× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 5b7e022f5009004985b34cf091d06752c765a25b445a46050eef51a17be8267d
File name: 55C447191D9566C7442E25C4CAF0D2FE
Detection ratio: 39 / 56
Analysis date: 2015-05-21 08:25:40 UTC ( 3 years, 8 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.Generic.14530219 20150521
Yandex Trojan.Agent!NtzskjtFQSA 20150520
AhnLab-V3 Trojan/Win32.Crypt 20150521
ALYac Trojan.Generic.14530219 20150521
Antiy-AVL Trojan/Win32.Agent 20150521
Avast Win32:Malware-gen 20150521
AVware Trojan.Win32.Generic!BT 20150521
Baidu-International Trojan.Win32.Agent.RCH 20150521
BitDefender Trojan.Generic.14530219 20150521
Bkav W32.HfsAutoB.2BF7 20150521
Comodo UnclassifiedMalware 20150521
DrWeb Trojan.DownLoader13.16476 20150521
Emsisoft Trojan.Generic.14530219 (B) 20150521
ESET-NOD32 Win32/Agent.RCH 20150521
F-Secure Trojan.Generic.14530219 20150521
Fortinet PossibleThreat 20150521
GData Trojan.Generic.14530219 20150521
Jiangmin Trojan/Agent.lapn 20150519
K7AntiVirus Trojan ( 0040f4ef1 ) 20150521
K7GW Trojan ( 0040f4ef1 ) 20150521
Kaspersky Trojan.Win32.Agent.apkbl 20150521
Malwarebytes Trojan.Chinad 20150521
McAfee Artemis!55C447191D95 20150521
McAfee-GW-Edition BehavesLike.Win32.Trojan.vc 20150521
eScan Trojan.Generic.14530219 20150521
NANO-Antivirus Trojan.Win32.Agent.droswx 20150521
Norman Suspicious_Gen4.IIWEW 20150521
nProtect Trojan.Generic.14530219 20150521
Panda Generic Suspicious 20150521
Qihoo-360 HEUR/QVM19.1.Malware.Gen 20150521
Rising PE:Trojan.Win32.Boaxxe.g!1075357690 20150521
Sophos AV Mal/EncPk-DW 20150521
Symantec Trojan.Gen.2 20150521
Tencent Trojan.Win32.Qudamah.Gen.3 20150521
TrendMicro TROJ_GEN.R04HC0REH15 20150521
TrendMicro-HouseCall TROJ_GEN.R04HC0REH15 20150521
VIPRE Trojan.Win32.Generic!BT 20150521
ViRobot Trojan.Win32.A.Agent.2340864[h] 20150521
Zillya Trojan.Agent.Win32.539694 20150521
AegisLab 20150521
Alibaba 20150521
AVG 20150521
ByteHero 20150521
CAT-QuickHeal 20150520
ClamAV 20150521
CMC 20150520
Cyren 20150521
F-Prot 20150521
Ikarus 20150521
Kingsoft 20150521
Microsoft 20150521
SUPERAntiSpyware 20150521
TheHacker 20150520
TotalDefense 20150521
VBA32 20150521
Zoner 20150520
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Entry Point 0x004F7000
Number of sections 6
PE sections
PE imports
InitCommonControls
Number of PE resources by type
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
0000:00:00 00:00:00

FileType
Win32 EXE

PEType
PE32

CodeSize
203264

LinkerVersion
12.0

FileTypeExtension
exe

InitializedDataSize
1000448

SubsystemVersion
5.1

EntryPoint
0x4f7000

OSVersion
5.1

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 55c447191d9566c7442e25c4caf0d2fe
SHA1 646762cee3a5caab9accd21efcb100cd49b8ef8a
SHA256 5b7e022f5009004985b34cf091d06752c765a25b445a46050eef51a17be8267d
ssdeep
49152:ZQwS6fiVzAdAqfR8K+CQmh2l2qf4LSQmCRnXhRaNQRWGNfbzQUo:+N6aVzAyqfnzQf4LptnXasW4fwU

authentihash 84d6e522b9887d01be409cab6df9a38ab4bc380f3b318c1f93103e2374dfd807
imphash baa93d47220682c04d92f7797d9224ce
File size 2.2 MB ( 2340864 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Tags
peexe

VirusTotal metadata
First submission 2015-05-10 16:15:38 UTC ( 3 years, 8 months ago )
Last submission 2017-01-12 18:11:12 UTC ( 2 years ago )
File names image.png
desktop.ini.ex_
ftZBkAj.jpg
55C447191D9566C7442E25C4CAF0D2FE_image.png.EXE
55C447191D9566C7442E25C4CAF0D2FE
DTAlKM6.exe
y76l3n.exe
Advanced heuristic and reputation engines
TrendMicro-HouseCall
TrendMicro's heuristic engine has flagged this file as: TROJ_GEN.R04HC0REH15.

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Copied files
Created processes
Shell commands
Created mutexes
Opened mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.