× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 658817f5f7722506868d9f717ee19b276fcab0d0ecac071d5d92a4178fdeb5b3
File name: 658817f5f7722506868d9f717ee19b276fcab0d0ecac071d5d92a4178fdeb5b3.bin
Detection ratio: 50 / 57
Analysis date: 2015-09-04 16:17:07 UTC ( 10 months, 4 weeks ago )
Antivirus Result Update
ALYac Gen:Variant.Sirefef.736 20150904
AVG Crypt_s.JM 20150904
AVware Trojan.Win32.Sirefef.ev (v) 20150901
Ad-Aware Gen:Variant.Sirefef.736 20150904
Yandex BackDoor.Maxplus! 20150901
AhnLab-V3 Backdoor/Win32.ZAccess 20150904
Antiy-AVL Trojan[Backdoor]/Win32.ZAccess 20150904
Arcabit Trojan.Sirefef.736 20150904
Avast Win32:MalOb-KW [Cryp] 20150904
Avira (no cloud) BDS/ZAccess.AA 20150904
BitDefender Gen:Variant.Sirefef.736 20150904
Bkav HW32.Packed.E8E4 20150904
CAT-QuickHeal Trojan.Sirefef.A 20150904
CMC Backdoor.Win32.ZAccess!O 20150902
ClamAV WIN.Trojan.ZAccess-582 20150904
Comodo TrojWare.Win32.Kryptik.AFKA 20150904
Cyren W32/Zaccess.BU.gen!Eldorado 20150904
DrWeb BackDoor.Maxplus.5454 20150904
ESET-NOD32 Win32/Sirefef.EV 20150904
Emsisoft Gen:Variant.Sirefef.736 (B) 20150904
F-Prot W32/Zaccess.BU.gen!Eldorado 20150904
F-Secure Gen:Variant.Sirefef.736 20150904
Fortinet W32/Kryptik.AJAK!tr 20150904
GData Gen:Variant.Sirefef.736 20150904
Ikarus Trojan.Crypt_s 20150904
Jiangmin Backdoor/ZAccess.ejc 20150904
K7AntiVirus Trojan ( 003f0fbc1 ) 20150904
K7GW Trojan ( 003f0fbc1 ) 20150904
Kaspersky Backdoor.Win32.ZAccess.xsc 20150904
Kingsoft Win32.Hack.ZAccess.(kcloud) 20150904
Malwarebytes Rootkit.0Access 20150904
McAfee ZeroAccess.fe 20150904
McAfee-GW-Edition BehavesLike.Win32.Conficker.cc 20150904
eScan Gen:Variant.Sirefef.736 20150904
Microsoft Trojan:Win32/Sirefef.P 20150904
NANO-Antivirus Trojan.Win32.ZAccess.wfief 20150904
Panda Trj/Genetic.gen 20150904
Qihoo-360 HEUR/Malware.QVM20.Gen 20150904
Rising PE:Malware.Generic/QRS!1.9E2D[F1] 20150904
Sophos Mal/EncPk-ACO 20150904
Symantec Trojan.Zeroaccess.C 20150903
Tencent Win32.Backdoor.Zaccess.Pdbz 20150904
TheHacker Backdoor/ZAccess.ybx 20150903
TrendMicro TROJ_SIREFEF.SMO 20150904
TrendMicro-HouseCall TROJ_SIREFEF.SMO 20150904
VBA32 SScope.Trojan.FakeAV.01693 20150904
VIPRE Trojan.Win32.Sirefef.ev (v) 20150904
ViRobot Backdoor.Win32.A.ZAccess.184320.G[h] 20150904
Zillya Backdoor.ZAccess.Win32.6257 20150903
nProtect Trojan/W32.Agent.184320.ARH 20150904
AegisLab 20150904
Alibaba 20150902
Baidu-International 20150904
ByteHero 20150904
SUPERAntiSpyware 20150904
TotalDefense 20150904
Zoner 20150904
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2004-04-02 15:56:26
Entry Point 0x00002E27
Number of sections 4
PE sections
PE imports
RegDeleteKeyA
RegOpenKeyA
RegCloseKey
RegQueryValueExA
RegSetValueExA
RegEnumValueA
RegCreateKeyExA
RegOpenKeyExA
RegEnumKeyExA
RegQueryInfoKeyA
CreateICA
SetMapMode
TextOutW
PatBlt
SetWindowOrgEx
CreatePen
SaveDC
TextOutA
CreateFontIndirectA
GetTextMetricsA
FillRgn
CreateRectRgnIndirect
EnumMetaFile
CombineRgn
GetClipBox
PlayMetaFile
EnumFontsA
GetBitmapBits
Rectangle
Polygon
GetObjectA
CloseMetaFile
LineTo
DeleteDC
RestoreDC
SetBkMode
SetMapperFlags
GetCharWidthW
Arc
BitBlt
GetCharWidthA
SetTextColor
CreatePatternBrush
GetDeviceCaps
SelectObject
CreateFontA
ExtTextOutW
CreateBitmap
MoveToEx
GetStockObject
CreateMetaFileA
ExtTextOutA
PtVisible
SetTextAlign
SelectClipRgn
EnumFontFamiliesExA
StretchBlt
GetTextFaceA
SetStretchBltMode
CreateCompatibleDC
GetMetaFileBitsEx
SetROP2
CreateRectRgn
Escape
DeleteObject
GetTextExtentPoint32A
Ellipse
GetCharWidth32W
SetRectRgn
SetWindowExtEx
CreateSolidBrush
GetMapMode
SetBkColor
CopyMetaFileA
GetCharWidth32A
SetViewportExtEx
CreateCompatibleBitmap
DeleteMetaFile
RectVisible
GetStdHandle
HeapDestroy
GetLocalTime
FreeEnvironmentStringsA
GetCurrentProcess
GetLocaleInfoA
LocalAlloc
SetErrorMode
_llseek
FreeEnvironmentStringsW
SetStdHandle
GetCPInfo
GetStringTypeA
WriteFile
HeapReAlloc
GetStringTypeW
FreeLibrary
LocalFree
MoveFileA
LoadResource
GlobalHandle
OutputDebugStringA
GetSystemTime
LocalLock
ExitProcess
GetModuleFileNameA
UnhandledExceptionFilter
MultiByteToWideChar
FatalAppExitA
GetModuleHandleA
_lclose
MulDiv
GetSystemDirectoryA
SetEnvironmentVariableA
TerminateProcess
GlobalAlloc
SetEndOfFile
GetVersion
HeapFree
SetHandleCount
lstrcmpiA
CreateMailslotW
GetOEMCP
GetTickCount
FlushFileBuffers
LoadLibraryA
RtlUnwind
GlobalSize
GetStartupInfoA
GetWindowsDirectoryA
GlobalLock
_lread
CompareStringW
GlobalReAlloc
lstrcmpA
lstrcpyA
GetProfileStringA
CompareStringA
GetProcAddress
GetTimeZoneInformation
GetFileType
CreateFileA
HeapAlloc
LocalUnlock
GetLastError
LocalReAlloc
LCMapStringW
lstrlenA
GlobalFree
LCMapStringA
GetEnvironmentStringsW
GlobalUnlock
IsDBCSLeadByte
WinExec
OpenFile
_lwrite
GetEnvironmentStrings
LockResource
WideCharToMultiByte
GetCommandLineA
GetSystemDefaultLangID
RaiseException
SetFilePointer
ReadFile
GlobalFlags
CloseHandle
GetACP
FreeResource
GetSystemTimeAdjustment
SizeofResource
HeapCreate
IsBadReadPtr
FindResourceA
SysReAllocStringLen
SafeArraySetRecordInfo
GetErrorInfo
VariantChangeTypeEx
DragAcceptFiles
SetFocus
SetDlgItemTextA
GetMessagePos
MoveWindow
DestroyMenu
PostQuitMessage
LoadBitmapA
SetWindowPos
GetNextDlgTabItem
IsWindow
DispatchMessageA
EndPaint
VkKeyScanA
GetMessageTime
DispatchMessageW
GetAsyncKeyState
DrawTextA
GetClassInfoA
GetMenu
CreateWindowExA
SendMessageA
GetClientRect
SetScrollPos
IsClipboardFormatAvailable
ClientToScreen
GetActiveWindow
ShowCursor
GetMenuStringA
GetWindowTextA
InvalidateRgn
PtInRect
GetMessageA
RegisterClassA
GetParent
UpdateWindow
EqualRect
CheckRadioButton
GetMessageW
ShowWindow
GetMenuState
EnableWindow
GetDlgItemTextA
PeekMessageA
ScrollDC
TranslateMessage
ActivateKeyboardLayout
RegisterClassW
LoadStringA
SetParent
SetClipboardData
IsZoomed
GetKeyboardLayoutList
DrawMenuBar
EnableMenuItem
InvertRect
GetSubMenu
SetTimer
GetKeyboardLayout
FillRect
CopyRect
IsWindowUnicode
GetCursorPos
DestroyWindow
IsDialogMessageA
MapWindowPoints
PostMessageA
BeginPaint
OffsetRect
DefWindowProcW
GetScrollPos
KillTimer
DefWindowProcA
GetClipboardData
SendDlgItemMessageA
GetSystemMetrics
IsIconic
SetScrollRange
GetWindowRect
InflateRect
SetRectEmpty
SetCapture
ReleaseCapture
IntersectRect
SetWindowLongA
CheckDlgButton
SetWindowTextA
CheckMenuItem
GetWindowLongA
GetClassLongW
CreateMenu
GetDlgItem
GetMenuCheckMarkDimensions
CreateDialogParamA
BringWindowToTop
ScreenToClient
GetClassLongA
InsertMenuA
LoadCursorA
LoadIconA
GetMenuItemCount
IsDlgButtonChecked
GetDesktopWindow
GetSystemMenu
GetMenuItemID
SetForegroundWindow
OpenClipboard
EmptyClipboard
GetCaretBlinkTime
ReleaseDC
GetScrollRange
EndDialog
LoadMenuA
FindWindowA
MessageBeep
RemoveMenu
HiliteMenuItem
AppendMenuA
SetMenu
RegisterClipboardFormatA
GetDialogBaseUnits
MessageBoxA
GetWindowDC
DialogBoxParamA
LoadKeyboardLayoutA
GetSysColor
GetKeyState
GetDoubleClickTime
IsWindowVisible
WinHelpA
UnionRect
GetDC
SetRect
DeleteMenu
InvalidateRect
wsprintfA
IsRectEmpty
GetClassNameA
GetFocus
CloseClipboard
ModifyMenuA
SetCursor
OleUninitialize
OleTranslateAccelerator
OleDestroyMenuDescriptor
OleFlushClipboard
ReleaseStgMedium
GetHGlobalFromILockBytes
CoRegisterMessageFilter
OleGetClipboard
OleDuplicateData
CreateOleAdviseHolder
CreateILockBytesOnHGlobal
CoRegisterClassObject
OleInitialize
CoLockObjectExternal
OleRegEnumFormatEtc
CreateDataAdviseHolder
StgCreateDocfileOnILockBytes
CoRevokeClassObject
GetRunningObjectTable
OleCreateMenuDescriptor
WriteClassStg
CoDisconnectObject
CoGetMalloc
OleSetClipboard
WriteFmtUserTypeStg
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2004:04:02 16:56:26+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
138091

LinkerVersion
7.0

EntryPoint
0x2e27

InitializedDataSize
0

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
4096

File identification
MD5 b437274492e215c25f96711d04b44050
SHA1 6297367a8cba085cf01191e4ce8810bb37131c68
SHA256 658817f5f7722506868d9f717ee19b276fcab0d0ecac071d5d92a4178fdeb5b3
ssdeep
3072:ufimO4AYcpO4D2rdUz419nkz/XFm7cMW5Mz5OiqdwsnWJ/sLb5mFggyqWBOB80lv:ufiL4AYcp/EIzfXMeBdwsW1s3Mgfq+O6

authentihash d0960148746b43a17dd14a3ad924b22c3c5baff10757bf05312dc60595f91cb7
imphash 37e1b58ed044d043bfeff7c54a05a90e
File size 180.0 KB ( 184320 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (35.0%)
Win64 Executable (generic) (31.0%)
Windows screen saver (14.6%)
Win32 Dynamic Link Library (generic) (7.3%)
Win32 Executable (generic) (5.0%)
Tags
peexe

VirusTotal metadata
First submission 2012-08-14 12:41:21 UTC ( 3 years, 11 months ago )
Last submission 2015-09-04 16:17:07 UTC ( 10 months, 4 weeks ago )
File names 1344968547.184320.soft3.exe
b437274492e215c25f96711d04b44050
soft3.exe
658817f5f7722506868d9f717ee19b276fcab0d0ecac071d5d92a4178fdeb5b3.bin
184320_b437274492e215c25f96711d04b44050.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created processes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
HTTP requests
DNS requests
TCP connections
UDP communications