× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 5b4ac76e9452523a4111ee532f94c6e74b51baf573b5d7f952bf6274a483a818
File name: runwithme.exe
Detection ratio: 4 / 57
Analysis date: 2016-03-23 13:34:03 UTC ( 2 years, 3 months ago ) View latest
Antivirus Result Update
McAfee Drixed-FEQ!67D4CB4CBA30 20160323
McAfee-GW-Edition BehavesLike.Win32.PWSZbot.dh 20160323
Qihoo-360 HEUR/QVM07.1.Malware.Gen 20160323
Rising PE:Malware.XPACK-HIE/Heur!1.9C48 [F] 20160323
Ad-Aware 20160323
AegisLab 20160323
Yandex 20160316
AhnLab-V3 20160323
Alibaba 20160323
ALYac 20160323
Antiy-AVL 20160323
Arcabit 20160323
Avast 20160323
AVG 20160323
Avira (no cloud) 20160323
AVware 20160323
Baidu 20160322
Baidu-International 20160323
BitDefender 20160323
Bkav 20160322
ByteHero 20160323
CAT-QuickHeal 20160323
ClamAV 20160319
CMC 20160322
Comodo 20160323
Cyren 20160323
DrWeb 20160323
Emsisoft 20160323
ESET-NOD32 20160323
F-Prot 20160323
F-Secure 20160323
Fortinet 20160323
GData 20160323
Ikarus 20160323
Jiangmin 20160323
K7AntiVirus 20160323
K7GW 20160323
Kaspersky 20160323
Malwarebytes 20160323
Microsoft 20160323
eScan 20160323
NANO-Antivirus 20160323
nProtect 20160323
Panda 20160322
Sophos AV 20160323
SUPERAntiSpyware 20160323
Symantec 20160323
Tencent 20160323
TheHacker 20160321
TotalDefense 20160323
TrendMicro 20160323
TrendMicro-HouseCall 20160323
VBA32 20160323
VIPRE 20160323
ViRobot 20160323
Zillya 20160323
Zoner 20160323
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2005-04-30 00:15:39
Entry Point 0x00023B30
Number of sections 4
PE sections
PE imports
RegEnumKeyExA
RegSetValueExW
GetKernelObjectSecurity
ImageList_BeginDrag
ImageList_SetBkColor
ImageList_GetImageInfo
FlatSB_GetScrollProp
Ord(4)
FlatSB_SetScrollPos
Ord(6)
Ord(5)
FlatSB_GetScrollInfo
FlatSB_SetScrollRange
ImageList_Remove
ImageList_Merge
Ord(17)
ImageList_SetIconSize
Ord(15)
ImageList_GetImageCount
ImageList_Replace
ImageList_DragLeave
ImageList_GetIcon
InitializeFlatSB
InitCommonControlsEx
FlatSB_EnableScrollBar
ImageList_LoadImageA
CreatePropertySheetPageW
ImageList_SetImageCount
ImageList_Create
Ord(14)
Ord(8)
ImageList_EndDrag
GetDeviceCaps
FillRgn
Polygon
DeleteDC
GetWindowOrgEx
RestoreDC
PatBlt
GetGlyphOutlineA
GetRgnBox
CreateDIBSection
GdiFlush
CreateFontW
OffsetViewportOrgEx
CombineRgn
SetPixelV
SetBkColor
GetEnhMetaFilePaletteEntries
SelectClipRgn
CreateEllipticRgn
Ellipse
ExtEscape
GetPrivateProfileSectionNamesA
FormatMessageW
GetModuleHandleA
DeviceIoControl
QueryDosDeviceW
HeapSize
GetEnvironmentVariableW
GetAtomNameW
CreateErrorInfo
SHGetFileInfoA
ShellExecuteExA
SHAddToRecentDocs
ExtractIconExA
ExtractIconExW
SHGetSpecialFolderLocation
SHInvokePrinterCommandA
SHFreeNameMappings
ExtractAssociatedIconA
SHGetPathFromIDListA
SHGetMalloc
SHFileOperationA
InternetSetCookieA
HttpOpenRequestA
GetUrlCacheEntryInfoExW
HttpSendRequestExW
RetrieveUrlCacheEntryFileA
InternetSetCookieW
FtpFindFirstFileW
FindFirstUrlCacheEntryExA
SetUrlCacheEntryGroup
RetrieveUrlCacheEntryFileW
InternetQueryDataAvailable
HttpEndRequestA
InternetOpenW
GetUrlCacheEntryInfoExA
SetUrlCacheEntryInfoW
HttpOpenRequestW
CreateUrlCacheGroup
GetUrlCacheEntryInfoA
InternetConfirmZoneCrossing
InternetConnectW
FtpRenameFileA
GopherFindFirstFileW
FtpDeleteFileW
SetUrlCacheEntryInfoA
InternetGetCookieA
GopherOpenFileW
GetUrlCacheEntryInfoW
InternetSetOptionExA
FtpDeleteFileA
InternetGetLastResponseInfoW
InternetCombineUrlW
UnlockUrlCacheEntryStream
InternetLockRequestFile
FtpRenameFileW
ReadUrlCacheEntryStream
CommitUrlCacheEntryW
GopherGetLocatorTypeW
InternetCheckConnectionA
RetrieveUrlCacheEntryStreamW
InternetOpenUrlA
GopherCreateLocatorA
CreateUrlCacheEntryA
HttpQueryInfoA
HttpAddRequestHeadersW
HttpSendRequestA
FtpOpenFileW
FtpGetCurrentDirectoryA
InternetSetOptionA
FindFirstUrlCacheEntryA
GopherGetAttributeW
FindNextUrlCacheEntryA
FtpPutFileW
InternetSetDialState
InternetSetOptionW
HttpSendRequestW
InternetOpenUrlW
HttpAddRequestHeadersA
FindNextUrlCacheEntryW
DeleteUrlCacheEntry
GopherGetAttributeA
InternetTimeFromSystemTime
GetOpenFileNameA
FindTextW
ReplaceTextW
GetSaveFileNameA
GetOpenFileNameW
CoRegisterPSClsid
FreePropVariantArray
CoGetMarshalSizeMax
HMENU_UserUnmarshal
OleCreateFromFile
OleCreateLinkToFileEx
CLIPFORMAT_UserUnmarshal
SNB_UserMarshal
CoLockObjectExternal
CoTreatAsClass
StringFromGUID2
StgSetTimes
HACCEL_UserMarshal
CoRegisterSurrogate
OleFlushClipboard
ReleaseStgMedium
OleConvertOLESTREAMToIStorage
ReadClassStm
OleCreateStaticFromData
GetHGlobalFromILockBytes
HMENU_UserFree
StgGetIFillLockBytesOnILockBytes
CoLoadLibrary
CoResumeClassObjects
OleCreateLinkToFile
SetConvertStg
CoTaskMemRealloc
CreateILockBytesOnHGlobal
CoRevokeMallocSpy
StgCreatePropSetStg
OleSetAutoConvert
StgCreateStorageEx
OleDraw
OleRegGetUserType
OleInitialize
CLIPFORMAT_UserFree
OleNoteObjectVisible
GetClassFile
CoCreateInstance
StgOpenStorage
OleGetAutoConvert
OleCreateLinkFromDataEx
HPALETTE_UserUnmarshal
HWND_UserFree
PropVariantClear
OleMetafilePictFromIconAndLabel
STGMEDIUM_UserUnmarshal
CreateDataCache
CreateDataAdviseHolder
StgCreateDocfileOnILockBytes
CoRevokeClassObject
OleCreateDefaultHandler
OleSaveToStream
OleConvertIStorageToOLESTREAM
CoFreeAllLibraries
GetHGlobalFromStream
OleSave
CoGetObject
STGMEDIUM_UserFree
CoCreateGuid
CoReleaseServerProcess
MkParseDisplayName
BindMoniker
CoBuildVersion
OleBuildVersion
CreateGenericComposite
CreateBindCtx
Number of PE resources by type
RT_MENU 9
RT_ICON 3
RT_GROUP_ICON 3
RT_DIALOG 2
RT_ACCELERATOR 2
RT_BITMAP 1
RT_VERSION 1
Number of PE resources by language
TURKISH DEFAULT 21
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
8.0

ImageVersion
0.0

FileVersionNumber
0.167.208.46

UninitializedDataSize
0

LanguageCode
Neutral

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
217088

EntryPoint
0x23b30

OriginalFileName
Humanitarian.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright 2018

FileVersion
75, 147, 93, 29

TimeStamp
2005:04:30 01:15:39+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Noradrenaline

ProductVersion
82, 57, 98, 160

FileDescription
Made

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

CompanyName
ConquerWare

CodeSize
143360

FileSubtype
0

ProductVersionNumber
0.11.183.135

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 67d4cb4cba304dfb823dffe101fb1c63
SHA1 72140ae2b61efa66a7c6ba2f020364054018c91c
SHA256 5b4ac76e9452523a4111ee532f94c6e74b51baf573b5d7f952bf6274a483a818
ssdeep
3072:10zCbeTePeM+Efx+XMPYuBbWpLMjngyYXjDpZoz6jSjcVTi5yatny30yKOlLiU:hb6Oxw8wutcgIDIz6hIyateaOl

authentihash 6f37179e849e822f857d8fefd10a6659f454c5cd47707f88748e48df2a84b929
imphash e9c7582d5f8a206da8d10708009a5849
File size 232.0 KB ( 237568 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Windows screen saver (43.3%)
Win32 Dynamic Link Library (generic) (21.7%)
Win32 Executable (generic) (14.9%)
OS/2 Executable (generic) (6.7%)
Generic Win/DOS Executable (6.6%)
Tags
peexe

VirusTotal metadata
First submission 2016-03-23 11:41:28 UTC ( 2 years, 3 months ago )
Last submission 2018-04-27 14:16:08 UTC ( 1 month, 4 weeks ago )
File names runwithme.exe_
runwithme[1].exe.2885958930.DROPPED
fuckyourself.ass
susp.exe
fuckyourself.exe
runwithme_exe
67d4cb4cba304dfb823dffe101fb1c63
runwithme.exe
home.html
cdsadd.exe.3290293682.DROPPED
dridex_malware_sample_rtir524214_original
cdsadd.exe
home.php
locky.exe
cdsbdd.exe
fuckyourself.ass
cdsadd.exe
runwithme[1].exe
fuckyourself[1].ass
runwithme(1).exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created mutexes
Opened mutexes
Opened service managers
Runtime DLLs