× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 63127664ca7015ff7eafc82d8f37a38a97e5537995742cdbf8d63a8e91f490e6
File name: gebadof.exe
Detection ratio: 2 / 56
Analysis date: 2015-06-24 13:40:36 UTC ( 2 years, 5 months ago ) View latest
Antivirus Result Update
McAfee-GW-Edition BehavesLike.Win32.Downloader.nh 20150624
Tencent Win32.Trojan.Fakedoc.Auto 20150624
Ad-Aware 20150624
AegisLab 20150624
Yandex 20150623
AhnLab-V3 20150624
Alibaba 20150624
ALYac 20150624
Antiy-AVL 20150624
Arcabit 20150624
Avast 20150624
AVG 20150624
Avira (no cloud) 20150624
AVware 20150624
Baidu-International 20150624
BitDefender 20150624
Bkav 20150624
ByteHero 20150624
CAT-QuickHeal 20150624
ClamAV 20150624
CMC 20150624
Comodo 20150624
Cyren 20150624
DrWeb 20150624
Emsisoft 20150624
ESET-NOD32 20150624
F-Prot 20150624
F-Secure 20150624
Fortinet 20150624
GData 20150624
Ikarus 20150624
Jiangmin 20150623
K7AntiVirus 20150624
K7GW 20150624
Kaspersky 20150624
Kingsoft 20150624
Malwarebytes 20150624
McAfee 20150624
Microsoft 20150624
eScan 20150624
NANO-Antivirus 20150624
nProtect 20150624
Panda 20150624
Qihoo-360 20150624
Rising 20150623
Sophos AV 20150624
SUPERAntiSpyware 20150623
Symantec 20150624
TheHacker 20150624
TrendMicro 20150624
TrendMicro-HouseCall 20150624
VBA32 20150624
VIPRE 20150624
ViRobot 20150624
Zillya 20150624
Zoner 20150624
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-04-13 11:27:05
Entry Point 0x0000242D
Number of sections 4
PE sections
PE imports
GetCommandLineA
GetStartupInfoA
WriteProcessMemory
GetModuleHandleA
CreateDirectoryA
HeapAlloc
lstrcpynA
ExitProcess
LoadLibraryA
GetProcessHeap
SetFocus
GetMessageA
CreateWindowExA
LoadCursorA
LoadIconA
UpdateWindow
DispatchMessageA
EndPaint
BeginPaint
PostMessageA
TranslateMessage
SendMessageA
GetClientRect
PostQuitMessage
DefWindowProcA
ShowWindow
RegisterClassExA
LoadStringA
DestroyWindow
WTSEnumerateProcessesA
WTSWaitSystemEvent
WTSLogoffSession
WTSQuerySessionInformationA
Number of PE resources by type
RT_BITMAP 7
RT_STRING 5
RT_GROUP_CURSOR 2
RT_CURSOR 2
RT_DIALOG 1
RT_ICON 1
RT_MANIFEST 1
RT_GROUP_ICON 1
Number of PE resources by language
NORWEGIAN BOKMAL 14
NEUTRAL 6
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2014:04:13 12:27:05+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
5632

LinkerVersion
12.0

EntryPoint
0x242d

InitializedDataSize
33280

SubsystemVersion
4.0

ImageVersion
10.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 a85849c45667805231f2093e2eabe89d
SHA1 578148acd2e6b3fe0692cf07e3c1d6e6e7ea5657
SHA256 63127664ca7015ff7eafc82d8f37a38a97e5537995742cdbf8d63a8e91f490e6
ssdeep
768:XuHLcn9G/dHi02MwWBr+n6HXx8mwZ1YEQCSkdrXNQ3YT0ZRVQ:Xuo9GVHDHSMx8mwZ1FQCSSrXiIT

authentihash 5c55657ddd8a50be8b512cf536b8153c1c36b31be81eadb6461af58bc337019e
imphash 9f327f71e730da1fbc49a3b953a0ea0b
File size 38.0 KB ( 38912 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (64.6%)
Win32 Dynamic Link Library (generic) (15.3%)
Win32 Executable (generic) (10.5%)
Generic Win/DOS Executable (4.6%)
DOS Executable Generic (4.6%)
Tags
peexe

VirusTotal metadata
First submission 2015-06-24 13:09:05 UTC ( 2 years, 5 months ago )
Last submission 2015-06-26 00:57:12 UTC ( 2 years, 5 months ago )
File names excerptum_from_the_implemented_act.exe
1781C5FC.vXE
gebadof.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
HTTP requests
DNS requests
TCP connections