× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 5a2b5aab5ce4c903336990f3f4305dbeb783cb41f1a355e01f5365bff667100f
File name: index[1].php
Detection ratio: 4 / 51
Analysis date: 2014-07-24 18:32:49 UTC ( 4 years, 8 months ago ) View latest
Antivirus Result Update
Avast Win32:Malware-gen 20140724
Bkav HW32.Laneul.egaq 20140724
Malwarebytes Trojan.Agent.ED 20140724
Symantec WS.Reputation.1 20140724
Ad-Aware 20140724
AegisLab 20140724
Yandex 20140724
AhnLab-V3 20140724
AntiVir 20140724
Antiy-AVL 20140724
AVG 20140724
Baidu-International 20140724
BitDefender 20140724
CAT-QuickHeal 20140724
ClamAV 20140724
CMC 20140724
Commtouch 20140724
Comodo 20140724
DrWeb 20140724
Emsisoft 20140724
ESET-NOD32 20140724
F-Prot 20140724
F-Secure 20140724
Fortinet 20140724
GData 20140724
Ikarus 20140724
Jiangmin 20140724
K7AntiVirus 20140724
K7GW 20140724
Kaspersky 20140724
Kingsoft 20140724
McAfee 20140724
McAfee-GW-Edition 20140724
Microsoft 20140724
eScan 20140724
NANO-Antivirus 20140724
Norman 20140724
nProtect 20140724
Panda 20140724
Qihoo-360 20140724
Sophos AV 20140724
SUPERAntiSpyware 20140724
Tencent 20140724
TheHacker 20140722
TotalDefense 20140724
TrendMicro 20140724
TrendMicro-HouseCall 20140724
VBA32 20140724
VIPRE 20140724
ViRobot 20140724
Zoner 20140723
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-07-23 18:22:27
Entry Point 0x000067D8
Number of sections 4
PE sections
PE imports
IsWellKnownSid
AllocateAndInitializeSid
GetOpenFileNameA
CommDlgExtendedError
GetDeviceCaps
CreateICA
GetBkColor
DeleteDC
CreateFontIndirectW
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
EnumSystemCodePagesA
EnterCriticalSection
LCMapStringW
SetHandleCount
GetCPInfo
LoadLibraryW
GetConsoleCP
GetOEMCP
QueryPerformanceCounter
IsDebuggerPresent
GetTickCount
TlsAlloc
GetEnvironmentStringsW
FlushFileBuffers
GetModuleFileNameA
RtlUnwind
GetFileAttributesW
GetStdHandle
IsProcessorFeaturePresent
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
DecodePointer
GetCurrentProcessId
UnhandledExceptionFilter
WideCharToMultiByte
GetDateFormatW
GetCPInfoExA
MultiByteToWideChar
HeapSize
FreeEnvironmentStringsW
CreateDirectoryW
GetCommandLineA
GetProcAddress
EncodePointer
GetStartupInfoW
SetStdHandle
RaiseException
GlobalReAlloc
GetModuleFileNameW
TlsFree
SetFilePointer
HeapSetInformation
FindNextFileW
SetUnhandledExceptionFilter
WriteFile
CloseHandle
GetSystemTimeAsFileTime
FindFirstFileW
GetACP
HeapReAlloc
GetStringTypeW
GetModuleHandleW
TerminateProcess
InterlockedDecrement
IsValidCodePage
HeapCreate
SetLastError
CreateFileW
TlsGetValue
Sleep
GetFileType
EnumDateFormatsA
TlsSetValue
HeapAlloc
GetCurrentThreadId
InterlockedIncrement
ExitProcess
WriteConsoleW
LeaveCriticalSection
AccessibleObjectFromEvent
VariantClear
VariantInit
SetupDiGetClassDevsA
PathFileExistsW
PathFindExtensionW
GetForegroundWindow
UpdateWindow
EndDialog
KillTimer
FindWindowA
IsWindow
SendMessageW
GetWindowRect
EnableWindow
MoveWindow
WindowFromPoint
MessageBoxA
AppendMenuW
GetDlgItemTextW
GetMenuDefaultItem
SetDlgItemTextW
GetDC
GetCursorPos
ReleaseDC
CreatePopupMenu
GetMenu
LoadStringA
SendMessageA
GetClientRect
GetDlgItem
IsIconic
CreateWindowExA
UnhookWinEvent
SetWindowTextA
GetTopWindow
GetFocus
CreateWindowExW
GetMenuItemCount
PostThreadMessageA
DestroyWindow
CoUninitialize
CoInitialize
Number of PE resources by type
RT_MANIFEST 1
RT_STRING 1
RT_DIALOG 1
Struct(240) 1
Number of PE resources by language
ENGLISH US 4
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2014:07:23 19:22:27+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
207872

LinkerVersion
10.0

FileAccessDate
2014:07:24 19:33:03+01:00

EntryPoint
0x67d8

InitializedDataSize
35840

SubsystemVersion
5.1

ImageVersion
0.0

OSVersion
5.1

FileCreateDate
2014:07:24 19:33:03+01:00

UninitializedDataSize
0

File identification
MD5 6ef275167fb8760bb23e9013760bf1e8
SHA1 de9314c0c78947743f487a52d0a1b79de75bfb84
SHA256 5a2b5aab5ce4c903336990f3f4305dbeb783cb41f1a355e01f5365bff667100f
ssdeep
6144:7VpITIZQTcizcvPjggYgEPt71pneZdq+S5c9Vr4F44J:xpVZQTnzOPjg5gEF71xMmqPW46

imphash b6c931a70d573aaa6c330c92d7718448
File size 239.0 KB ( 244736 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2014-07-24 18:32:49 UTC ( 4 years, 8 months ago )
Last submission 2014-07-24 18:32:49 UTC ( 4 years, 8 months ago )
File names index[1].php
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Hooking activity
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.