× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 5a0adcd5f5dca1701596a47a662f1a34e1b3cba7b9a53098a50ee92ec8075ee0
File name: 02
Detection ratio: 51 / 61
Analysis date: 2017-04-14 05:01:02 UTC ( 7 months, 2 weeks ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Strictor.39548 20170414
AegisLab Backdoor.W32.DarkKomet.rzq!c 20170414
ALYac Gen:Variant.Strictor.39548 20170414
Antiy-AVL Trojan[Backdoor]/Win32.DarkKomet 20170414
Arcabit Trojan.Strictor.D9A7C 20170414
Avast Win32:Malware-gen 20170414
AVG Logger.AHYI 20170414
Avira (no cloud) TR/Rogue.7797772.5 20170413
AVware Trojan.Win32.Generic!BT 20170410
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9885 20170414
BitDefender Gen:Variant.Strictor.39548 20170414
CAT-QuickHeal Backdoor.Fynloski 20170413
Comodo UnclassifiedMalware 20170414
CrowdStrike Falcon (ML) malicious_confidence_87% (W) 20170130
Cyren W32/Trojan.FYVX-4670 20170414
DrWeb Trojan.Siggen4.48090 20170414
Emsisoft Gen:Variant.Strictor.39548 (B) 20170414
Endgame malicious (moderate confidence) 20170413
ESET-NOD32 Win32/Injector.AJQQ 20170414
F-Secure Gen:Variant.Strictor.39548 20170414
Fortinet W32/Injector.YUP!tr 20170414
GData Gen:Variant.Strictor.39548 20170414
Ikarus Trojan.Win32.Injector 20170413
Sophos ML hacktool.win32.wpakill.b 20170413
Jiangmin Backdoor/DarkKomet.elw 20170414
K7AntiVirus Trojan ( 004c1cf71 ) 20170414
K7GW Trojan ( 004c1cf71 ) 20170414
Kaspersky Trojan.Win32.VB.bzdo 20170414
McAfee Artemis!ED86876DB98D 20170412
McAfee-GW-Edition RDN/Generic.bfr!il 20170414
Microsoft Backdoor:Win32/Fynloski.A 20170414
eScan Gen:Variant.Strictor.39548 20170414
NANO-Antivirus Trojan.Win32.DarkKomet.ecimcw 20170414
Palo Alto Networks (Known Signatures) generic.ml 20170414
Panda Trj/CI.A 20170413
Qihoo-360 Win32/Trojan.83e 20170414
Rising Trojan.Generic (cloud:zWmQJDuYCdI) 20170414
SentinelOne (Static ML) static engine - malicious 20170330
Sophos AV Mal/Generic-S 20170414
Symantec Backdoor.Breut 20170413
Tencent Win32.Trojan.Vb.Anfq 20170414
TotalDefense Win32/Smalldoor.VD 20170414
TrendMicro TROJ_SPNR.05DD13 20170414
TrendMicro-HouseCall Suspicious_GEN.F47V0310 20170414
VBA32 Trojan.VB 20170413
VIPRE Trojan.Win32.Generic!BT 20170414
ViRobot Trojan.Win32.S.Agent.1886600[h] 20170414
Webroot W32.Malware.Gen 20170414
Yandex Trojan.VB!biSuwW+aU9c 20170413
Zillya Trojan.VB.Win32.102999 20170413
ZoneAlarm by Check Point Trojan.Win32.VB.bzdo 20170414
AhnLab-V3 20170413
Alibaba 20170414
ClamAV 20170413
CMC 20170414
F-Prot 20170414
Kingsoft 20170414
Malwarebytes 20170414
nProtect 20170414
SUPERAntiSpyware 20170413
Symantec Mobile Insight 20170414
TheHacker 20170412
Trustlook 20170414
WhiteArmor 20170409
Zoner 20170414
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
F-PROT RAR, UPX
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-01-09 13:44:06
Entry Point 0x0000B3C1
Number of sections 5
PE sections
Overlays
MD5 1ff0824606aaab8076775ce95449d940
File type application/x-rar
Offset 358912
Size 1527688
Entropy 8.00
PE imports
RegCreateKeyExW
RegCloseKey
OpenProcessToken
RegSetValueExW
RegOpenKeyExW
SetFileSecurityW
AdjustTokenPrivileges
LookupPrivilegeValueW
SetFileSecurityA
RegQueryValueExW
InitCommonControlsEx
GetSaveFileNameW
CommDlgExtendedError
GetOpenFileNameW
GetDeviceCaps
DeleteDC
SelectObject
StretchBlt
GetObjectW
CreateCompatibleDC
DeleteObject
CreateCompatibleBitmap
SetFilePointer
GetSystemTime
GetLastError
HeapFree
GetStdHandle
DosDateTimeToFileTime
ReadFile
FileTimeToSystemTime
GetModuleFileNameW
WaitForSingleObject
GetVersionExW
GetExitCodeProcess
FindNextFileA
CompareStringW
HeapAlloc
SystemTimeToFileTime
IsDBCSLeadByte
GetCommandLineW
GetFileAttributesW
GetCurrentProcess
FileTimeToLocalFileTime
MoveFileW
OpenFileMappingW
SetFileAttributesA
GetDateFormatW
CreateDirectoryA
DeleteFileA
GetCPInfo
ExitProcess
MultiByteToWideChar
SetEnvironmentVariableW
CreateDirectoryW
DeleteFileW
GetProcAddress
GetProcessHeap
CreateFileMappingW
GetTimeFormatW
WriteFile
SetFileAttributesW
CloseHandle
WideCharToMultiByte
MapViewOfFile
MoveFileExW
ExpandEnvironmentStringsW
FindNextFileW
SetEndOfFile
GetFileAttributesA
GetTempPathW
FindFirstFileA
FindFirstFileW
HeapReAlloc
GetModuleHandleW
GetFullPathNameA
FreeLibrary
GetCurrentDirectoryW
LoadLibraryW
SetCurrentDirectoryW
UnmapViewOfFile
FindResourceW
CreateFileW
GlobalAlloc
LocalFileTimeToFileTime
FindClose
Sleep
GetFileType
GetFullPathNameW
SetFileTime
CreateFileA
GetTickCount
GetLocaleInfoW
GetNumberFormatW
SetLastError
CompareStringA
VariantInit
SHBrowseForFolderW
SHChangeNotify
SHFileOperationW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
ShellExecuteExW
SHGetFileInfoW
SHGetMalloc
SHAutoComplete
SetFocus
MapWindowPoints
GetParent
UpdateWindow
EndDialog
LoadBitmapW
DefWindowProcW
GetWindowTextW
GetMessageW
ShowWindow
GetSystemMetrics
SetWindowPos
wvsprintfW
CharToOemBuffA
SetWindowLongW
IsWindow
SendMessageW
GetWindowRect
RegisterClassExW
CharUpperW
DialogBoxParamW
CharToOemBuffW
wvsprintfA
SendDlgItemMessageW
GetDlgItemTextW
PostMessageW
GetSysColor
SetDlgItemTextW
GetDC
ReleaseDC
DestroyIcon
TranslateMessage
IsWindowVisible
LoadStringW
SetWindowTextW
GetDlgItem
GetWindow
MessageBoxW
DispatchMessageW
GetClassNameW
PeekMessageW
CharUpperA
GetClientRect
OemToCharA
EnableWindow
CopyRect
WaitForInputIdle
OemToCharBuffA
LoadCursorW
LoadIconW
FindWindowExW
CreateWindowExW
GetWindowLongW
SetForegroundWindow
DestroyWindow
CharToOemA
CreateStreamOnHGlobal
OleUninitialize
CoCreateInstance
OleInitialize
CLSIDFromString
Number of PE resources by type
RT_ICON 9
RT_DIALOG 6
RT_STRING 6
RT_MANIFEST 1
RT_BITMAP 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 13
NEUTRAL DEFAULT 11
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2012:01:09 14:44:06+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
72704

LinkerVersion
9.0

FileTypeExtension
exe

InitializedDataSize
285184

SubsystemVersion
5.0

EntryPoint
0xb3c1

OSVersion
5.0

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 ed86876db98db35d8c205f8c0b92b0a4
SHA1 f23efdfeca264abad80f58abcaf44992d454b017
SHA256 5a0adcd5f5dca1701596a47a662f1a34e1b3cba7b9a53098a50ee92ec8075ee0
ssdeep
49152:kZ85p/DJR8DcnLJA7Saog/Zg7IK18oilROLrTT9O:kZ85p/Qom7SaVBg7IXoqROnP9O

authentihash 5c75d227690c14bd9d8916f286936a2b220c9a9f9cbe4fea7403802f79dab2eb
imphash 2b8c9d9ab6fefc247adaf927e83dcea6
File size 1.8 MB ( 1886600 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe upx overlay

VirusTotal metadata
First submission 2012-12-01 23:02:02 UTC ( 4 years, 11 months ago )
Last submission 2016-10-04 17:45:24 UTC ( 1 year, 1 month ago )
File names 02
اسماء بعض الممولين في سوريا والخارج المطلوبين لدى النظام السوري_m-fdp.scr
aa
3.exe
????? ??? ???????? ?? ????? ??????? ????????? ??? ?????? ??????_m-fdp.scr
CDGYu5.tar.bz2
mLTPH.lnk
fb40c579-0e0e-46cf-a736-12e05577ebf9
7f72825f-e9b9-4474-bb8a-bed24a1dc89e
DVpfsugW.docm
vti-rescan
ed86876db98db35d8c205f8c0b92b0a4
اسماء بعض المسلحين في سورية والخارج المطلوبين لدى النظام السوري2012_m_fdp.scr
73d520be-1528-452f-8b06-515d506c6c02
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
UDP communications