× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 5bd2e7c8ef813bccfcc2992b13480657bff16156a5d6121f5c6976707e6d935a
File name: 5bd2e7c8ef813bccfcc2992b13480657bff16156a5d6121f5c6976707e6d935a
Detection ratio: 7 / 54
Analysis date: 2016-02-10 00:09:23 UTC ( 3 years ago ) View latest
Antivirus Result Update
Antiy-AVL Trojan[Dropper]/Win32.Agent 20160210
Avast Win32:Malware-gen 20160210
Avira (no cloud) TR/AD.Qadars.Y.160 20160210
ESET-NOD32 Win32/Qadars.AO 20160209
Kaspersky Trojan-Dropper.Win32.Agent.bjqqyb 20160209
Qihoo-360 HEUR/QVM09.0.Malware.Gen 20160210
Rising PE:Malware.XPACK-HIE/Heur!1.9C48 [F] 20160209
Ad-Aware 20160210
AegisLab 20160209
Yandex 20160209
AhnLab-V3 20160209
Alibaba 20160204
Arcabit 20160210
AVG 20160210
Baidu-International 20160209
BitDefender 20160210
Bkav 20160204
ByteHero 20160210
CAT-QuickHeal 20160209
ClamAV 20160210
CMC 20160205
Comodo 20160209
Cyren 20160210
DrWeb 20160210
Emsisoft 20160210
F-Prot 20160210
F-Secure 20160209
Fortinet 20160209
GData 20160209
Ikarus 20160209
Jiangmin 20160209
K7AntiVirus 20160209
K7GW 20160209
Malwarebytes 20160209
McAfee 20160209
McAfee-GW-Edition 20160209
Microsoft 20160209
eScan 20160209
NANO-Antivirus 20160209
nProtect 20160205
Panda 20160208
Sophos AV 20160209
SUPERAntiSpyware 20160209
Symantec 20160209
Tencent 20160210
TheHacker 20160208
TotalDefense 20160209
TrendMicro 20160209
TrendMicro-HouseCall 20160209
VBA32 20160209
VIPRE 20160209
ViRobot 20160209
Zillya 20160209
Zoner 20160209
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © 2009-2014 Comcast

Product Kindjust
File version 15.5.4917.5867
Description Kindjust Riseproper
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2004-10-04 16:29:13
Entry Point 0x000022E7
Number of sections 4
PE sections
PE imports
RestoreDC
StartDocA
SaveDC
CreateFontIndirectA
ExtTextOutA
StartPage
Rectangle
GetLastError
InterlockedDecrement
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
FindFirstChangeNotificationA
GetConsoleCP
GetOEMCP
QueryPerformanceCounter
IsDebuggerPresent
HeapAlloc
TlsAlloc
FlushFileBuffers
GetEnvironmentStringsW
GetVersionExA
GetModuleFileNameA
RtlUnwind
LoadLibraryA
FreeEnvironmentStringsA
DeleteCriticalSection
GetStartupInfoA
GetVolumeInformationA
GetEnvironmentStrings
GetConsoleMode
GetLocaleInfoA
GetCurrentProcessId
GetConsoleOutputCP
SetHandleCount
WritePrivateProfileSectionW
DeleteFileA
WriteConsoleW
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
HeapSize
SetStdHandle
FreeEnvironmentStringsW
GetCPInfo
GetCommandLineA
GetProcAddress
TlsFree
GetProcessHeap
ExitProcess
SetFilePointer
GetTempPathA
WideCharToMultiByte
GetStringTypeA
GetModuleHandleA
ReadFile
SetUnhandledExceptionFilter
WriteFile
GetCurrentProcess
CloseHandle
GetSystemTimeAsFileTime
GetACP
HeapReAlloc
GetStringTypeW
GetCurrentThreadId
TerminateProcess
CreateProcessA
LCMapStringA
WriteConsoleA
InitializeCriticalSection
HeapCreate
VirtualFree
CreateEventA
HeapDestroy
Sleep
GetFileType
SetEndOfFile
TlsSetValue
CreateFileA
GetTickCount
GetVersion
InterlockedIncrement
VirtualAlloc
SetLastError
LeaveCriticalSection
GetAsyncKeyState
GetMessagePos
UpdateWindow
EnumChildWindows
GetClassNameA
GetDC
GetWindowTextA
FindWindowA
SetWindowPos
CoTaskMemFree
CoCreateInstance
CoUninitialize
CoInitialize
CoTaskMemAlloc
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
NEUTRAL 1
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
8.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
15.5.4917.5867

UninitializedDataSize
0

LanguageCode
Neutral

FileFlagsMask
0x0000

CharacterSet
Unicode

InitializedDataSize
110592

EntryPoint
0x22e7

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
15.5.4917.5867

TimeStamp
2004:10:04 17:29:13+01:00

FileType
Win32 EXE

PEType
PE32

FileDescription
Kindjust Riseproper

OSVersion
4.0

FileOS
Win32

LegalCopyright
Copyright 2009-2014 Comcast

MachineType
Intel 386 or later, and compatibles

CompanyName
Comcast

CodeSize
147456

ProductName
Kindjust

ProductVersionNumber
15.5.4917.5867

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 75fba35c2529a451996d326d2bdf4682
SHA1 ef82f11a7f312dcdc550b4b51b9bf66a00c59e00
SHA256 5bd2e7c8ef813bccfcc2992b13480657bff16156a5d6121f5c6976707e6d935a
ssdeep
3072:ozmWVCnwwKN3AcQ4nZqxY/5ojNi+AAyUoYwSgxttxUPcj:DWV4czZqOiuAyhptR

authentihash 6e51a174b1ec5c85b0e87da1c1cf1af8f2620a5f7030ffd1fb35b0a091203daf
imphash 7d90770bf66bb048213112f79a0ca1aa
File size 196.0 KB ( 200704 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2016-02-10 00:09:23 UTC ( 3 years ago )
Last submission 2016-02-10 00:09:23 UTC ( 3 years ago )
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
DNS requests
TCP connections
UDP communications