× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 5cf0ed4f294c6de3310316874fefac4a5aff9d67f1f08e9ab3cd1c9200bff21f
File name: bin.exe
Detection ratio: 2 / 57
Analysis date: 2015-02-24 09:35:11 UTC ( 2 years, 9 months ago ) View latest
Antivirus Result Update
Fortinet W32/Dridex.J!tr 20150224
Rising PE:Malware.XPACK-LNR/Heur!1.5594 20150223
Ad-Aware 20150224
AegisLab 20150224
Yandex 20150223
AhnLab-V3 20150224
Alibaba 20150224
ALYac 20150224
Antiy-AVL 20150224
Avast 20150224
AVG 20150224
Avira (no cloud) 20150224
AVware 20150224
Baidu-International 20150224
BitDefender 20150224
Bkav 20150213
ByteHero 20150224
CAT-QuickHeal 20150224
ClamAV 20150224
CMC 20150223
Comodo 20150224
Cyren 20150224
DrWeb 20150224
Emsisoft 20150224
ESET-NOD32 20150224
F-Prot 20150224
F-Secure 20150224
GData 20150224
Ikarus 20150224
Jiangmin 20150223
K7AntiVirus 20150224
K7GW 20150224
Kaspersky 20150224
Kingsoft 20150224
Malwarebytes 20150224
McAfee 20150224
McAfee-GW-Edition 20150224
Microsoft 20150224
eScan 20150224
NANO-Antivirus 20150224
Norman 20150224
nProtect 20150223
Panda 20150224
Qihoo-360 20150224
Sophos AV 20150224
SUPERAntiSpyware 20150224
Symantec 20150224
Tencent 20150224
TheHacker 20150222
TotalDefense 20150223
TrendMicro 20150224
TrendMicro-HouseCall 20150224
VBA32 20150220
VIPRE 20150224
ViRobot 20150224
Zillya 20150223
Zoner 20150223
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Microsoft® Windows® Operating System
Original name DynaMon.dll
Internal name DynaMon.dll
File version 5.1.2660.5512 (xpsp.080413-0852)
Description Standard Dynamic Printing Port Monitor DLL
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-02-24 09:42:17
Entry Point 0x00005FA0
Number of sections 6
PE sections
PE imports
JetGetLock
JetRestore2
JetTerm2
InterlockedCompareExchange
SetupDiGetDeviceInfoListDetailA
MessageBoxW
MessageBoxA
GetForegroundWindow
IsWindow
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
5.0

InitializedDataSize
73728

ImageVersion
0.0

ProductName
Microsoft Windows Operating System

FileVersionNumber
5.1.2660.5512

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

LinkerVersion
6.0

FileTypeExtension
exe

OriginalFileName
DynaMon.dll

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
5.1.2660.5512 (xpsp.080413-0852)

TimeStamp
2015:02:24 10:42:17+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
DynaMon.dll

ProductVersion
5.1.2660.5512

FileDescription
Standard Dynamic Printing Port Monitor DLL

OSVersion
5.1

FileOS
Windows NT 32-bit

LegalCopyright
Microsoft Corporation. All rights reserved.

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
22528

FileSubtype
0

ProductVersionNumber
5.1.2660.5512

EntryPoint
0x5fa0

ObjectFileType
Dynamic link library

Compressed bundles
File identification
MD5 fbca3b9e23ef33b25e74be7511dcecc1
SHA1 6a2a1dae129652dcde3272b8a61d3324cfa65297
SHA256 5cf0ed4f294c6de3310316874fefac4a5aff9d67f1f08e9ab3cd1c9200bff21f
ssdeep
1536:PjpeyLFXx3iPcpvqctmKm9F4SLQbsFCfWevszJcDGuJzTK:rpJ3Vvqc8/neW2K

authentihash ce3e65fb73a09949dcad7fa5572f889fbec5e3db373a24d2d1fea3159bbb3222
imphash b532ca9a530f63148667842b6afb7aca
File size 92.0 KB ( 94208 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Tags
peexe

VirusTotal metadata
First submission 2015-02-24 09:08:39 UTC ( 2 years, 9 months ago )
Last submission 2016-05-26 21:24:48 UTC ( 1 year, 6 months ago )
File names bin.exe
bin_2.exe
bin_exe
DynaMon.dll
bin[1].exe.dr
fbca3b9e23ef33b25e74be7511dcecc1.exe
GHjkdfg.exe
QRx9vhpbB.tar.bz2
.b5fd8d18
bin.exe
bin.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Deleted files
Created processes
Created mutexes
Opened mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
HTTP requests
TCP connections