× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 5a0adcd5f5dca1701596a47a662f1a34e1b3cba7b9a53098a50ee92ec8075ee0
File name: 02
Detection ratio: 52 / 68
Analysis date: 2018-08-10 04:26:57 UTC ( 4 months ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Strictor.39548 20180810
AegisLab Trojan.Win32.VB.4!c 20180810
ALYac Gen:Variant.Strictor.39548 20180810
Antiy-AVL Trojan[Backdoor]/Win32.DarkKomet 20180810
Arcabit Trojan.Strictor.D9A7C 20180810
Avast Win32:Malware-gen 20180810
AVG Win32:Malware-gen 20180810
Avira (no cloud) TR/Rogue.7797772.5 20180809
AVware Trojan.Win32.Generic!BT 20180810
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9885 20180809
BitDefender Gen:Variant.Strictor.39548 20180810
CAT-QuickHeal Backdoor.Fynloski 20180807
Comodo UnclassifiedMalware 20180810
CrowdStrike Falcon (ML) malicious_confidence_60% (W) 20180723
Cybereason malicious.db98db 20180225
Cylance Unsafe 20180810
Cyren W32/Trojan.FYVX-4670 20180810
DrWeb Trojan.Siggen4.48090 20180810
Emsisoft Gen:Variant.Strictor.39548 (B) 20180810
ESET-NOD32 Win32/Injector.AJQQ 20180810
F-Secure Gen:Variant.Strictor.39548 20180810
Fortinet W32/Injector.YUP!tr 20180810
GData Gen:Variant.Strictor.39548 20180810
Ikarus Trojan.Win32.Injector 20180809
Jiangmin Backdoor/DarkKomet.elw 20180810
K7AntiVirus Trojan ( 004c1cf71 ) 20180809
K7GW Trojan ( 004c1cf71 ) 20180810
Kaspersky Trojan.Win32.VB.bzdo 20180810
Kingsoft Win32.HeurC.KVML200015.a.(kcloud) 20180810
MAX malware (ai score=100) 20180810
McAfee Artemis!ED86876DB98D 20180810
McAfee-GW-Edition GenericRXCJ-LC!FCAA7784F549 20180810
Microsoft Backdoor:Win32/Fynloski.A 20180810
eScan Gen:Variant.Strictor.39548 20180810
NANO-Antivirus Trojan.Win32.DarkKomet.ecimcw 20180810
Palo Alto Networks (Known Signatures) generic.ml 20180810
Panda Trj/CI.A 20180809
Qihoo-360 Win32/Trojan.ad0 20180810
Rising Trojan.Win32.Generic.13ACA2D0 (C64:YzY0OocDiSzJymao) 20180810
SentinelOne (Static ML) static engine - malicious 20180701
Sophos AV Mal/Generic-S 20180809
Symantec Trojan.Gen.2 20180809
Tencent Win32.Trojan.Vb.Anfq 20180810
TotalDefense Win32/Smalldoor.VD 20180809
TrendMicro TROJ_SPNR.05DD13 20180810
TrendMicro-HouseCall Suspicious_GEN.F47V0629 20180810
VBA32 Trojan.VB 20180808
VIPRE Trojan.Win32.Generic!BT 20180810
Webroot W32.Malware.Gen 20180810
Yandex Trojan.VB!biSuwW+aU9c 20180808
Zillya Trojan.VB.Win32.102999 20180809
ZoneAlarm by Check Point Trojan.Win32.VB.bzdo 20180810
AhnLab-V3 20180809
Alibaba 20180713
Avast-Mobile 20180810
Babable 20180725
Bkav 20180807
ClamAV 20180810
CMC 20180809
eGambit 20180810
Endgame 20180730
F-Prot 20180810
Sophos ML 20180717
Malwarebytes 20180810
SUPERAntiSpyware 20180810
Symantec Mobile Insight 20180809
TACHYON 20180810
TheHacker 20180807
Trustlook 20180810
ViRobot 20180809
Zoner 20180809
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
F-PROT RAR, UPX
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-01-09 13:44:06
Entry Point 0x0000B3C1
Number of sections 5
PE sections
Overlays
MD5 1ff0824606aaab8076775ce95449d940
File type application/x-rar
Offset 358912
Size 1527688
Entropy 8.00
PE imports
RegCreateKeyExW
RegCloseKey
OpenProcessToken
RegSetValueExW
RegOpenKeyExW
SetFileSecurityW
AdjustTokenPrivileges
LookupPrivilegeValueW
SetFileSecurityA
RegQueryValueExW
InitCommonControlsEx
GetSaveFileNameW
CommDlgExtendedError
GetOpenFileNameW
GetDeviceCaps
DeleteDC
SelectObject
StretchBlt
GetObjectW
CreateCompatibleDC
DeleteObject
CreateCompatibleBitmap
SetFilePointer
GetSystemTime
GetLastError
HeapFree
GetStdHandle
DosDateTimeToFileTime
ReadFile
FileTimeToSystemTime
GetModuleFileNameW
WaitForSingleObject
GetVersionExW
GetExitCodeProcess
FindNextFileA
CompareStringW
HeapAlloc
SystemTimeToFileTime
IsDBCSLeadByte
GetCommandLineW
GetFileAttributesW
GetCurrentProcess
FileTimeToLocalFileTime
MoveFileW
OpenFileMappingW
SetFileAttributesA
GetDateFormatW
CreateDirectoryA
DeleteFileA
GetCPInfo
ExitProcess
MultiByteToWideChar
SetEnvironmentVariableW
CreateDirectoryW
DeleteFileW
GetProcAddress
GetProcessHeap
CreateFileMappingW
GetTimeFormatW
WriteFile
SetFileAttributesW
CloseHandle
WideCharToMultiByte
MapViewOfFile
MoveFileExW
ExpandEnvironmentStringsW
FindNextFileW
SetEndOfFile
GetFileAttributesA
GetTempPathW
FindFirstFileA
FindFirstFileW
HeapReAlloc
GetModuleHandleW
GetFullPathNameA
FreeLibrary
GetCurrentDirectoryW
LoadLibraryW
SetCurrentDirectoryW
UnmapViewOfFile
FindResourceW
CreateFileW
GlobalAlloc
LocalFileTimeToFileTime
FindClose
Sleep
GetFileType
GetFullPathNameW
SetFileTime
CreateFileA
GetTickCount
GetLocaleInfoW
GetNumberFormatW
SetLastError
CompareStringA
VariantInit
SHBrowseForFolderW
SHChangeNotify
SHFileOperationW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
ShellExecuteExW
SHGetFileInfoW
SHGetMalloc
SHAutoComplete
SetFocus
MapWindowPoints
GetParent
UpdateWindow
EndDialog
LoadBitmapW
DefWindowProcW
GetWindowTextW
GetMessageW
ShowWindow
GetSystemMetrics
SetWindowPos
wvsprintfW
CharToOemBuffA
SetWindowLongW
IsWindow
SendMessageW
GetWindowRect
RegisterClassExW
CharUpperW
DialogBoxParamW
CharToOemBuffW
wvsprintfA
SendDlgItemMessageW
GetDlgItemTextW
PostMessageW
GetSysColor
SetDlgItemTextW
GetDC
ReleaseDC
DestroyIcon
TranslateMessage
IsWindowVisible
LoadStringW
SetWindowTextW
GetDlgItem
GetWindow
MessageBoxW
DispatchMessageW
GetClassNameW
PeekMessageW
CharUpperA
GetClientRect
OemToCharA
EnableWindow
CopyRect
WaitForInputIdle
OemToCharBuffA
LoadCursorW
LoadIconW
FindWindowExW
CreateWindowExW
GetWindowLongW
SetForegroundWindow
DestroyWindow
CharToOemA
CreateStreamOnHGlobal
OleUninitialize
CoCreateInstance
OleInitialize
CLSIDFromString
Number of PE resources by type
RT_ICON 9
RT_DIALOG 6
RT_STRING 6
RT_MANIFEST 1
RT_BITMAP 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 13
NEUTRAL DEFAULT 11
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

SubsystemVersion
5.0

MachineType
Intel 386 or later, and compatibles

TimeStamp
2012:01:09 14:44:06+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
72704

LinkerVersion
9.0

FileTypeExtension
exe

InitializedDataSize
285184

ImageFileCharacteristics
No relocs, Executable, 32-bit

EntryPoint
0xb3c1

OSVersion
5.0

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 ed86876db98db35d8c205f8c0b92b0a4
SHA1 f23efdfeca264abad80f58abcaf44992d454b017
SHA256 5a0adcd5f5dca1701596a47a662f1a34e1b3cba7b9a53098a50ee92ec8075ee0
ssdeep
49152:kZ85p/DJR8DcnLJA7Saog/Zg7IK18oilROLrTT9O:kZ85p/Qom7SaVBg7IXoqROnP9O

authentihash 5c75d227690c14bd9d8916f286936a2b220c9a9f9cbe4fea7403802f79dab2eb
imphash 2b8c9d9ab6fefc247adaf927e83dcea6
File size 1.8 MB ( 1886600 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID WinRAR Self Extracting archive (4.x-5.x) (91.4%)
Win32 Executable MS Visual C++ (generic) (3.4%)
Win64 Executable (generic) (3.0%)
Win32 Dynamic Link Library (generic) (0.7%)
Win32 Executable (generic) (0.5%)
Tags
peexe upx overlay

VirusTotal metadata
First submission 2012-12-01 23:02:02 UTC ( 6 years ago )
Last submission 2018-05-02 17:43:11 UTC ( 7 months, 1 week ago )
File names 02
اسماء بعض الممولين في سوريا والخارج المطلوبين لدى النظام السوري_m-fdp.scr
aa
3.exe
????? ??? ???????? ?? ????? ??????? ????????? ??? ?????? ??????_m-fdp.scr
CDGYu5.tar.bz2
mLTPH.lnk
fb40c579-0e0e-46cf-a736-12e05577ebf9
7f72825f-e9b9-4474-bb8a-bed24a1dc89e
DVpfsugW.docm
vti-rescan
ed86876db98db35d8c205f8c0b92b0a4
اسماء بعض المسلحين في سورية والخارج المطلوبين لدى النظام السوري2012_m_fdp.scr
73d520be-1528-452f-8b06-515d506c6c02
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
UDP communications