen 20151229
AVG Inject3.VMX 20151229
Avira (no cloud) TR/Crypt.Xpack.287596 20151229
BitDefender Trojan.GenericKD.2950304 20151229
DrWeb Trojan.Inject2.7183 20151229
Emsisoft Trojan.GenericKD.2950304 (B) 20151229
ESET-NOD32 a variant of Win32/Injector.CPCZ 20151229
F-Secure Trojan.GenericKD.2950304 20151229
Fortinet W32/Androm.IXYF!tr.bdr 20151229
GData Trojan.GenericKD.2950304 20151229
Jiangmin Trojan.Cryptodef.np 20151228
K7AntiVirus Spyware ( 004d63771 ) 20151228
K7GW Spyware ( 004d63771 ) 20151228
Kaspersky Backdoor.Win32.Androm.ixyf 20151229
McAfee Artemis!4BAEEE098C34 20151229
McAfee-GW-Edition BehavesLike.Win32.Ramnit.dc 20151228
eScan Trojan.GenericKD.2950304 20151229
NANO-Antivirus Trojan.Win32.DownLoader18.dzkdpi 20151229
nProtect Trojan.GenericKD.2950304 20151228
Panda Trj/CI.A 20151228
Ad-Aware 20151224
AegisLab 20151228
Yandex 20151229
AhnLab-V3 20151228
Alibaba 20151208
AVware 20151228
Baidu-International 20151228
Bkav 20151228
ByteHero 20151229
CAT-QuickHeal 20151228
ClamAV 20151229
CMC 20151228
Comodo 20151229
Cyren 20151229
F-Prot 20151229
Ikarus 20151228
Malwarebytes 20151228
Microsoft 20151229
Rising 20151228
Sophos 20151228
SUPERAntiSpyware 20151229
Symantec 20151228
Tencent 20151229
TheHacker 20151228
TrendMicro 20151229
TrendMicro-HouseCall 20151228
VBA32 20151228
VIPRE 20151228
ViRobot 20151229
Zillya 20151228
Zoner 20151228
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-12-24 16:47:49
Entry Point 0x0000CEA4
Number of sections 6
PE sections
PE imports
ImageList_GetIcon
ImageList_GetImageCount
_TrackMouseEvent
ImageList_AddMasked
CreatePolygonRgn
OffsetRgn
CreatePen
CreateFontIndirectA
GetTextMetricsA
CombineRgn
Rectangle
GetObjectA
RoundRect
DeleteDC
BitBlt
CreateDIBSection
GetDeviceCaps
FillRgn
CreateRoundRectRgn
CreateCompatibleDC
StretchBlt
CreateRectRgn
SelectObject
GetTextExtentPoint32A
GetTextColor
CreateSolidBrush
DeleteObject
CreateCompatibleBitmap
CreateMutexA
GetStartupInfoA
GetModuleHandleA
GetModuleFileNameW
GetLastError
CreateFileW
WriteFile
MulDiv
CreateFileA
GetModuleFileNameA
CloseHandle
Ord(6197)
Ord(1775)
Ord(4080)
Ord(537)
Ord(4710)
Ord(2414)
Ord(3597)
Ord(5450)
Ord(939)
Ord(3136)
Ord(6383)
Ord(5289)
Ord(6883)
Ord(5440)
Ord(6375)
Ord(3626)
Ord(6143)
Ord(3798)
Ord(2621)
Ord(3259)
Ord(3610)
Ord(5290)
Ord(2446)
Ord(2370)
Ord(2864)
Ord(317)
Ord(1622)
Ord(6404)
Ord(6215)
Ord(5875)
Ord(6366)
Ord(3706)
Ord(4424)
Ord(5787)
Ord(815)
Ord(922)
Ord(641)
Ord(5788)
Ord(1641)
Ord(4353)
Ord(2514)
Ord(4425)
Ord(1232)
Ord(5277)
Ord(4441)
Ord(1134)
Ord(5861)
Ord(941)
Ord(4465)
Ord(5943)
Ord(2863)
Ord(5300)
Ord(2380)
Ord(3797)
Ord(4476)
Ord(5199)
Ord(6144)
Ord(4627)
Ord(4202)
Ord(3738)
Ord(4853)
Ord(384)
Ord(2982)
Ord(812)
Ord(4234)
Ord(825)
Ord(3081)
Ord(2581)
Ord(5710)
Ord(801)
Ord(3574)
Ord(4401)
Ord(2408)
Ord(540)
Ord(6119)
Ord(6648)
Ord(3639)
Ord(4078)
Ord(2763)
Ord(273)
Ord(6376)
Ord(3169)
Ord(1727)
Ord(3402)
Ord(5785)
Ord(5461)
Ord(2379)
Ord(2725)
Ord(640)
Ord(4133)
Ord(4998)
Ord(823)
Ord(2764)
Ord(6781)
Ord(800)
Ord(656)
Ord(3749)
Ord(2512)
Ord(470)
Ord(541)
Ord(2452)
Ord(5261)
Ord(2859)
Ord(2413)
Ord(4079)
Ord(1146)
Ord(6663)
Ord(3147)
Ord(2860)
Ord(2124)
Ord(324)
Ord(6052)
Ord(1771)
Ord(4284)
Ord(3089)
Ord(283)
Ord(3262)
Ord(1576)
Ord(3573)
Ord(1270)
Ord(2614)
Ord(2575)
Ord(5065)
Ord(4407)
Ord(3742)
Ord(4275)
Ord(4204)
Ord(562)
Ord(858)
Ord(3693)
Ord(2396)
Ord(3874)
Ord(3831)
Ord(353)
Ord(6374)
Ord(5280)
Ord(6453)
Ord(1168)
Ord(926)
Ord(2985)
Ord(323)
Ord(3825)
Ord(1089)
Ord(503)
Ord(4297)
Ord(3663)
Ord(3922)
Ord(1795)
Ord(3346)
Ord(2096)
Ord(6605)
Ord(4160)
Ord(4376)
Ord(472)
Ord(1776)
Ord(818)
Ord(535)
Ord(567)
Ord(3830)
Ord(2554)
Ord(2385)
Ord(4673)
Ord(4278)
Ord(816)
Ord(3619)
Ord(3079)
Ord(4396)
Ord(603)
Ord(2065)
Ord(6880)
Ord(2055)
Ord(4837)
Ord(5241)
Ord(6394)
Ord(5862)
Ord(6380)
Ord(2648)
Ord(5714)
Ord(755)
Ord(4274)
Ord(686)
Ord(4622)
Ord(561)
Ord(5302)
Ord(1640)
Ord(559)
Ord(2302)
Ord(4486)
Ord(2721)
Ord(2024)
Ord(924)
Ord(692)
Ord(4698)
Ord(5683)
Ord(2976)
Ord(5163)
Ord(6055)
Ord(5265)
Ord(2405)
Ord(5731)
Ord(5307)
Ord(609)
Ord(3571)
Ord(4219)
Ord(860)
Ord(940)
_purecall
rand
_acmdln
??1type_info@@UAE@XZ
memset
__dllonexit
_stricmp
_controlfp
strtoul
_onexit
_except_handler3
?terminate@@YAXXZ
memcpy
exit
_XcptFilter
__setusermatherr
__p__commode
__CxxFrameHandler
_adjust_fdiv
__getmainargs
_exit
_setmbcp
memmove
strcpy
__p__fmode
_initterm
strcmp
__set_app_type
DrawEdge
LoadImageA
ReleaseDC
DrawStateA
OffsetRect
KillTimer
DefWindowProcA
GetClassInfoA
SetWindowRgn
GetSystemMetrics
IsWindow
AppendMenuA
GetWindowRect
InflateRect
ScreenToClient
SetRectEmpty
WindowFromPoint
GetSysColor
GetDC
GetCursorPos
ChildWindowFromPointEx
SystemParametersInfoA
GetIconInfo
DestroyIcon
SendMessageA
GetClientRect
ClientToScreen
SetRect
InvalidateRect
SetTimer
LoadCursorA
LoadIconA
FillRect
CopyRect
IsRectEmpty
GetSystemMenu
RedrawWindow
EnableWindow
PtInRect
Number of PE resources by type
RT_ICON 4
RT_DIALOG 2
RMVB 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 6
GERMAN AUSTRIAN 2
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2015:12:24 17:47:49+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
65536

LinkerVersion
6.0

EntryPoint
0xcea4

InitializedDataSize
217088

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

PCAP parents
File identification
MD5 4baeee098c34b463eb8ac709b9bd9967
SHA1 3b6f66eb11df0190f03ef22acbedef3f41c6839c
SHA256 592ecb3d6acaefbccc69987604110bd3ed98465b9b727ed9f4e013c300078d33
ssdeep
6144:sqSD9vNkrgFAEfs658b3awF3cgOFn+xP2GPxFOMNvK:LSD9vNNAEU658b3VFMgWSP+Qv

authentihash 69204e0dc198f5195e72b637df9a936135e37d932bc9edfc5a11e8f34f7d5ec5
imphash b7b2c521d6e2e564aabbb0e31735680f
File size 280.0 KB ( 286720 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (46.3%)
Win64 Executable (generic) (41.0%)
Win32 Executable (generic) (6.6%)
Generic Win/DOS Executable (2.9%)
DOS Executable Generic (2.9%)
Tags
peexe

VirusTotal metadata
First submission 2015-12-28 18:46:01 UTC ( 1 year, 5 months ago )
Last submission 2016-01-11 05:50:47 UTC ( 1 year, 4 months ago )
File names 9b5b49f7f8c07f43effe4aecc67bf254.exe
2015-12-27-Sundown-EK-Payload.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Code injections in the following processes
Opened mutexes
Runtime DLLs
UDP communications