× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 5dc95433ce96006ef71b1d21dae4edbfa28245a3ea31e5fe168227682e26a0f7
File name: Krisan Cafe Client - Runtime.exe
Detection ratio: 0 / 52
Analysis date: 2014-05-25 02:48:10 UTC ( 3 years, 6 months ago )
Antivirus Result Update
Ad-Aware 20140525
AegisLab 20140525
Yandex 20140524
AhnLab-V3 20140524
AntiVir 20140524
Antiy-AVL 20140525
Avast 20140525
AVG 20140525
Baidu-International 20140524
BitDefender 20140525
Bkav 20140523
ByteHero 20140525
CAT-QuickHeal 20140524
ClamAV 20140525
CMC 20140525
Commtouch 20140525
Comodo 20140524
DrWeb 20140525
Emsisoft 20140525
ESET-NOD32 20140524
F-Prot 20140525
F-Secure 20140524
Fortinet 20140525
GData 20140525
Ikarus 20140524
Jiangmin 20140524
K7AntiVirus 20140523
K7GW 20140523
Kaspersky 20140524
Kingsoft 20140525
Malwarebytes 20140524
McAfee 20140525
McAfee-GW-Edition 20140525
Microsoft 20140525
eScan 20140525
NANO-Antivirus 20140525
Norman 20140524
nProtect 20140523
Panda 20140524
Qihoo-360 20140525
Rising 20140524
Sophos AV 20140525
SUPERAntiSpyware 20140524
Symantec 20140525
Tencent 20140515
TheHacker 20140523
TotalDefense 20140524
TrendMicro 20140525
TrendMicro-HouseCall 20140525
VBA32 20140523
VIPRE 20140525
ViRobot 20140524
Zillya 20140524
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Publisher Alexander M. Prado
Signature verification A certificate chain could not be built to a trusted root authority.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2008-02-17 06:10:17
Entry Point 0x000010B9
Number of sections 7
PE sections
PE imports
GetFileAttributesA
VirtualFree
GetModuleHandleA
GetTempPathA
GetModuleFileNameA
lstrcmpA
LoadLibraryA
lstrlenA
lstrcatA
WriteFile
CreateDirectoryA
DeleteFileA
FreeLibrary
lstrcpyA
ExitProcess
CloseHandle
CreateFileA
RemoveDirectoryA
GetFileSize
VirtualAlloc
GetProcAddress
wsprintfA
MessageBoxA
Number of PE resources by type
RT_DIALOG 5
RT_ICON 1
RT_GROUP_ICON 1
RT_RCDATA 1
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 7
NEUTRAL 2
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2008:02:17 07:10:17+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
3584

LinkerVersion
3.0

FileAccessDate
2014:05:25 03:48:50+01:00

EntryPoint
0x10b9

InitializedDataSize
99328

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

FileCreateDate
2014:05:25 03:48:50+01:00

UninitializedDataSize
0

File identification
MD5 79e5ac6b87fd3cd031501fd9eb43142d
SHA1 8f906766739240d32d8717eb98d4a9a368bf17ab
SHA256 5dc95433ce96006ef71b1d21dae4edbfa28245a3ea31e5fe168227682e26a0f7
ssdeep
98304:IR+wMyLagX8DQkUL+C/D0gF6ekF/dL4rVKQdPjMt5rdkiw+REU67Ca:BwdLXCMo5/xsVKQdrMOs2D7Ca

imphash c9749513208288305099900ce01b1603
File size 5.5 MB ( 5809640 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (64.6%)
Win32 Dynamic Link Library (generic) (15.3%)
Win32 Executable (generic) (10.5%)
Generic Win/DOS Executable (4.6%)
DOS Executable Generic (4.6%)
Tags
peexe

VirusTotal metadata
First submission 2013-08-23 02:30:32 UTC ( 4 years, 3 months ago )
Last submission 2014-05-25 02:48:10 UTC ( 3 years, 6 months ago )
File names Krisan Cafe Client - Runtime.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.