× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 617250957aee241e4079e607b536329429560e93f008452043629d08f5ef94dd
File name: aiyoxS5O
Detection ratio: 11 / 42
Analysis date: 2012-10-02 19:14:14 UTC ( 6 years, 4 months ago ) View latest
Antivirus Result Update
AntiVir TR/Crypt.XPACK.Gen 20121002
Avast Win32:Malware-gen 20121002
AVG SHeur4.AQMO 20121002
BitDefender Gen:Variant.Kazy.94833 20121002
ESET-NOD32 Win32/Quervar.E 20121002
F-Secure Gen:Variant.Kazy.94833 20121002
GData Gen:Variant.Kazy.94833 20121002
Ikarus Virus.Win32.Quervar 20121002
Kaspersky Trojan-Dropper.Win32.Dorifel.igk 20121002
Microsoft Virus:Win32/Quervar.gen!B 20121002
eScan Gen:Variant.Kazy.94833 20121002
AhnLab-V3 20121002
Antiy-AVL 20121001
ByteHero 20121002
CAT-QuickHeal 20121001
ClamAV 20121002
Commtouch 20121002
Comodo 20121002
DrWeb 20121002
Emsisoft 20120919
eSafe 20121002
F-Prot 20120926
Fortinet 20121002
Jiangmin 20121001
K7AntiVirus 20121002
McAfee 20121002
McAfee-GW-Edition 20121002
Norman 20121002
nProtect 20121001
Panda 20121002
PCTools 20121002
Rising 20120928
Sophos AV 20121002
SUPERAntiSpyware 20120911
Symantec 20121002
TheHacker 20121001
TotalDefense 20121002
TrendMicro 20121002
TrendMicro-HouseCall 20121002
VBA32 20121002
VIPRE 20121002
ViRobot 20121002
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2010-09-08 20:33:58
Entry Point 0x000039D0
Number of sections 6
PE sections
PE imports
OpenThread
HeapFree
SwitchToThread
CreateThread
ReadFile
VirtualFree
HeapAlloc
CloseHandle
CreateFileA
GetCurrentThreadId
VirtualAlloc
GetProcessHeap
EmptyClipboard
CreateWindowExA
CloseClipboard
FindWindowA
DestroyWindow
OpenClipboard
DhcpRequestParams
CoUninitialize
CoInitialize
Number of PE resources by type
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2010:09:08 21:33:58+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
70144

LinkerVersion
10.0

FileTypeExtension
exe

InitializedDataSize
164864

SubsystemVersion
5.1

EntryPoint
0x39d0

OSVersion
5.1

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 fd721b8c75a69f8f47780aeea2ff67cd
SHA1 e30441d90dcae7974088130a18afd5a1b8c2c1fa
SHA256 617250957aee241e4079e607b536329429560e93f008452043629d08f5ef94dd
ssdeep
6144:cJKvK9EgnRQwfJDDUZIxUeul9OW2inOivS:WEg5JH+TJJBOivS

authentihash bd0ac72b2c277ae6164832771d3c90bfd2a34517082239c866ac89388449e78c
imphash fdb0c863ddbbf0481c935a3399165e96
File size 230.5 KB ( 236032 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Tags
peexe

VirusTotal metadata
First submission 2012-10-02 19:14:14 UTC ( 6 years, 4 months ago )
Last submission 2012-10-02 19:14:14 UTC ( 6 years, 4 months ago )
File names aiyoxS5O
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Moved files
Deleted files
Set keys
Created processes
Shell commands
Opened mutexes
Searched windows
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.