× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 5bd62aad7e08d61230f6c49e43c173aaba7c1792d8004ee737c72744e5177d45
File name: ebc1d08c0f63714ca10ab40235744aa5f84bca6a
Detection ratio: 7 / 56
Analysis date: 2015-04-17 18:59:47 UTC ( 3 years, 11 months ago ) View latest
Antivirus Result Update
Avast Win32:Malware-gen 20150417
AVG Crypt4.PRQ 20150417
Bkav HW32.Packed.675A 20150417
ESET-NOD32 a variant of Win32/Kryptik.DFLQ 20150417
Kaspersky Trojan.Win32.Yakes.kjhz 20150417
Rising PE:Malware.XPACK-HIE/Heur!1.9C48 20150417
Tencent Trojan.Win32.Qudamah.Gen.3 20150417
Ad-Aware 20150417
AegisLab 20150417
Yandex 20150417
AhnLab-V3 20150417
Alibaba 20150417
Antiy-AVL 20150417
Avira (no cloud) 20150417
AVware 20150417
Baidu-International 20150417
BitDefender 20150417
ByteHero 20150417
CAT-QuickHeal 20150417
ClamAV 20150417
CMC 20150416
Comodo 20150417
Cyren 20150417
DrWeb 20150417
Emsisoft 20150417
F-Prot 20150417
F-Secure 20150417
Fortinet 20150417
GData 20150417
Ikarus 20150417
Jiangmin 20150414
K7AntiVirus 20150417
K7GW 20150417
Kingsoft 20150417
Malwarebytes 20150417
McAfee 20150417
McAfee-GW-Edition 20150417
Microsoft 20150417
eScan 20150417
NANO-Antivirus 20150417
Norman 20150417
nProtect 20150417
Panda 20150417
Qihoo-360 20150417
Sophos AV 20150417
SUPERAntiSpyware 20150417
Symantec 20150417
TheHacker 20150417
TotalDefense 20150417
TrendMicro 20150417
TrendMicro-HouseCall 20150417
VBA32 20150417
VIPRE 20150417
ViRobot 20150417
Zillya 20150417
Zoner 20150417
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-04-16 13:50:46
Entry Point 0x00003AF9
Number of sections 5
PE sections
PE imports
Ord(17)
CreatePropertySheetPageW
GetObjectA
CreateBitmapIndirect
CreateICA
TextOutW
DeleteDC
SetBkMode
MoveToEx
CreatePen
RealizePalette
SelectPalette
GetTextMetricsA
SelectObject
BitBlt
SetTextAlign
CreateCompatibleDC
DeleteObject
StretchBlt
Rectangle
CreateSolidBrush
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
IsProcessorFeaturePresent
EnterCriticalSection
LCMapStringW
SetHandleCount
LoadLibraryW
GetConsoleCP
GetOEMCP
QueryPerformanceCounter
IsDebuggerPresent
GetTickCount
CreateFileW
TlsAlloc
GlobalUnlock
GetEnvironmentStringsW
FlushFileBuffers
GetModuleFileNameA
RtlUnwind
LoadLibraryA
FreeLibrary
GetStdHandle
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
DecodePointer
GetCurrentProcessId
lstrcatA
GetCPInfo
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
HeapSize
FillConsoleOutputCharacterA
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
GetConsoleScreenBufferInfo
FillConsoleOutputAttribute
EncodePointer
GetStartupInfoW
SetConsoleCursorPosition
SetStdHandle
GetModuleHandleA
RaiseException
InitializeCriticalSection
WideCharToMultiByte
GetModuleFileNameW
TlsFree
SetFilePointer
HeapSetInformation
ReadFile
SetUnhandledExceptionFilter
WriteFile
CloseHandle
GetSystemTimeAsFileTime
GetACP
HeapReAlloc
GetStringTypeW
GetModuleHandleW
HeapAlloc
TerminateProcess
IsValidCodePage
HeapCreate
SetLastError
WaitForSingleObject
GlobalAlloc
GlobalLock
CreateEventA
TlsGetValue
Sleep
GetFileType
EnumDateFormatsA
TlsSetValue
CreateFileA
ExitProcess
GetCurrentThreadId
InterlockedIncrement
GetFileSize
WriteConsoleW
LeaveCriticalSection
WNetConnectionDialog
OleSavePictureFile
OleCreatePictureIndirect
OleLoadPicture
SetupDiGetClassDevsA
ShellExecuteA
DragQueryFileA
LsaGetLogonSessionData
GetMessageA
BeginPaint
DefWindowProcA
FindWindowA
GetSystemMetrics
DispatchMessageA
EnableWindow
GetDlgItemTextA
MessageBoxA
SetWindowLongA
TranslateMessage
DialogBoxParamA
GetDC
CopyImage
ReleaseDC
SetWindowTextA
SendMessageA
GetClientRect
GetDlgItem
CreateDialogParamA
InvalidateRect
GetWindowLongA
GetWindowTextLengthA
CharNextW
IsDialogMessageA
GdipDisposeImage
GdipCreateBitmapFromFile
GdiplusStartup
GdipCreateHBITMAPFromBitmap
ReleaseStgMedium
CreateStreamOnHGlobal
OleUninitialize
OleInitialize
OleGetClipboard
Number of PE resources by type
RT_CURSOR 7
RT_ICON 4
RT_BITMAP 3
RT_MANIFEST 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 16
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2015:04:16 14:50:46+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
240640

LinkerVersion
10.0

FileTypeExtension
exe

InitializedDataSize
90624

SubsystemVersion
5.1

EntryPoint
0x3af9

OSVersion
5.1

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 c937b2afc55c736f7c62e4885cbe8e9c
SHA1 69ac8bf673618f9ece64c9ac2e96a19541b3022b
SHA256 5bd62aad7e08d61230f6c49e43c173aaba7c1792d8004ee737c72744e5177d45
ssdeep
6144:CdChKLc4qyQ9MDVdss2xG1PoudD05/t1giJA3Cj+ZClZV69rzv:thKguQ9GHsTxG13d496c+ZsAzv

authentihash 562755ebbbfeb42c149cb013c7c5460f3c92e4da6cf5ed9fad5c055575a2a7c8
imphash 2ab40dbaa9148d0ff89e2467eebc128d
File size 324.5 KB ( 332288 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2015-04-17 18:59:47 UTC ( 3 years, 11 months ago )
Last submission 2015-04-17 18:59:47 UTC ( 3 years, 11 months ago )
File names 5bd62aad7e08d61230f6c49e43c173aaba7c1792d8004ee737c72744e5177d45.exe
5bd62aad7e08d61230f6c49e43c173aaba7c1792d8004ee737c72744e5177d45.exe
ebc1d08c0f63714ca10ab40235744aa5f84bca6a
5bd62aad7e08d61230f6c49e43c173aaba7c1792d8004ee737c72744e5177d45.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Created mutexes
Opened mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.