× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 5a0adcd5f5dca1701596a47a662f1a34e1b3cba7b9a53098a50ee92ec8075ee0
File name: 02
Detection ratio: 48 / 64
Analysis date: 2018-06-29 17:53:32 UTC ( 3 weeks, 2 days ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Strictor.39548 20180629
AegisLab Backdoor.W32.DarkKomet.rzq!c 20180629
ALYac Gen:Variant.Strictor.39548 20180629
Antiy-AVL Trojan[Backdoor]/Win32.DarkKomet 20180629
Arcabit Trojan.Strictor.D9A7C 20180629
Avast Win32:Malware-gen 20180629
AVG Win32:Malware-gen 20180629
Avira (no cloud) TR/Rogue.7797772.5 20180629
AVware Trojan.Win32.Generic!BT 20180629
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9885 20180628
BitDefender Gen:Variant.Strictor.39548 20180629
CAT-QuickHeal Backdoor.Fynloski 20180629
Comodo UnclassifiedMalware 20180629
CrowdStrike Falcon (ML) malicious_confidence_80% (W) 20180530
Cybereason malicious.db98db 20180225
Cyren W32/Trojan.FYVX-4670 20180629
DrWeb Trojan.Siggen4.48090 20180629
Emsisoft Gen:Variant.Strictor.39548 (B) 20180629
ESET-NOD32 Win32/Injector.AJQQ 20180629
F-Secure Gen:Variant.Strictor.39548 20180629
Fortinet W32/Injector.YUP!tr 20180629
GData Gen:Variant.Strictor.39548 20180629
Ikarus Trojan.Win32.Injector 20180629
Jiangmin Backdoor/DarkKomet.elw 20180629
K7AntiVirus Trojan ( 004c1cf71 ) 20180629
K7GW Trojan ( 004c1cf71 ) 20180629
Kaspersky Trojan.Win32.VB.bzdo 20180629
Kingsoft Win32.HeurC.KVML200015.a.(kcloud) 20180629
MAX malware (ai score=100) 20180629
McAfee Artemis!ED86876DB98D 20180629
McAfee-GW-Edition GenericRXCJ-LC!FCAA7784F549 20180629
Microsoft Backdoor:Win32/Fynloski.A 20180629
eScan Gen:Variant.Strictor.39548 20180629
NANO-Antivirus Trojan.Win32.DarkKomet.ecimcw 20180629
Palo Alto Networks (Known Signatures) generic.ml 20180629
Panda Trj/CI.A 20180629
Qihoo-360 Win32/Trojan.ad0 20180629
SentinelOne (Static ML) static engine - malicious 20180618
Sophos AV Mal/Generic-S 20180629
Symantec Trojan.Gen.2 20180629
Tencent Win32.Trojan.Vb.Anfq 20180629
TotalDefense Win32/Smalldoor.VD 20180629
VBA32 Trojan.VB 20180629
VIPRE Trojan.Win32.Generic!BT 20180629
Webroot W32.Malware.Gen 20180629
Yandex Trojan.VB!biSuwW+aU9c 20180629
Zillya Trojan.VB.Win32.102999 20180629
ZoneAlarm by Check Point Trojan.Win32.VB.bzdo 20180629
AhnLab-V3 20180629
Avast-Mobile 20180629
Babable 20180406
Bkav 20180629
ClamAV 20180629
CMC 20180629
eGambit 20180629
Endgame 20180612
F-Prot 20180629
Sophos ML 20180601
Malwarebytes 20180629
SUPERAntiSpyware 20180629
Symantec Mobile Insight 20180629
TACHYON 20180629
TheHacker 20180628
Trustlook 20180629
ViRobot 20180629
Zoner 20180629
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
F-PROT RAR, UPX
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-01-09 13:44:06
Entry Point 0x0000B3C1
Number of sections 5
PE sections
Overlays
MD5 1ff0824606aaab8076775ce95449d940
File type application/x-rar
Offset 358912
Size 1527688
Entropy 8.00
PE imports
RegCreateKeyExW
RegCloseKey
OpenProcessToken
RegSetValueExW
RegOpenKeyExW
SetFileSecurityW
AdjustTokenPrivileges
LookupPrivilegeValueW
SetFileSecurityA
RegQueryValueExW
InitCommonControlsEx
GetSaveFileNameW
CommDlgExtendedError
GetOpenFileNameW
GetDeviceCaps
DeleteDC
SelectObject
StretchBlt
GetObjectW
CreateCompatibleDC
DeleteObject
CreateCompatibleBitmap
SetFilePointer
GetSystemTime
GetLastError
HeapFree
GetStdHandle
DosDateTimeToFileTime
ReadFile
FileTimeToSystemTime
GetModuleFileNameW
WaitForSingleObject
GetVersionExW
GetExitCodeProcess
FindNextFileA
CompareStringW
HeapAlloc
SystemTimeToFileTime
IsDBCSLeadByte
GetCommandLineW
GetFileAttributesW
GetCurrentProcess
FileTimeToLocalFileTime
MoveFileW
OpenFileMappingW
SetFileAttributesA
GetDateFormatW
CreateDirectoryA
DeleteFileA
GetCPInfo
ExitProcess
MultiByteToWideChar
SetEnvironmentVariableW
CreateDirectoryW
DeleteFileW
GetProcAddress
GetProcessHeap
CreateFileMappingW
GetTimeFormatW
WriteFile
SetFileAttributesW
CloseHandle
WideCharToMultiByte
MapViewOfFile
MoveFileExW
ExpandEnvironmentStringsW
FindNextFileW
SetEndOfFile
GetFileAttributesA
GetTempPathW
FindFirstFileA
FindFirstFileW
HeapReAlloc
GetModuleHandleW
GetFullPathNameA
FreeLibrary
GetCurrentDirectoryW
LoadLibraryW
SetCurrentDirectoryW
UnmapViewOfFile
FindResourceW
CreateFileW
GlobalAlloc
LocalFileTimeToFileTime
FindClose
Sleep
GetFileType
GetFullPathNameW
SetFileTime
CreateFileA
GetTickCount
GetLocaleInfoW
GetNumberFormatW
SetLastError
CompareStringA
VariantInit
SHBrowseForFolderW
SHChangeNotify
SHFileOperationW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
ShellExecuteExW
SHGetFileInfoW
SHGetMalloc
SHAutoComplete
SetFocus
MapWindowPoints
GetParent
UpdateWindow
EndDialog
LoadBitmapW
DefWindowProcW
GetWindowTextW
GetMessageW
ShowWindow
GetSystemMetrics
SetWindowPos
wvsprintfW
CharToOemBuffA
SetWindowLongW
IsWindow
SendMessageW
GetWindowRect
RegisterClassExW
CharUpperW
DialogBoxParamW
CharToOemBuffW
wvsprintfA
SendDlgItemMessageW
GetDlgItemTextW
PostMessageW
GetSysColor
SetDlgItemTextW
GetDC
ReleaseDC
DestroyIcon
TranslateMessage
IsWindowVisible
LoadStringW
SetWindowTextW
GetDlgItem
GetWindow
MessageBoxW
DispatchMessageW
GetClassNameW
PeekMessageW
CharUpperA
GetClientRect
OemToCharA
EnableWindow
CopyRect
WaitForInputIdle
OemToCharBuffA
LoadCursorW
LoadIconW
FindWindowExW
CreateWindowExW
GetWindowLongW
SetForegroundWindow
DestroyWindow
CharToOemA
CreateStreamOnHGlobal
OleUninitialize
CoCreateInstance
OleInitialize
CLSIDFromString
Number of PE resources by type
RT_ICON 9
RT_DIALOG 6
RT_STRING 6
RT_MANIFEST 1
RT_BITMAP 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 13
NEUTRAL DEFAULT 11
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2012:01:09 14:44:06+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
72704

LinkerVersion
9.0

EntryPoint
0xb3c1

InitializedDataSize
285184

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
0

File identification
MD5 ed86876db98db35d8c205f8c0b92b0a4
SHA1 f23efdfeca264abad80f58abcaf44992d454b017
SHA256 5a0adcd5f5dca1701596a47a662f1a34e1b3cba7b9a53098a50ee92ec8075ee0
ssdeep
49152:kZ85p/DJR8DcnLJA7Saog/Zg7IK18oilROLrTT9O:kZ85p/Qom7SaVBg7IXoqROnP9O

authentihash 5c75d227690c14bd9d8916f286936a2b220c9a9f9cbe4fea7403802f79dab2eb
imphash 2b8c9d9ab6fefc247adaf927e83dcea6
File size 1.8 MB ( 1886600 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID WinRAR Self Extracting archive (4.x-5.x) (91.4%)
Win32 Executable MS Visual C++ (generic) (3.4%)
Win64 Executable (generic) (3.0%)
Win32 Dynamic Link Library (generic) (0.7%)
Win32 Executable (generic) (0.5%)
Tags
peexe upx overlay

VirusTotal metadata
First submission 2012-12-01 23:02:02 UTC ( 5 years, 7 months ago )
Last submission 2018-05-02 17:43:11 UTC ( 2 months, 3 weeks ago )
File names 02
اسماء بعض الممولين في سوريا والخارج المطلوبين لدى النظام السوري_m-fdp.scr
aa
3.exe
????? ??? ???????? ?? ????? ??????? ????????? ??? ?????? ??????_m-fdp.scr
CDGYu5.tar.bz2
mLTPH.lnk
fb40c579-0e0e-46cf-a736-12e05577ebf9
7f72825f-e9b9-4474-bb8a-bed24a1dc89e
DVpfsugW.docm
vti-rescan
ed86876db98db35d8c205f8c0b92b0a4
اسماء بعض المسلحين في سورية والخارج المطلوبين لدى النظام السوري2012_m_fdp.scr
73d520be-1528-452f-8b06-515d506c6c02
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
UDP communications