× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 5fbcce025624741d66f092f6c322cce15a73a467b0042f07becd1957c4bd1b69
File name: malicious-executable-from-delivery.globalcdnnode.com.exe
Detection ratio: 20 / 48
Analysis date: 2013-09-29 06:27:04 UTC ( 5 years, 7 months ago ) View latest
Antivirus Result Update
AntiVir TR/Crypt.ZPACK.9196 20130928
AVG Generic35.AV 20130928
Baidu-International Trojan-Ransom.Win32.Foreign.ijxb 20130928
BitDefender Gen:Variant.Zusy.65240 20130929
Comodo UnclassifiedMalware 20130929
DrWeb Trojan.Winlock.8811 20130929
Emsisoft Gen:Variant.Zusy.65240 (B) 20130929
ESET-NOD32 Win32/TrojanDownloader.Nymaim.AB 20130928
F-Secure Gen:Variant.Zusy.65240 20130929
Fortinet W32/Foreign.IJXB!tr 20130929
GData Gen:Variant.Zusy.65240 20130929
Kaspersky Trojan-Ransom.Win32.Foreign.ijxb 20130929
Kingsoft Win32.Troj.Undef.(kcloud) 20130829
Malwarebytes Trojan.Ransom.ED 20130929
McAfee Artemis!9B75DA764B0F 20130929
McAfee-GW-Edition Artemis!9B75DA764B0F 20130928
eScan Gen:Variant.Zusy.65240 20130929
Panda Suspicious file 20130928
TrendMicro-HouseCall TROJ_GEN.F47V0928 20130929
VIPRE Trojan.Win32.Generic!BT 20130929
Yandex 20130928
AhnLab-V3 20130928
Antiy-AVL 20130929
Avast 20130929
Bkav 20130927
ByteHero 20130925
CAT-QuickHeal 20130928
ClamAV 20130929
Commtouch 20130929
F-Prot 20130929
Ikarus 20130929
Jiangmin 20130903
K7AntiVirus 20130927
K7GW 20130927
Microsoft 20130929
NANO-Antivirus 20130929
Norman 20130929
nProtect 20130929
PCTools 20130925
Rising 20130929
Sophos AV 20130929
SUPERAntiSpyware 20130928
Symantec 20130929
TheHacker 20130929
TotalDefense 20130927
TrendMicro 20130929
VBA32 20130927
ViRobot 20130928
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © 2000-2007 Heaventools Software

Product PE Explorer
Original name pexplorer.exe
Internal name PE Explorer
File version 1.99.2.1230
Description PE Explorer
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-09-28 03:15:32
Entry Point 0x00001BFE
Number of sections 4
PE sections
PE imports
CreateDIBPatternBrushPt
CloseEnhMetaFile
CreateBitmap
CloseMetaFile
ChoosePixelFormat
AngleArc
CopyEnhMetaFileA
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetStdHandle
DosDateTimeToFileTime
LCMapStringW
SetHandleCount
GetModuleFileNameW
GetConsoleCP
Beep
QueryPerformanceCounter
IsDebuggerPresent
EncodePointer
TlsAlloc
GetEnvironmentStringsW
FlushFileBuffers
GetModuleFileNameA
RtlUnwind
IsProcessorFeaturePresent
HeapAlloc
HeapSetInformation
GetCurrentProcess
EnterCriticalSection
GetConsoleMode
GetStringTypeW
GetCurrentProcessId
OpenProcess
WriteConsoleW
SetFilePointer
GetCPInfo
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
GetStartupInfoW
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
HeapSize
SetStdHandle
CompareStringW
WideCharToMultiByte
LoadLibraryW
TlsFree
ExpandEnvironmentStringsW
DeleteCriticalSection
SetUnhandledExceptionFilter
WriteFile
CloseHandle
GetSystemTimeAsFileTime
GlobalMemoryStatusEx
GetACP
HeapReAlloc
DecodePointer
GetModuleHandleW
SetEnvironmentVariableA
GetOEMCP
TerminateProcess
GetTimeZoneInformation
IsValidCodePage
HeapCreate
CreateFileW
TlsGetValue
Sleep
GetFileType
GetTickCount
TlsSetValue
ExitProcess
GetCurrentThreadId
InterlockedIncrement
SetLastError
LeaveCriticalSection
glVertex2d
glColor4iv
glMultMatrixf
glColor3dv
glIsList
glTexParameterfv
glDeleteLists
Number of PE resources by type
RT_STRING 6
RT_DIALOG 4
RT_HTML 2
RT_VERSION 1
Number of PE resources by language
ENGLISH US 10
ENGLISH BELIZE 2
NEUTRAL 1
PE resources
ExifTool file metadata
CodeSize
34304

FileDescription
PE Explorer

InitializedDataSize
90624

ImageVersion
0.0

ProductName
PE Explorer

FileVersionNumber
1.99.2.1230

LanguageCode
Neutral

FileFlagsMask
0x003f

CharacterSet
Windows, Cyrillic

LinkerVersion
9.0

FileTypeExtension
exe

OriginalFileName
pexplorer.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
1.99.2.1230

TimeStamp
2013:09:28 04:15:32+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
PE Explorer

SubsystemVersion
5.0

ProductVersion
1.99.2.1230

UninitializedDataSize
0

OSVersion
5.0

FileOS
Win32

LegalCopyright
Copyright 2000-2007 Heaventools Software

MachineType
Intel 386 or later, and compatibles

CompanyName
Heaventools Software

LegalTrademarks
PE Explorer is a trademark of Heaventools Software

FileSubtype
0

ProductVersionNumber
1.99.2.1230

EntryPoint
0x1bfe

ObjectFileType
Executable application

PCAP parents
File identification
MD5 9b75da764b0fa639b18548d52255689b
SHA1 ecf9e0673e7a18dd288ac351ef93e7dcf80d957f
SHA256 5fbcce025624741d66f092f6c322cce15a73a467b0042f07becd1957c4bd1b69
ssdeep
1536:2k1H7GFByBgDnrVI+kktbO0bhIz0DZlCq7RPhjNAI6MDVdsHpiHwi1vzst:2/yWn5I+pbO0bhRD9FJjWIrDMpiQitst

authentihash 3e1133a5fed3103e84d115a0e0bbf0dc421152097b35c3b24bfae84d4bc456a1
imphash e9735de0c7a58bdcfbb9cd5dce05fc15
File size 123.0 KB ( 125952 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2013-09-28 05:28:30 UTC ( 5 years, 7 months ago )
Last submission 2017-06-28 08:34:55 UTC ( 1 year, 10 months ago )
File names malicious-executable-from-delivery.globalcdnnode.com.exe
malicious-executable-from-delivery.globalcdnnode.com.exe
PE Explorer
501012.exe
vt_13281480.@
pexplorer.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Created processes
Code injections in the following processes
Opened mutexes
Runtime DLLs