× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 5b34a7a0123fa981514bb0608fe4b9946be7270c6b8aa2529b14096506569e8f
File name: 正式发文
Detection ratio: 41 / 56
Analysis date: 2015-08-05 18:43:33 UTC ( 3 years, 7 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.Agent.BDSU 20150805
Yandex Trojan.Swisyn!hG2eYXYDHXo 20150805
AhnLab-V3 Malware/Win32.Trojan Horse 20150805
ALYac Trojan.Agent.BDSU 20150805
Antiy-AVL Trojan/Win32.Swisyn 20150805
Arcabit Trojan.Agent.BDSU 20150805
Avast Win32:Malware-gen 20150805
AVG Win32/DH{gRKBE0EDYXluHiATFBdmIiM} 20150805
Avira (no cloud) TR/Agent.BDSU 20150805
AVware Trojan.Win32.Generic!BT 20150805
Baidu-International Trojan.Win32.Swisyn.dgdx 20150805
BitDefender Trojan.Agent.BDSU 20150805
CAT-QuickHeal Trojan.Swisyn.r4 20150805
ClamAV Win.Trojan.PlugX-120 20150805
Comodo UnclassifiedMalware 20150805
Emsisoft Trojan.Agent.BDSU (B) 20150805
ESET-NOD32 Win32/Korplug.A 20150805
F-Secure Trojan.Agent.BDSU 20150805
Fortinet W32/Swisyn.DGDX!tr 20150804
GData Trojan.Agent.BDSU 20150805
Ikarus Trojan.Win32.Swisyn 20150805
K7AntiVirus Riskware ( 0040eff71 ) 20150805
K7GW Riskware ( 0040eff71 ) 20150805
Kaspersky Trojan.Win32.Swisyn.dgdx 20150805
Kingsoft Win32.Troj.Swisyn.DG.(kcloud) 20150805
McAfee RDN/Generic BackDoor 20150805
McAfee-GW-Edition BehavesLike.Win32.Expiro.cc 20150805
Microsoft Backdoor:Win32/Plugx.A 20150805
eScan Trojan.Agent.BDSU 20150805
NANO-Antivirus Trojan.Win32.Swisyn.ddjxxg 20150805
nProtect Trojan.Agent.BDSU 20150805
Panda Trj/CI.A 20150805
Qihoo-360 Win32/Trojan.a43 20150805
Rising PE:Trojan.Win32.Generic.1707F469!386397289 20150731
Sophos AV Mal/Generic-S 20150805
Symantec Trojan Horse 20150805
TrendMicro BKDR_PLUGX.DUKNL 20150805
TrendMicro-HouseCall BKDR_PLUGX.DUKNL 20150805
VBA32 BScope.Trojan.SvcHorse.01643 20150805
VIPRE Trojan.Win32.Generic!BT 20150805
Zillya Trojan.Swisyn.Win32.31463 20150805
AegisLab 20150805
Alibaba 20150803
Bkav 20150805
ByteHero 20150805
Cyren 20150805
DrWeb 20150805
F-Prot 20150805
Jiangmin 20150804
Malwarebytes 20150805
SUPERAntiSpyware 20150805
Tencent 20150805
TheHacker 20150805
TotalDefense 20150805
ViRobot 20150805
Zoner 20150805
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (C) 2014

File version 6.1.7600.16385
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-06-23 09:52:15
Entry Point 0x00002410
Number of sections 4
PE sections
PE imports
RegQueryValueA
RegOpenKeyExA
RegCloseKey
GetObjectA
CreateFontIndirectA
GetTextExtentPoint32A
GetStockObject
GetLastError
lstrlenA
FreeLibrary
CopyFileA
LoadLibraryA
GetModuleFileNameA
WinExec
GetStartupInfoA
SizeofResource
lstrcatA
LockResource
GetWindowsDirectoryA
GetProcAddress
CreateMutexA
GetTempPathA
GetModuleHandleA
lstrcpyA
LoadResource
Sleep
GetCurrentThreadId
FindResourceA
VirtualAlloc
Ord(6197)
Ord(1775)
Ord(4080)
Ord(4710)
Ord(2414)
Ord(3597)
Ord(1641)
Ord(3136)
Ord(6375)
Ord(3626)
Ord(755)
Ord(3798)
Ord(2621)
Ord(3721)
Ord(5290)
Ord(2446)
Ord(2864)
Ord(5875)
Ord(2915)
Ord(809)
Ord(795)
Ord(815)
Ord(641)
Ord(5277)
Ord(2514)
Ord(4425)
Ord(4353)
Ord(567)
Ord(1134)
Ord(941)
Ord(4465)
Ord(2863)
Ord(5300)
Ord(3797)
Ord(4627)
Ord(1168)
Ord(3738)
Ord(4853)
Ord(2982)
Ord(4234)
Ord(825)
Ord(3081)
Ord(5199)
Ord(5307)
Ord(4441)
Ord(4424)
Ord(540)
Ord(4078)
Ord(2554)
Ord(556)
Ord(6376)
Ord(1727)
Ord(823)
Ord(2379)
Ord(2725)
Ord(3874)
Ord(4998)
Ord(5572)
Ord(3749)
Ord(2512)
Ord(470)
Ord(4274)
Ord(5261)
Ord(2859)
Ord(4079)
Ord(1146)
Ord(3147)
Ord(2860)
Ord(2124)
Ord(6052)
Ord(3259)
Ord(1088)
Ord(3262)
Ord(1576)
Ord(2614)
Ord(5065)
Ord(4407)
Ord(4275)
Ord(3663)
Ord(3346)
Ord(2396)
Ord(3831)
Ord(6374)
Ord(5280)
Ord(6453)
Ord(3825)
Ord(2976)
Ord(1089)
Ord(2985)
Ord(3922)
Ord(4160)
Ord(4376)
Ord(3402)
Ord(800)
Ord(324)
Ord(3830)
Ord(2122)
Ord(2385)
Ord(3619)
Ord(3079)
Ord(6880)
Ord(2055)
Ord(4837)
Ord(5241)
Ord(1776)
Ord(2648)
Ord(5714)
Ord(5289)
Ord(4622)
Ord(561)
Ord(4486)
Ord(4698)
Ord(5163)
Ord(6055)
Ord(6199)
Ord(5265)
Ord(4673)
Ord(5302)
Ord(5731)
_except_handler3
__p__fmode
_XcptFilter
_acmdln
__CxxFrameHandler
_setmbcp
_exit
__p__commode
__dllonexit
_stricmp
_controlfp
exit
_mbsstr
__getmainargs
_initterm
__setusermatherr
_onexit
_adjust_fdiv
__set_app_type
ShellExecuteA
RedrawWindow
GetParent
GetMessageA
GetInputState
CopyIcon
KillTimer
GetSystemMetrics
IsWindow
AppendMenuA
GetWindowRect
InflateRect
EnableWindow
DrawIcon
SetWindowLongA
GetDC
DestroyCursor
GetCursorPos
ReleaseDC
SendMessageA
GetClientRect
IsIconic
InvalidateRect
SetTimer
LoadCursorA
LoadIconA
GetSystemMenu
SetCursor
PostThreadMessageA
PtInRect
Number of PE resources by type
RT_DIALOG 2
RT_ICON 1
JPG 1
RT_STRING 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 4
CHINESE SIMPLIFIED 3
PE resources
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
98304

ImageVersion
0.0

FileVersionNumber
6.1.7600.16385

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

LinkerVersion
6.0

FileTypeExtension
exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
6.1.7600.16385

TimeStamp
2014:06:23 10:52:15+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
6, 1, 7600, 16385

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Win32

LegalCopyright
Copyright (C) 2014

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation. All rights reserved.

CodeSize
8192

FileSubtype
0

ProductVersionNumber
6.1.7600.16385

EntryPoint
0x2410

ObjectFileType
Executable application

File identification
MD5 810f2d6eccccc5f034f0ee91743c1608
SHA1 91d34316c33828dd32890f42e586ad24e2e161aa
SHA256 5b34a7a0123fa981514bb0608fe4b9946be7270c6b8aa2529b14096506569e8f
ssdeep
1536:zdeLaVY5/KiANgYq5OZHEaAFEsulBPw+8O5+DgGVqpNVxYCHwk4:zKNKiAKqkaAFzulBPx8OsDgGV8NV6C14

authentihash ce9091d712bd51986b69f9723dfcb2ec564fbe982868970280392e37d5d11c94
imphash e769a4099e1d31353febd2a2ce6b58d5
File size 108.0 KB ( 110592 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (46.3%)
Win64 Executable (generic) (41.0%)
Win32 Executable (generic) (6.6%)
Generic Win/DOS Executable (2.9%)
DOS Executable Generic (2.9%)
Tags
peexe

VirusTotal metadata
First submission 2014-07-24 02:41:01 UTC ( 4 years, 8 months ago )
Last submission 2014-07-28 02:55:06 UTC ( 4 years, 7 months ago )
File names 正式发文
5b34a7a0123fa981514bb0608fe4b9946be7270c6b8aa2529b14096506569e8f
Advanced heuristic and reputation engines
TrendMicro-HouseCall
TrendMicro's heuristic engine has flagged this file as: TROJ_GEN.R08PC0DDS15.

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Code injections in the following processes
Opened mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.