× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 5db3d6eff3fc46920db43dbc270541bdb1bdff7ab83ca73e05b0721a13632863
File name: file-6765949_
Detection ratio: 53 / 61
Analysis date: 2017-04-06 21:28:30 UTC ( 2 weeks, 3 days ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Kazy.7039 20170406
AegisLab Variant.Kazy.Gen!c 20170406
AhnLab-V3 Trojan/Win32.Refroso.R425 20170406
ALYac Gen:Variant.Kazy.7039 20170406
Antiy-AVL Trojan[Backdoor]/Win32.Donbot 20170406
Arcabit Trojan.Kazy.D1B7F 20170406
Avast Win32:Malware-gen 20170406
AVG BackDoor.Generic16.TGV 20170406
Avira (no cloud) TR/PSW.Zbot.15184 20170406
AVware Packed.Win32.Rebhip.a.1 (v) 20170406
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9998 20170406
BitDefender Gen:Variant.Kazy.7039 20170406
CAT-QuickHeal VirTool.CeeInject.F 20170406
CMC Trojan-Downloader.Win32.Refroso!O 20170406
Comodo Backdoor.Win32.DonBot.A 20170406
DrWeb Trojan.Inject1.30808 20170406
Emsisoft Gen:Variant.Kazy.7039 (B) 20170406
Endgame malicious (high confidence) .ce.pe.s.u.q1 20170406
ESET-NOD32 a variant of Win32/Injector.BGER 20170406
F-Secure Trojan-Dropper:W32/Malis.gen!Q 20170406
Fortinet W32/Generic.AC.22FC4!tr 20170406
GData Gen:Variant.Kazy.7039 20170406
Ikarus Trojan-Downloader.Win32.Refroso 20170406
Invincea virus.win32.virut.bn 20170203
Jiangmin Backdoor/Bifrose.pyd 20170406
K7AntiVirus Backdoor ( 04c523e31 ) 20170406
K7GW Backdoor ( 04c523e31 ) 20170406
Kaspersky Backdoor.Win32.Donbot.b 20170406
Kingsoft Win32.Hack.Donbot.(kcloud) 20170406
Malwarebytes Trojan.VirTool 20170406
McAfee GenericR-EOO!9084D3051C79 20170406
McAfee-GW-Edition BehavesLike.Win32.Ransom.cc 20170406
Microsoft Trojan:Win32/Dorv.B!rfn 20170406
eScan Gen:Variant.Kazy.7039 20170406
NANO-Antivirus Trojan.Win32.Donbot.ctjpsg 20170406
nProtect Backdoor/W32.Donbot.171008 20170406
Palo Alto Networks (Known Signatures) generic.ml 20170406
Panda Trj/Genetic.gen 20170406
Qihoo-360 Win32/Trojan.e0f 20170406
Rising Trojan.Generic (cloud:ypzv2C1Vf5O) 20170406
SentinelOne (Static ML) static engine - malicious 20170330
Sophos Mal/KeInject-A 20170406
Symantec Trojan.Gen.2 20170406
Tencent Win32.Backdoor.Donbot.Hrom 20170406
TrendMicro WORM_KOLAB.SMF 20170406
TrendMicro-HouseCall WORM_KOLAB.SMF 20170406
VBA32 Backdoor.Donbot 20170406
VIPRE Packed.Win32.Rebhip.a.1 (v) 20170406
ViRobot Backdoor.Win32.Bifrose.68096.D[h] 20170406
Webroot W32.InfoStealer.Zeus 20170406
Yandex Backdoor.Donbot.Gen 20170406
Zillya Virus.Donbot.Win32.1 20170406
ZoneAlarm by Check Point Backdoor.Win32.Donbot.b 20170406
Alibaba 20170406
ClamAV 20170406
CrowdStrike Falcon (ML) 20170130
Cyren 20170406
F-Prot 20170406
SUPERAntiSpyware 20170406
Symantec Mobile Insight 20170406
TheHacker 20170406
TotalDefense 20170406
Trustlook 20170406
WhiteArmor 20170327
Zoner 20170406
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2009-08-24 12:30:49
Entry Point 0x0000566A
Number of sections 5
PE sections
PE imports
DeleteDC
SetBkMode
BitBlt
TextOutA
CreateSolidBrush
SelectObject
CreateCompatibleDC
DeleteObject
CreateCompatibleBitmap
SetTextColor
CreateThread
GetStartupInfoA
lstrlenA
Sleep
GetModuleHandleA
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?replace@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IIABV12@II@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
??1_Winit@std@@QAE@XZ
??9std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??_F?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
??0_Winit@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
??0Init@ios_base@std@@QAE@XZ
__p__fmode
malloc
_acmdln
memset
__dllonexit
_stricmp
strlen
_except_handler3
?terminate@@YAXXZ
??2@YAPAXI@Z
__p__commode
_onexit
exit
_XcptFilter
__setusermatherr
rand
_controlfp
sprintf
__CxxFrameHandler
_adjust_fdiv
getenv
__getmainargs
memcpy
memmove
_initterm
_exit
_EH_prolog
strcmp
__set_app_type
GetMessageA
UpdateWindow
BeginPaint
PostQuitMessage
DefWindowProcA
ShowWindow
LoadBitmapA
DispatchMessageA
EndPaint
MessageBoxA
TranslateMessage
GetDC
RegisterClassExA
ReleaseDC
GetClientRect
CreateWindowExA
wsprintfA
SetTimer
LoadCursorA
LoadIconA
FillRect
DestroyWindow
CoInitialize
Number of PE resources by type
RT_RCDATA 1
Struct(240) 1
Struct(27) 1
Number of PE resources by language
NEUTRAL 2
ENGLISH US 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2009:08:24 13:30:49+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
18944

LinkerVersion
6.0

EntryPoint
0x566a

InitializedDataSize
150529

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

Compressed bundles
File identification
MD5 9084d3051c79b21a1a76a7a4e3c80f5b
SHA1 99e3d05607635a1e949256bde2a40bb8498568f9
SHA256 5db3d6eff3fc46920db43dbc270541bdb1bdff7ab83ca73e05b0721a13632863
ssdeep
3072:eRIwbo6j2OY8PmtDpERlJjUSc2m+Gys9NIdRWZVwTg8Hfw4iKpXgef7yy:kb5j2OlPmd6HjlU+xs7IQw08/j517p

authentihash 8b6e68cf65bd07b97900cae1b58a649ac28bdbf82127314a96f590bc6d9fc954
File size 167.0 KB ( 171008 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable (generic) (42.6%)
Clipper DOS Executable (19.1%)
Generic Win/DOS Executable (18.9%)
DOS Executable Generic (18.9%)
VXD Driver (0.2%)
Tags
peexe

VirusTotal metadata
First submission 2013-12-15 07:23:00 UTC ( 3 years, 4 months ago )
Last submission 2017-04-06 21:28:30 UTC ( 2 weeks, 3 days ago )
File names 235f56fc76ddf8c483c37607dd7ad24128ea3cad
file-6765949_
9084D3051C79B21A1A76A7A4E3C80F5B.exe
xuoohsupmi.exe
xuoohsupmi.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
Behaviour characterization
Zemana
dll-injection

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created processes
Opened mutexes
Searched windows
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
UDP communications