× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 61f1e5e5186c885454a1e987c4d55b90238cfdfaae5726237330764e2dda1fc8
File name: msdb1089182f.exe
Detection ratio: 33 / 57
Analysis date: 2015-04-17 05:53:47 UTC ( 4 years, 1 month ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Kazy.596643 20150417
AhnLab-V3 Trojan/Win32.Cridex 20150417
ALYac Gen:Variant.Kazy.596643 20150417
Antiy-AVL Trojan[Dropper]/Win32.Injector 20150417
Avast Win32:Malware-gen 20150417
AVG Inject2.BYEJ 20150417
Avira (no cloud) TR/Emotet.A.109 20150417
AVware Trojan.Win32.Generic!BT 20150417
Baidu-International Backdoor.Win32.Androm.gqgj 20150417
BitDefender Gen:Variant.Kazy.596643 20150417
Bkav HW32.Packed.6195 20150417
CAT-QuickHeal TrojanPWS.Zbot.A4 20150417
Cyren W32/Damaged_File.B.gen!Eldorado 20150417
Emsisoft Gen:Variant.Kazy.596643 (B) 20150417
ESET-NOD32 a variant of Win32/Injector.BYJF 20150417
F-Secure Gen:Variant.Kazy.596643 20150417
Fortinet W32/BYJF!tr 20150417
GData Gen:Variant.Kazy.596643 20150417
Ikarus Trojan.Win32.Injector 20150417
K7AntiVirus Trojan ( 004bd5381 ) 20150417
K7GW Trojan ( 004bd5381 ) 20150417
Kaspersky Backdoor.Win32.Androm.gqgj 20150417
Malwarebytes Backdoor.Bot 20150417
McAfee Artemis!0B2584588233 20150417
Microsoft VirTool:Win32/CeeInject.gen!KK 20150417
eScan Gen:Variant.Kazy.596643 20150417
Panda Trj/Genetic.gen 20150417
Qihoo-360 Win32/Trojan.704 20150417
Sophos AV Mal/Zbot-TR 20150417
Tencent Trojan.Win32.Qudamah.Gen.7 20150417
TrendMicro-HouseCall Suspicious_GEN.F47V0416 20150417
VIPRE Trojan.Win32.Generic!BT 20150417
ViRobot Backdoor.Win32.A.Androm.249984[h] 20150417
AegisLab 20150417
Yandex 20150416
Alibaba 20150417
ByteHero 20150417
ClamAV 20150417
CMC 20150416
Comodo 20150417
DrWeb 20150417
F-Prot 20150417
Jiangmin 20150414
Kingsoft 20150417
McAfee-GW-Edition 20150417
NANO-Antivirus 20150417
Norman 20150417
nProtect 20150417
Rising 20150417
SUPERAntiSpyware 20150417
Symantec 20150417
TheHacker 20150417
TotalDefense 20150417
TrendMicro 20150417
VBA32 20150417
Zillya 20150417
Zoner 20150417
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-04-13 16:46:50
Entry Point 0x00005FA0
Number of sections 6
PE sections
Overlays
MD5 846e69958c756a151a319bfb2c0975cd
File type data
Offset 249856
Size 128
Entropy 4.57
PE imports
GetObjectA
DeleteObject
CreatePen
Rectangle
StretchDIBits
LocalFree
LocalLock
LocalAlloc
GlobalAlloc
LocalUnlock
GlobalLock
Ord(1775)
Ord(4080)
Ord(2362)
Ord(4710)
Ord(2414)
Ord(3597)
Ord(354)
Ord(1641)
Ord(3136)
Ord(4963)
Ord(4524)
Ord(554)
Ord(4468)
Ord(5237)
Ord(665)
Ord(5577)
Ord(3350)
Ord(6375)
Ord(3626)
Ord(755)
Ord(3798)
Ord(6052)
Ord(3259)
Ord(1665)
Ord(4152)
Ord(5214)
Ord(5105)
Ord(5442)
Ord(5301)
Ord(4297)
Ord(4163)
Ord(1979)
Ord(6215)
Ord(6625)
Ord(4245)
Ord(1725)
Ord(517)
Ord(3869)
Ord(4529)
Ord(1175)
Ord(2652)
Ord(4531)
Ord(815)
Ord(2723)
Ord(641)
Ord(5788)
Ord(4428)
Ord(3351)
Ord(2152)
Ord(5277)
Ord(2514)
Ord(4425)
Ord(3454)
Ord(3092)
Ord(4441)
Ord(1134)
Ord(4465)
Ord(4108)
Ord(5104)
Ord(5300)
Ord(5284)
Ord(6175)
Ord(338)
Ord(1669)
Ord(4627)
Ord(1168)
Ord(3738)
Ord(4853)
Ord(2127)
Ord(4589)
Ord(2982)
Ord(617)
Ord(3172)
Ord(4526)
Ord(4234)
Ord(825)
Ord(3081)
Ord(5199)
Ord(5307)
Ord(796)
Ord(4823)
Ord(2390)
Ord(567)
Ord(2542)
Ord(4424)
Ord(540)
Ord(5260)
Ord(5076)
Ord(4078)
Ord(3059)
Ord(2554)
Ord(2510)
Ord(1859)
Ord(6376)
Ord(4246)
Ord(4614)
Ord(4303)
Ord(2117)
Ord(2294)
Ord(401)
Ord(1727)
Ord(1233)
Ord(823)
Ord(5186)
Ord(2379)
Ord(2725)
Ord(4998)
Ord(5472)
Ord(4275)
Ord(4436)
Ord(4457)
Ord(800)
Ord(4262)
Ord(3749)
Ord(2512)
Ord(470)
Ord(4427)
Ord(4274)
Ord(5261)
Ord(2859)
Ord(6000)
Ord(4079)
Ord(4467)
Ord(3058)
Ord(1146)
Ord(4437)
Ord(3147)
Ord(1858)
Ord(2124)
Ord(5283)
Ord(4615)
Ord(4077)
Ord(5101)
Ord(6336)
Ord(2391)
Ord(3262)
Ord(5653)
Ord(674)
Ord(975)
Ord(5243)
Ord(4353)
Ord(2880)
Ord(3748)
Ord(5065)
Ord(5290)
Ord(4407)
Ord(4426)
Ord(3742)
Ord(784)
Ord(6117)
Ord(3663)
Ord(3346)
Ord(2446)
Ord(3693)
Ord(2396)
Ord(2101)
Ord(4159)
Ord(3831)
Ord(5100)
Ord(6374)
Ord(5280)
Ord(986)
Ord(4612)
Ord(3825)
Ord(2635)
Ord(2976)
Ord(2535)
Ord(2558)
Ord(1089)
Ord(3198)
Ord(2985)
Ord(2383)
Ord(3922)
Ord(5240)
Ord(6080)
Ord(2445)
Ord(2649)
Ord(5163)
Ord(6605)
Ord(6329)
Ord(4376)
Ord(1776)
Ord(1920)
Ord(818)
Ord(2621)
Ord(4623)
Ord(324)
Ord(296)
Ord(4238)
Ord(3830)
Ord(1768)
Ord(2385)
Ord(4613)
Ord(4349)
Ord(2878)
Ord(3079)
Ord(4899)
Ord(6334)
Ord(652)
Ord(5255)
Ord(4387)
Ord(4723)
Ord(4420)
Ord(2055)
Ord(4837)
Ord(5241)
Ord(2399)
Ord(4153)
Ord(5012)
Ord(5503)
Ord(2648)
Ord(3065)
Ord(5714)
Ord(5289)
Ord(4545)
Ord(2452)
Ord(3403)
Ord(3571)
Ord(807)
Ord(4622)
Ord(561)
Ord(1746)
Ord(411)
Ord(4960)
Ord(5102)
Ord(4543)
Ord(4133)
Ord(2879)
Ord(6385)
Ord(4486)
Ord(4341)
Ord(529)
Ord(4698)
Ord(5254)
Ord(4696)
Ord(976)
Ord(6055)
Ord(5265)
Ord(4858)
Ord(4889)
Ord(4432)
Ord(5740)
Ord(5302)
Ord(2382)
Ord(1825)
Ord(402)
Ord(5731)
_ftol
_CIpow
__CxxFrameHandler
clock
SetTimer
LoadCursorA
InvalidateRect
UpdateWindow
EnableWindow
GetClientRect
PtInRect
LoadBitmapA
GetDC
SetCursor
Number of PE resources by type
RT_STRING 13
RT_DIALOG 7
RT_MENU 2
Struct(55) 1
RT_ICON 1
Struct(241) 1
RT_ACCELERATOR 1
RT_BITMAP 1
RT_GROUP_ICON 1
Number of PE resources by language
SWEDISH 13
CHINESE SIMPLIFIED 9
NEUTRAL 3
GERMAN SWISS 3
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2015:04:13 17:46:50+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
36864

LinkerVersion
7.0

EntryPoint
0x5fa0

InitializedDataSize
208896

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 0b25845882331d0cfa15b6eebcbd0b05
SHA1 f503d55e95813ac86428da6753177c0a7d0e8378
SHA256 61f1e5e5186c885454a1e987c4d55b90238cfdfaae5726237330764e2dda1fc8
ssdeep
6144:Gt8+XyKds5jB7mrY1J+6kU31/xd8zObd+IxmP0U:Gtnfs66//xdtbkEq

authentihash a198247538346f91653dc348055b29344b1c5b5955c4124bb29f26daa64ae6de
imphash 5691063f1e64f91302a8598e5db30edb
File size 244.1 KB ( 249984 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Tags
peexe overlay

VirusTotal metadata
First submission 2015-04-16 12:29:03 UTC ( 4 years, 1 month ago )
Last submission 2015-11-05 17:00:08 UTC ( 3 years, 6 months ago )
File names msdbd314780.exe
msdbc9814f7.exe
msdb1089182f.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Hooking activity
Runtime DLLs
Additional details
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.
UDP communications