× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 61bfeecdba85bc5afdb15087e161bf8e9a33d835bce71ba38117408492ac5963
File name: file-6035303_exe
Detection ratio: 57 / 57
Analysis date: 2016-11-15 19:49:39 UTC ( 2 years, 3 months ago ) View latest
Antivirus Result Update
Ad-Aware Generic.Malware.DHVQ.3FB5A5EB 20161115
AegisLab W32.W.VB.ck!c 20161115
AhnLab-V3 Trojan/Win32.Qhost.N621209754 20161115
ALYac Generic.Malware.DHVQ.3FB5A5EB 20161115
Antiy-AVL Worm/Win32.VB 20161115
Arcabit Generic.Malware.DHVQ.3FB5A5EB 20161115
Avast Win32:GenMalicious-HFA [Trj] 20161115
AVG Win32/DH{TA?} 20161115
Avira (no cloud) TR/Crypt.CFI.Gen 20161115
AVware Trojan.Win32.Generic!BT 20161115
Baidu Win32.Worm.Autorun.ah 20161115
BitDefender Generic.Malware.DHVQ.3FB5A5EB 20161115
Bkav W32.NusdengoLTK.Trojan 20161112
CAT-QuickHeal Trojan.Dynamer.27869 20161115
ClamAV Win.Trojan.Agent-1117483 20161115
CMC Worm.Win32.VB!O 20161115
Comodo TrojWare.Win32.Agent.~JH1 20161115
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20161024
Cyren W32/Trojan.IOVI-5097 20161115
DrWeb Trojan.KillFiles.8725 20161115
Emsisoft Generic.Malware.DHVQ.3FB5A5EB (B) 20161115
ESET-NOD32 Win32/AutoRun.VB.AAO 20161115
F-Prot W32/Trojan2.OOHP 20161115
F-Secure Generic.Malware.DHVQ.3FB5A5EB 20161115
Fortinet W32/Generic.AC.1135!tr 20161115
GData Generic.Malware.DHVQ.3FB5A5EB 20161115
Ikarus Worm.Win32.AutoRun 20161115
Sophos ML trojan.win32.peals.b!gfc 20161018
Jiangmin Trojan/Qhost.flk 20161115
K7AntiVirus Backdoor ( 04c51b9d1 ) 20161115
K7GW Backdoor ( 04c51b9d1 ) 20161115
Kaspersky Trojan.Win32.Crypt.ddc 20161115
Kingsoft Win32.Troj.Generic_01.k.(kcloud) 20161115
Malwarebytes Worm.AutoRun 20161115
McAfee W32/YahLover.worm.gen 20161115
McAfee-GW-Edition BehavesLike.Win32.YahLover.ch 20161115
Microsoft Trojan:Win32/Peals.B!gfc 20161115
eScan Generic.Malware.DHVQ.3FB5A5EB 20161115
NANO-Antivirus Trojan.Win32.KillFiles.cvpiiw 20161115
nProtect Worm/W32.Agent.132608.F 20161115
Panda Trj/OCJ.C 20161115
Qihoo-360 Malware.Radar01.Gen 20161115
Rising Malware.Heuristic!ET#99% (rdm+) 20161115
Sophos AV Mal/Autorun-BF 20161115
SUPERAntiSpyware Trojan.Agent/Gen-Malagent 20161115
Symantec W32.SillyFDC 20161115
Tencent Trojan.Win32.Qhost.c 20161115
TheHacker Posible_Worm32 20161115
TotalDefense Win32/FakeFLDR_i 20161115
TrendMicro WORM_YAHLOVER.TFDA07 20161115
TrendMicro-HouseCall WORM_YAHLOVER.TFDA07 20161115
VBA32 Worm.VB 20161115
VIPRE Trojan.Win32.Generic!BT 20161115
ViRobot Worm.Win32.A.VB.132608[h] 20161115
Yandex Worm.VB!y8r8ujyAI5s 20161114
Zillya Worm.AutoRun.Win32.35490 20161115
Zoner I-Worm.AutoRun.VB.AAO 20161115
Alibaba 20161115
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Product z 3 r 0 _ x
Original name Dosya Klasörü.exe
Internal name Dosya Klasörü
File version 8.01.0008
Packers identified
F-PROT UPX_LZMA
PEiD UPX 2.93 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2011-01-04 13:49:16
Entry Point 0x00076580
Number of sections 3
PE sections
PE imports
VirtualFree
ExitProcess
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
Ord(581)
Number of PE resources by type
RT_ICON 13
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 14
ENGLISH US 1
PE resources
ExifTool file metadata
UninitializedDataSize
434176

LinkerVersion
6.0

ImageVersion
8.1

FileSubtype
0

FileVersionNumber
8.1.0.8

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

CharacterSet
Unicode

InitializedDataSize
81920

EntryPoint
0x76580

OriginalFileName
Dosya Klas r .exe

MIMEType
application/octet-stream

FileVersion
8.01.0008

TimeStamp
2011:01:04 14:49:16+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Dosya Klas r

ProductVersion
8.01.0008

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
53248

ProductName
z 3 r 0 _ x

ProductVersionNumber
8.1.0.8

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 45038c26ddce5dd5fe7fab0ace5cff38
SHA1 d4d643536f1534d47b3aa625642391805cd88b67
SHA256 61bfeecdba85bc5afdb15087e161bf8e9a33d835bce71ba38117408492ac5963
ssdeep
1536:rZx8gcK8ossZDulaPnPuhkvJJth5SLnouy8uQkgB54vm:rZx8gJscuAnU+JYoutueXl

authentihash 1d9a919038022fede8572c1ab85619d77d85d9dc0b28b9d437a8a74c4bdc6570
imphash 3243b13e562279ab7fbe2f31e45d3a95
File size 129.5 KB ( 132608 bytes )
File type Win32 EXE
Magic literal
MS-DOS executable, MZ for MS-DOS

TrID Win32 Executable (generic) (52.9%)
Generic Win/DOS Executable (23.5%)
DOS Executable Generic (23.5%)
Tags
peexe upx

VirusTotal metadata
First submission 2013-08-13 14:45:41 UTC ( 5 years, 6 months ago )
Last submission 2017-06-17 19:56:33 UTC ( 1 year, 8 months ago )
File names file-6035303_exe
Dosya Klasörü
musallat.exe
d4d643536f1534d47b3aa625642391805cd88b67
MusaLLaT.exe
Dosya Klasörü.exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Created processes
Hooking activity
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.