× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 5a0adcd5f5dca1701596a47a662f1a34e1b3cba7b9a53098a50ee92ec8075ee0
File name: 02
Detection ratio: 49 / 66
Analysis date: 2018-04-02 22:27:58 UTC ( 2 weeks, 5 days ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Strictor.39548 20180402
AegisLab Backdoor.W32.DarkKomet.rzq!c 20180402
ALYac Gen:Variant.Strictor.39548 20180402
Antiy-AVL Trojan[Backdoor]/Win32.DarkKomet 20180402
Arcabit Trojan.Strictor.D9A7C 20180402
Avast Win32:Malware-gen 20180402
AVG Win32:Malware-gen 20180402
Avira (no cloud) TR/Rogue.7797772.5 20180402
AVware Trojan.Win32.Generic!BT 20180402
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9885 20180402
BitDefender Gen:Variant.Strictor.39548 20180402
Comodo UnclassifiedMalware 20180402
CrowdStrike Falcon (ML) malicious_confidence_80% (D) 20170201
Cybereason malicious.db98db 20180225
Cylance Unsafe 20180402
Cyren W32/Trojan.FYVX-4670 20180402
DrWeb Trojan.Siggen4.48090 20180402
Emsisoft Gen:Variant.Strictor.39548 (B) 20180402
ESET-NOD32 Win32/Injector.AJQQ 20180402
F-Secure Gen:Variant.Strictor.39548 20180402
Fortinet W32/Injector.YUP!tr 20180402
GData Gen:Variant.Strictor.39548 20180402
Ikarus Trojan.Win32.Injector 20180402
Jiangmin Backdoor/DarkKomet.elw 20180402
K7AntiVirus Trojan ( 004c1cf71 ) 20180402
K7GW Trojan ( 004c1cf71 ) 20180402
Kaspersky Trojan.Win32.VB.bzdo 20180402
Kingsoft Win32.HeurC.KVML200015.a.(kcloud) 20180402
MAX malware (ai score=100) 20180402
McAfee Artemis!ED86876DB98D 20180402
McAfee-GW-Edition GenericRXCJ-LC!FCAA7784F549 20180402
Microsoft Trojan:Win32/Tiggre!rfn 20180402
eScan Gen:Variant.Strictor.39548 20180402
NANO-Antivirus Trojan.Win32.DarkKomet.ecimcw 20180402
Palo Alto Networks (Known Signatures) generic.ml 20180402
Panda Trj/CI.A 20180402
Qihoo-360 Win32/Trojan.83e 20180402
Rising Malware.Undefined!8.C (TFE:4:PWvLI9Tdl0) 20180402
SentinelOne (Static ML) static engine - malicious 20180225
Sophos AV Mal/Generic-S 20180402
Symantec Backdoor.Breut 20180402
Tencent Win32.Trojan.Vb.Anfq 20180402
TrendMicro TROJ_SPNR.05DD13 20180402
TrendMicro-HouseCall TROJ_SPNR.05DD13 20180402
VBA32 Trojan.VB 20180402
VIPRE Trojan.Win32.Generic!BT 20180402
Yandex Trojan.VB!biSuwW+aU9c 20180331
Zillya Trojan.VB.Win32.102999 20180402
ZoneAlarm by Check Point Trojan.Win32.VB.bzdo 20180402
AhnLab-V3 20180402
Alibaba 20180402
Avast-Mobile 20180402
Bkav 20180402
CAT-QuickHeal 20180402
ClamAV 20180402
CMC 20180402
eGambit 20180402
Endgame 20180316
F-Prot 20180402
Sophos ML 20180121
Malwarebytes 20180402
nProtect 20180402
SUPERAntiSpyware 20180402
Symantec Mobile Insight 20180401
TheHacker 20180330
Trustlook 20180402
ViRobot 20180402
WhiteArmor 20180324
Zoner 20180401
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
F-PROT RAR, UPX
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-01-09 13:44:06
Entry Point 0x0000B3C1
Number of sections 5
PE sections
Overlays
MD5 1ff0824606aaab8076775ce95449d940
File type application/x-rar
Offset 358912
Size 1527688
Entropy 8.00
PE imports
RegCreateKeyExW
RegCloseKey
OpenProcessToken
RegSetValueExW
RegOpenKeyExW
SetFileSecurityW
AdjustTokenPrivileges
LookupPrivilegeValueW
SetFileSecurityA
RegQueryValueExW
InitCommonControlsEx
GetSaveFileNameW
CommDlgExtendedError
GetOpenFileNameW
GetDeviceCaps
DeleteDC
SelectObject
StretchBlt
GetObjectW
CreateCompatibleDC
DeleteObject
CreateCompatibleBitmap
SetFilePointer
GetSystemTime
GetLastError
HeapFree
GetStdHandle
DosDateTimeToFileTime
ReadFile
FileTimeToSystemTime
GetModuleFileNameW
WaitForSingleObject
GetVersionExW
GetExitCodeProcess
FindNextFileA
CompareStringW
HeapAlloc
SystemTimeToFileTime
IsDBCSLeadByte
GetCommandLineW
GetFileAttributesW
GetCurrentProcess
FileTimeToLocalFileTime
MoveFileW
OpenFileMappingW
SetFileAttributesA
GetDateFormatW
CreateDirectoryA
DeleteFileA
GetCPInfo
ExitProcess
MultiByteToWideChar
SetEnvironmentVariableW
CreateDirectoryW
DeleteFileW
GetProcAddress
GetProcessHeap
CreateFileMappingW
GetTimeFormatW
WriteFile
SetFileAttributesW
CloseHandle
WideCharToMultiByte
MapViewOfFile
MoveFileExW
ExpandEnvironmentStringsW
FindNextFileW
SetEndOfFile
GetFileAttributesA
GetTempPathW
FindFirstFileA
FindFirstFileW
HeapReAlloc
GetModuleHandleW
GetFullPathNameA
FreeLibrary
GetCurrentDirectoryW
LoadLibraryW
SetCurrentDirectoryW
UnmapViewOfFile
FindResourceW
CreateFileW
GlobalAlloc
LocalFileTimeToFileTime
FindClose
Sleep
GetFileType
GetFullPathNameW
SetFileTime
CreateFileA
GetTickCount
GetLocaleInfoW
GetNumberFormatW
SetLastError
CompareStringA
VariantInit
SHBrowseForFolderW
SHChangeNotify
SHFileOperationW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
ShellExecuteExW
SHGetFileInfoW
SHGetMalloc
SHAutoComplete
SetFocus
MapWindowPoints
GetParent
UpdateWindow
EndDialog
LoadBitmapW
DefWindowProcW
GetWindowTextW
GetMessageW
ShowWindow
GetSystemMetrics
SetWindowPos
wvsprintfW
CharToOemBuffA
SetWindowLongW
IsWindow
SendMessageW
GetWindowRect
RegisterClassExW
CharUpperW
DialogBoxParamW
CharToOemBuffW
wvsprintfA
SendDlgItemMessageW
GetDlgItemTextW
PostMessageW
GetSysColor
SetDlgItemTextW
GetDC
ReleaseDC
DestroyIcon
TranslateMessage
IsWindowVisible
LoadStringW
SetWindowTextW
GetDlgItem
GetWindow
MessageBoxW
DispatchMessageW
GetClassNameW
PeekMessageW
CharUpperA
GetClientRect
OemToCharA
EnableWindow
CopyRect
WaitForInputIdle
OemToCharBuffA
LoadCursorW
LoadIconW
FindWindowExW
CreateWindowExW
GetWindowLongW
SetForegroundWindow
DestroyWindow
CharToOemA
CreateStreamOnHGlobal
OleUninitialize
CoCreateInstance
OleInitialize
CLSIDFromString
Number of PE resources by type
RT_ICON 9
RT_DIALOG 6
RT_STRING 6
RT_MANIFEST 1
RT_BITMAP 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 13
NEUTRAL DEFAULT 11
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2012:01:09 14:44:06+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
72704

LinkerVersion
9.0

FileTypeExtension
exe

InitializedDataSize
285184

SubsystemVersion
5.0

EntryPoint
0xb3c1

OSVersion
5.0

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 ed86876db98db35d8c205f8c0b92b0a4
SHA1 f23efdfeca264abad80f58abcaf44992d454b017
SHA256 5a0adcd5f5dca1701596a47a662f1a34e1b3cba7b9a53098a50ee92ec8075ee0
ssdeep
49152:kZ85p/DJR8DcnLJA7Saog/Zg7IK18oilROLrTT9O:kZ85p/Qom7SaVBg7IXoqROnP9O

authentihash 5c75d227690c14bd9d8916f286936a2b220c9a9f9cbe4fea7403802f79dab2eb
imphash 2b8c9d9ab6fefc247adaf927e83dcea6
File size 1.8 MB ( 1886600 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID WinRAR Self Extracting archive (4.x-5.x) (91.4%)
Win32 Executable MS Visual C++ (generic) (3.4%)
Win64 Executable (generic) (3.0%)
Win32 Dynamic Link Library (generic) (0.7%)
Win32 Executable (generic) (0.5%)
Tags
peexe upx overlay

VirusTotal metadata
First submission 2012-12-01 23:02:02 UTC ( 5 years, 4 months ago )
Last submission 2018-04-02 22:27:58 UTC ( 2 weeks, 5 days ago )
File names 02
اسماء بعض الممولين في سوريا والخارج المطلوبين لدى النظام السوري_m-fdp.scr
aa
3.exe
????? ??? ???????? ?? ????? ??????? ????????? ??? ?????? ??????_m-fdp.scr
CDGYu5.tar.bz2
mLTPH.lnk
fb40c579-0e0e-46cf-a736-12e05577ebf9
7f72825f-e9b9-4474-bb8a-bed24a1dc89e
DVpfsugW.docm
vti-rescan
ed86876db98db35d8c205f8c0b92b0a4
اسماء بعض المسلحين في سورية والخارج المطلوبين لدى النظام السوري2012_m_fdp.scr
73d520be-1528-452f-8b06-515d506c6c02
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
UDP communications