× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 5ec1e1850100849dd4750ef083824806304e82be5233e241b69b1960acc96324
File name: EXE1.exe
Detection ratio: 7 / 55
Analysis date: 2014-11-18 13:53:04 UTC ( 4 years, 6 months ago ) View latest
Antivirus Result Update
Bkav HW32.Packed.691A 20141118
ByteHero Trojan.Malware.Obscu.Gen.002 20141118
CMC Packed.Win32.Katusha.1!O 20141118
McAfee-GW-Edition BehavesLike.Win32.Backdoor.fc 20141118
Qihoo-360 Malware.QVM20.Gen 20141118
Rising PE:Malware.XPACK-LNR/Heur!1.5594 20141117
Symantec Suspicious.Cloud.5 20141118
Ad-Aware 20141118
AegisLab 20141118
Yandex 20141117
AhnLab-V3 20141118
Antiy-AVL 20141118
Avast 20141118
AVG 20141118
Avira (no cloud) 20141118
AVware 20141118
Baidu-International 20141107
BitDefender 20141118
CAT-QuickHeal 20141118
ClamAV 20141118
Comodo 20141118
Cyren 20141118
DrWeb 20141118
Emsisoft 20141118
ESET-NOD32 20141118
F-Prot 20141118
F-Secure 20141118
Fortinet 20141118
GData 20141118
Ikarus 20141118
Jiangmin 20141117
K7AntiVirus 20141118
K7GW 20141118
Kaspersky 20141118
Kingsoft 20141118
Malwarebytes 20141118
McAfee 20141118
Microsoft 20141118
eScan 20141118
NANO-Antivirus 20141118
Norman 20141117
nProtect 20141118
Panda 20141118
Sophos AV 20141118
SUPERAntiSpyware 20141118
Tencent 20141118
TheHacker 20141117
TotalDefense 20141118
TrendMicro 20141118
TrendMicro-HouseCall 20141118
VBA32 20141118
VIPRE 20141118
ViRobot 20141118
Zillya 20141117
Zoner 20141118
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1988-08-24 23:58:57
Entry Point 0x00003058
Number of sections 4
PE sections
PE imports
CoRegCleanup
DowngradeAPL
SetSetupSave
SetupOpen
SetSetupOpen
CDBuildVect
MD5Init
MD5Update
JetCloseDatabase
JetCloseTable
JetCommitTransaction
JetBeginTransaction
JetCloseFile
GetLastError
CopyFileW
CompareStringW
HeapAlloc
ReplaceFileW
WaitForSingleObjectEx
FindNextVolumeW
GetLocalTime
GetStartupInfoA
GetDateFormatA
GetFileSize
CreateDirectoryA
DeleteFileA
GetProcAddress
GetProcessHeap
GetGeoInfoA
GetModuleHandleA
FindFirstFileA
CreateSemaphoreW
OpenMutexW
CreateWaitableTimerA
GetACP
InterlockedDecrement
WriteConsoleW
wsprintfA
LoadCursorA
DrawTextA
DispatchMessageA
DrawIcon
EnumDesktopsA
PeekMessageA
SetCursorPos
DialogBoxParamW
GetMessageW
FindWindowA
MessageBoxW
CreateDesktopW
IsDialogMessageA
WTSSetUserConfigA
WTSSetSessionInformationA
WTSUnRegisterSessionNotification
WTSQueryUserToken
WTSOpenServerA
WTSVirtualChannelRead
WTSVirtualChannelClose
WTSVirtualChannelPurgeInput
WTSFreeMemory
WTSLogoffSession
WTSVirtualChannelWrite
WTSWaitSystemEvent
WTSVirtualChannelOpen
WTSEnumerateServersA
Number of PE resources by type
TAR 1
Number of PE resources by language
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
1988:08:25 00:58:57+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
16384

LinkerVersion
6.0

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

EntryPoint
0x3058

InitializedDataSize
331776

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

Execution parents
Compressed bundles
File identification
MD5 40cbb60a21799af000c85c9e6f006954
SHA1 57b7cb33153f50971790c93a9efb318dbbd38677
SHA256 5ec1e1850100849dd4750ef083824806304e82be5233e241b69b1960acc96324
ssdeep
6144:Jd1W6uDQAwHjYxYR9PgOGZFrfiW9VkAqmljB1I9bs352miYvRv6S5PzjdA:tWV1OjYaRPgrqPAjEW2V2RvJPF

authentihash 0085b1ef78196ec066a1d493ed52f42fba7c5e569a2d76e509b2a15377d96113
imphash 5095cf26e2891df10134634c0614bad3
File size 344.0 KB ( 352256 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Windows screen saver (40.5%)
Win32 Dynamic Link Library (generic) (20.3%)
Win32 Executable (generic) (13.9%)
Win16/32 Executable Delphi generic (6.4%)
OS/2 Executable (generic) (6.2%)
Tags
peexe

VirusTotal metadata
First submission 2014-11-18 13:48:18 UTC ( 4 years, 6 months ago )
Last submission 2018-06-17 06:13:30 UTC ( 11 months, 1 week ago )
File names LRVKQQHXTVKOCAG.EXE
5ec1e1850100849dd4750ef083824806304e82be5233e241b69b1960acc96324.exe
uXmVEICXdvKpYxT.exe
EXE1.exe
Advanced heuristic and reputation engines
TrendMicro-HouseCall
TrendMicro's heuristic engine has flagged this file as: TROJ_GEN.F0C2C00L914.

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Created mutexes
Opened mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.