× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 607e45c2efc223af021433d01678f2e7afc56cbe2f428f727f2f986136c48154
File name: 1277531.exe.dr
Detection ratio: 49 / 55
Analysis date: 2015-04-23 03:45:12 UTC ( 4 years, 1 month ago ) View latest
Antivirus Result Update
Ad-Aware Win32.Parite.B 20150423
Yandex Win32.Parite.B 20150422
AhnLab-V3 Win32/Parite 20150423
Antiy-AVL Virus/Win32.Parite.b 20150422
Avast Win32:Parite 20150423
AVG Win32/Parite 20150423
AVware Win32.Parite.b (v) 20150423
Baidu-International Virus.Win32.Parite.$b 20150421
BitDefender Win32.Parite.B 20150423
Bkav W32.HfsAutoB.925B 20150422
ByteHero Virus.Win32.Heur.d 20150423
CAT-QuickHeal W32.Perite.A 20150423
ClamAV Heuristics.W32.Parite.B 20150423
Comodo Virus.Win32.Parite.gen 20150422
Cyren W32/Parite.B 20150423
DrWeb Trojan.Dridex.104 20150423
Emsisoft Win32.Parite.B (B) 20150423
ESET-NOD32 Win32/Parite.B 20150423
F-Prot W32/Parite.B 20150423
F-Secure Win32.Parite.B 20150423
Fortinet W32/Parite.B 20150423
GData Win32.Parite.B 20150423
Ikarus Virus.Parite 20150423
Jiangmin Win32/Parite.b 20150422
K7AntiVirus Virus ( 00001b711 ) 20150422
K7GW Virus ( 00001b711 ) 20150422
Kaspersky Virus.Win32.Parite.b 20150423
Kingsoft Win32.Parite.xp.1243622 20150423
McAfee W32/Pate.b 20150423
McAfee-GW-Edition BehavesLike.Win32.Expiro.fc 20150422
Microsoft Virus:Win32/Parite.B 20150423
eScan Win32.Parite.B 20150423
NANO-Antivirus Virus.Win32.Parite.bgvo 20150422
Norman Pinfi.A 20150422
nProtect Virus/W32.Parite.C 20150422
Panda W32/Parite.B 20150422
Qihoo-360 Win32/Trojan.eb6 20150423
Rising PE:Win32.Parite.b!16043 20150422
Sophos AV W32/Parite-B 20150423
Symantec W32.Pinfi.B 20150423
Tencent Virus.Win32.Dropper.c 20150423
TheHacker W32/Pate.B 20150422
TotalDefense Win32/Pinfi.A 20150422
TrendMicro PE_PARITE.A 20150423
TrendMicro-HouseCall PE_PARITE.A 20150423
VBA32 Virus.Win32.Parite.b 20150422
VIPRE Win32.Parite.b (v) 20150423
ViRobot Win32.Parite.A[h] 20150423
Zillya Virus.Parite.Win32.9 20150422
AegisLab 20150423
Alibaba 20150423
CMC 20150421
Malwarebytes 20150423
SUPERAntiSpyware 20150423
Zoner 20150422
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2010-03-06 11:23:42
Entry Point 0x00029000
Number of sections 6
PE sections
Overlays
MD5 5b4539290828c2ae0c026d74a3bfe187
File type data
Offset 148992
Size 176090
Entropy 7.94
PE imports
HlinkResolveStringForData
HlinkGetSpecialReference
HlinkResolveShortcut
HlinkCreateExtensionServices
HlinkOnNavigate
HlinkResolveMonikerForData
HlinkCreateShortcutFromMoniker
HlinkCreateShortcut
DllCanUnloadNow
HlinkIsShortcut
DllGetClassObject
HlinkCreateShortcutFromString
DllGetClassObject
CheckTrust
GetICifRWFileFromFile
DownloadFile
CheckTrustEx
CheckForVersionConflict
DllCanUnloadNow
PurgeDownloadDirectory
GetICifFileFromFile
GetProcAddress
LoadLibraryA
GetProfileSectionA
VirtualAlloc
DuplicateHandle
FindFirstVolumeW
ShowModelessHTMLDialog
ShowModalDialog
ShowHTMLDialogEx
DllGetClassObject
PrintHTML
MatchExactGetIDsOfNames
CreateHTMLPropertyPage
RunHTMLApplication
DllCanUnloadNow
ShowHTMLDialog
DllEnumClassObjects
DllMain
DllUnregisterServer
DllGetClassObject
DllCanUnloadNow
DllRegisterServer
MTSCreateActivity
SafeRef
DllGetClassObject
GetObjectContext
StgSetTimes
StgCreateStorageEx
CoUninitialize
CoInitialize
OleCreateFromData
IsAccelerator
CLSIDFromString
HPALETTE_UserUnmarshal
HENHMETAFILE_UserFree
CoFreeLibrary
CLIPFORMAT_UserMarshal
CoGetCallContext
OpenTcpIpPerformanceData
OpenNbfPerformanceData
CollectTcpIpPerformanceData
OpenNWNBPerformanceData
OpenIPXPerformanceData
CloseTcpIpPerformanceData
OpenDhcpPerformanceData
CollectSPXPerformanceData
CloseDhcpPerformanceData
CollectNbfPerformanceData
CollectNWNBPerformanceData
CloseNbfPerformanceData
RasGetPortUserData
RasDeAllocateRoute
RasRpcGetInstalledProtocols
RasGetConnectionUserData
RasBundleGetStatisticsEx
RasGetConnectionParams
RasGetInfo
RasGetTimeSinceLastActivity
RasGetDialParams
RasPortGetStatistics
RasInitialize
RasSendCreds
RasGetNdiswanDriverCaps
RasSetPortUserData
PathFindExtensionA
StrStrA
PathFindExtensionW
PathGetDriveNumberA
StrTrimW
PathRemoveExtensionA
StrCSpnA
PathStripToRootA
PathGetDriveNumberW
StrCmpIW
PathStripToRootW
StrCSpnW
StrTrimA
PathRemoveExtensionW
PathStripPathW
StrStrIA
StrStrW
StrStrIW
PathStripPathA
PathSkipRootA
StrCmpW
PathFindFileNameW
PathRemoveBlanksA
PathFindFileNameA
PathSkipRootW
PathRemoveBlanksW
DllGetClassObject
CreateInstance
DllUnregisterServer
DllCanUnloadNow
DllRegisterServer
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2010:03:06 12:23:42+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
109056

LinkerVersion
2.25

Warning
Error processing PE data dictionary

FileTypeExtension
exe

InitializedDataSize
49664

SubsystemVersion
4.0

EntryPoint
0x29000

OSVersion
4.0

ImageVersion
5.2

UninitializedDataSize
0

File identification
MD5 729d5ebf125c421b24319561e7fe364e
SHA1 e01ed27e198c42fcf1dbb49d00bfdc7ed055c369
SHA256 607e45c2efc223af021433d01678f2e7afc56cbe2f428f727f2f986136c48154
ssdeep
6144:k2EVjNo9wtGtjCp7rVGbGAQmYq5gYiijDwdfJ8+Nk1Jxo4RM4nVlqSiSzT:k24NqmBGbFQmiYi8DwdGk94RM4fqSiSv

authentihash eb1cabe34490acae769b3fd0dcfcdfb53a1e0ce30d60daab221711e9a7dfd1cd
imphash 72322ab552c2608e572fbad85ad42be3
File size 317.5 KB ( 325082 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.3%)
Win32 Executable (generic) (26.2%)
Win16/32 Executable Delphi generic (12.0%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe overlay

VirusTotal metadata
First submission 2015-04-22 13:33:57 UTC ( 4 years, 1 month ago )
Last submission 2015-08-06 08:22:22 UTC ( 3 years, 9 months ago )
File names 71.exe
607e45c2efc223af021433d01678f2e7afc56cbe2f428f727f2f986136c48154.exe
729d5ebf125c421b24319561e7fe364e.exe
71(1).exe
JMlVDmwQ.dot
_dTv71.exe
729d5ebf125c421b24319561e7fe364e.file
1277531.exe.dr
729D5EBF125C421B24319561E7FE364E
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Hooking activity
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.
HTTP requests
DNS requests
TCP connections
UDP communications