× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 647e3d043ecc4852419615c5a72713dd62929fa1cb07f881d8eb803427498a11
File name: 2713104
Detection ratio: 44 / 54
Analysis date: 2015-12-26 11:26:06 UTC ( 3 years, 1 month ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Heur.CryptoWall.1 20151224
Yandex Worm.Ngrbot!poGawxAXECA 20151226
AhnLab-V3 Trojan/Win32.Kryptik 20151226
Antiy-AVL Trojan[Ransom]/Win32.Foreign 20151226
Arcabit Trojan.CryptoWall.1 20151226
Avast Win32:Androp [Drp] 20151226
AVG Win32/Cryptor 20151226
Avira (no cloud) TR/Crypt.Xpack.166426 20151225
AVware Worm.Win32.Dorkbot 20151226
Baidu-International Worm.Win32.Ngrbot.anid 20151226
BitDefender Gen:Heur.CryptoWall.1 20151226
CAT-QuickHeal Ransom.Crowti.B4 20151226
Comodo Backdoor.Win32.Androm.GLT 20151226
Cyren W32/FakeAlert.ACZ.gen!Eldorado 20151226
DrWeb BackDoor.IRC.NgrBot.42 20151226
Emsisoft Gen:Heur.CryptoWall.1 (B) 20151226
ESET-NOD32 a variant of Win32/Kryptik.DCGR 20151226
F-Prot W32/FakeAlert.ACZ.gen!Eldorado 20151226
F-Secure Gen:Heur.CryptoWall.1 20151225
Fortinet W32/Kryptik.EFZB!tr 20151226
GData Gen:Heur.CryptoWall.1 20151226
Ikarus Trojan.Win32.Crypt 20151226
Jiangmin Backdoor/Kasidet.i 20151226
K7AntiVirus Trojan ( 004b9e8e1 ) 20151226
K7GW Trojan ( 004b9e8e1 ) 20151226
Kaspersky HEUR:Trojan.Win32.Generic 20151226
Malwarebytes Trojan.Agent.DED 20151226
McAfee Generic-FAWH!DE39EC1C6823 20151226
McAfee-GW-Edition BehavesLike.Win32.Ransom.dh 20151226
Microsoft Worm:Win32/Dorkbot.I 20151226
eScan Gen:Heur.CryptoWall.1 20151226
NANO-Antivirus Trojan.Win32.Ngrbot.dpibya 20151226
Panda Trj/Genetic.gen 20151226
Rising PE:Trojan.Kryptik!1.A32E [F] 20151225
Sophos AV Mal/Wonton-BB 20151226
SUPERAntiSpyware Trojan.Agent/Gen-Dropper 20151226
Symantec Trojan.Gen.2 20151225
Tencent Win32.Worm.Ngrbot.Wstt 20151226
TrendMicro WORM_DORKBOT.SMY 20151226
TrendMicro-HouseCall WORM_DORKBOT.SMY 20151226
VBA32 Trojan.Yakes 20151225
VIPRE Worm.Win32.Dorkbot 20151226
Zillya Trojan.Kryptik.Win32.734528 20151225
Zoner Trojan.Kasidet 20151226
AegisLab 20151226
Alibaba 20151208
Bkav 20151226
ByteHero 20151226
ClamAV 20151226
CMC 20151217
nProtect 20151224
TheHacker 20151223
TotalDefense 20151225
ViRobot 20151226
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (C) Basis 2001-2013

Product Basis
File version 5.0.0.7
Description Create passage raw tank basis
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-03-18 14:45:33
Entry Point 0x00008752
Number of sections 4
PE sections
PE imports
RegCreateKeyExW
RegCloseKey
LookupAccountSidW
QueryServiceObjectSecurity
CopySid
RegQueryValueExA
GetAce
OpenServiceW
AdjustTokenPrivileges
ControlService
InitializeAcl
LookupPrivilegeValueW
RegOpenKeyExW
RegDeleteKeyW
CryptHashData
RegQueryValueExW
CryptCreateHash
CloseServiceHandle
GetSidSubAuthority
QueryServiceConfigW
OpenProcessToken
QueryServiceStatus
RegConnectRegistryW
AddAccessAllowedAce
RegEnumKeyW
SetServiceObjectSecurity
SetTokenInformation
RegOpenKeyW
LookupAccountNameW
RegOpenKeyExA
EqualSid
RegQueryValueW
GetTokenInformation
LookupPrivilegeNameW
CryptReleaseContext
GetSidSubAuthorityCount
IsValidSid
GetSidIdentifierAuthority
RegQueryInfoKeyW
RegEnumValueW
CryptAcquireContextW
RegLoadKeyW
GetLengthSid
RegCreateKeyW
CreateProcessAsUserW
CryptDestroyHash
MapGenericMask
RegDeleteValueW
RevertToSelf
StartServiceW
RegSetValueExW
FreeSid
CryptGetHashParam
OpenSCManagerW
AllocateAndInitializeSid
ImpersonateLoggedOnUser
RegUnLoadKeyW
GetKernelObjectSecurity
SetKernelObjectSecurity
AddAce
IsValidSecurityDescriptor
CreateToolbarEx
InitCommonControlsEx
ImageList_Destroy
CreateStatusWindowW
CreatePropertySheetPageW
ImageList_Create
ImageList_DrawEx
PropertySheetW
ImageList_ReplaceIcon
ImageList_Add
GetOpenFileNameW
ChooseColorW
ChooseFontW
GetSaveFileNameW
FindTextW
PrintDlgW
GetTextMetricsW
SetMapMode
CreateFontIndirectW
CreatePen
GetBkMode
SaveDC
CreateRectRgnIndirect
Rectangle
GetDeviceCaps
LineTo
DeleteDC
RestoreDC
SetBkMode
RectInRegion
EndDoc
StartPage
DeleteObject
GetObjectW
BitBlt
CreateDIBSection
SetTextColor
ExtTextOutW
GetTextExtentPoint32W
MoveToEx
GetStockObject
SetTextAlign
SelectClipRgn
CreateCompatibleDC
StartDocW
SetROP2
EndPage
CreateRectRgn
SelectObject
CreateSolidBrush
Polyline
SetBkColor
GetBkColor
CreateCompatibleBitmap
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
SetHandleCount
GetConsoleCP
GetOEMCP
QueryPerformanceCounter
IsDebuggerPresent
ExitProcess
TlsAlloc
GetEnvironmentStringsW
FlushFileBuffers
GetModuleFileNameA
RtlUnwind
LoadLibraryA
FreeEnvironmentStringsA
DeleteCriticalSection
GetStartupInfoA
GetEnvironmentStrings
GetConsoleMode
GetLocaleInfoA
GetCurrentProcessId
GetConsoleOutputCP
WriteConsoleW
GetCPInfo
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
HeapSize
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
GetStringTypeA
SetStdHandle
SetFilePointer
RaiseException
WideCharToMultiByte
TlsFree
GetModuleHandleA
ReadFile
SetUnhandledExceptionFilter
WriteFile
GetCurrentProcess
CloseHandle
GetSystemTimeAsFileTime
GetACP
HeapReAlloc
GetStringTypeW
GetModuleHandleW
HeapAlloc
TerminateProcess
LCMapStringA
WriteConsoleA
IsValidCodePage
HeapCreate
VirtualFree
TlsGetValue
Sleep
GetFileType
TlsSetValue
CreateFileA
GetTickCount
GetCurrentThreadId
InterlockedIncrement
VirtualAlloc
SetLastError
LeaveCriticalSection
WNetGetConnectionW
SHBrowseForFolderW
Shell_NotifyIconW
ShellExecuteW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
ShellExecuteExW
SHGetFileInfoW
SHGetMalloc
ShellExecuteA
ColorRGBToHLS
UrlUnescapeW
ColorHLSToRGB
RedrawWindow
DrawTextW
SetUserObjectSecurity
PostQuitMessage
SetWindowPos
IsWindow
ScreenToClient
ScrollWindowEx
WindowFromPoint
SetMenuItemInfoW
GetDC
GetCursorPos
ReleaseDC
GetDlgCtrlID
DefFrameProcW
GetClientRect
DefWindowProcW
GetDlgItemTextW
LoadImageW
GetUpdateRgn
GetWindowTextW
LoadAcceleratorsW
InvalidateRgn
GetMenuItemID
DestroyWindow
DrawEdge
GetParent
UpdateWindow
GetPropW
SetClassLongW
EnumWindows
CheckRadioButton
GetMessageW
ShowWindow
DrawFrameControl
SetPropW
ValidateRect
PeekMessageW
EnableWindow
SetWindowPlacement
ShowWindowAsync
EnumDisplaySettingsW
ChildWindowFromPoint
TranslateMessage
IsWindowEnabled
GetWindow
SetClipboardData
MsgWaitForMultipleObjects
RegisterClassW
IsZoomed
GetWindowPlacement
LoadStringW
SetWindowLongW
DrawMenuBar
EnableMenuItem
TrackPopupMenuEx
GetSubMenu
CreateMenu
IsDialogMessageW
FillRect
CopyRect
WaitForInputIdle
DeferWindowPos
CreateWindowExW
GetWindowLongW
GetUpdateRect
PtInRect
MapWindowPoints
RegisterWindowMessageW
BeginPaint
OffsetRect
DefMDIChildProcW
KillTimer
CheckMenuRadioItem
GetSystemMetrics
IsIconic
GetWindowRect
InflateRect
SetCapture
ReleaseCapture
EnumChildWindows
PostMessageW
CheckDlgButton
CreateDialogParamW
CreatePopupMenu
CheckMenuItem
GetClassLongW
DrawIconEx
SetWindowTextW
SetTimer
GetDlgItem
FindWindowW
ClientToScreen
GetScrollInfo
TrackPopupMenu
DialogBoxIndirectParamW
GetMenuItemCount
GetMenu
IsDlgButtonChecked
GetDesktopWindow
LoadCursorW
LoadIconW
FindWindowExW
DispatchMessageW
InsertMenuW
SetForegroundWindow
ExitWindowsEx
SetFocus
OpenClipboard
EmptyClipboard
EndPaint
IntersectRect
EndDialog
CreateIconIndirect
GetCapture
LoadMenuW
RemoveMenu
GetWindowThreadProcessId
GetSysColorBrush
BeginDeferWindowPos
MessageBoxW
SendMessageW
RegisterClassExW
MoveWindow
DialogBoxParamW
AppendMenuW
GetWindowDC
GetFocus
GetSysColor
SetDlgItemTextW
SetScrollInfo
GetKeyState
EndDeferWindowPos
DestroyIcon
IsWindowVisible
SystemParametersInfoW
UnionRect
FrameRect
DeleteMenu
InvalidateRect
GetUserObjectSecurity
CallWindowProcW
GetClassNameW
ModifyMenuW
SendMessageTimeoutW
CloseClipboard
SetCursor
DefDlgProcW
TranslateAcceleratorW
CoUninitialize
CoInitialize
CoCreateInstance
CoMarshalInterThreadInterfaceInStream
CoGetInterfaceAndReleaseStream
CoTaskMemFree
CoSetProxyBlanket
Number of PE resources by type
RT_STRING 9
RT_MANIFEST 1
RT_VERSION 1
RT_DLGINCLUDE 1
Number of PE resources by language
ENGLISH US 9
NEUTRAL 1
LITHUANIAN 1
ASSAMESE DEFAULT 1
PE resources
ExifTool file metadata
LegalTrademarks
Basis

SubsystemVersion
5.0

LinkerVersion
9.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
5.8.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Create passage raw tank basis

CharacterSet
Windows, Latin1

InitializedDataSize
164864

FileOS
Windows 16-bit

EntryPoint
0x8752

MIMEType
application/octet-stream

LegalCopyright
Copyright (C) Basis 2001-2013

FileVersion
5.0.0.7

TimeStamp
2015:03:18 15:45:33+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Poet.exe

ProductVersion
8.0

UninitializedDataSize
0

OSVersion
5.0

OriginalFilename
Poet.exe

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Stuck married pain - www.Basis.com

CodeSize
102400

ProductName
Basis

ProductVersionNumber
5.7.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 de39ec1c682362b9b843d1fd8a1f52b0
SHA1 7217f3c18d8e403db515395ce1b9fae23448d566
SHA256 647e3d043ecc4852419615c5a72713dd62929fa1cb07f881d8eb803427498a11
ssdeep
3072:5Ae8oPpbpORslykRoSy45WL9Rqsu8fEOAg0FuoqX3ScD+7jjkymJwSb/1KK9z0Jj:Ke8us3fEOAOoK3hJ71KKxmn6eV

authentihash 984814d8956f77ca546668e743e4f57b5e2a995f25495f6ee25cf0d0c038ec71
imphash 457a6c16877af102432e379869e924a6
File size 262.0 KB ( 268288 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (72.3%)
Win32 Executable (generic) (11.8%)
OS/2 Executable (generic) (5.3%)
Generic Win/DOS Executable (5.2%)
DOS Executable Generic (5.2%)
Tags
peexe

VirusTotal metadata
First submission 2015-03-18 15:43:38 UTC ( 3 years, 11 months ago )
Last submission 2018-05-18 14:40:43 UTC ( 9 months ago )
File names de39ec1c682362b9b843d1fd8a1f52b0.vir
2713104
de39ec1c682362b9b843d1fd8a1f52b0.virobj
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Copied files
Deleted files
Created processes
Shell commands
Code injections in the following processes
Created mutexes
Opened mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
UDP communications