× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 65984e264c12cb6576b602cce06bed2ae460827e103ce1966cc44ca0cdf1e596
File name: 11.exe
Detection ratio: 25 / 57
Analysis date: 2015-06-22 13:27:33 UTC ( 3 years, 4 months ago )
Antivirus Result Update
Ad-Aware Dropped:Trojan.Generic.14601269 20150622
Yandex Riskware.Agent! 20150621
Arcabit Trojan.Generic.DDECC35 20150622
Avast SFX:Agent-E [Trj] 20150622
Avira (no cloud) TR/Cmdow.88576 20150622
AVware Trojan.Win32.Generic!BT 20150622
BitDefender Dropped:Trojan.Generic.14601269 20150622
ClamAV Win.Trojan.Generickd-459 20150622
Comodo UnclassifiedMalware 20150622
Emsisoft Dropped:Trojan.Generic.14601269 (B) 20150622
ESET-NOD32 a variant of Win32/CMDOW.A potentially unsafe 20150622
F-Secure Dropped:Trojan.Generic.14601269 20150622
Fortinet Riskware/CMDOW 20150622
Ikarus Trojan.Cmdow 20150622
K7AntiVirus Trojan ( 00470eed1 ) 20150622
K7GW Trojan ( 00470eed1 ) 20150622
McAfee RDN/Generic PUP.x!ctj 20150622
McAfee-GW-Edition RDN/Generic PUP.x!ctj 20150622
eScan Dropped:Trojan.Generic.14601269 20150622
NANO-Antivirus Trojan.Win32.Cmdow.dmjuol 20150622
Symantec SecurityRisk.Cmdow 20150622
TrendMicro TROJ_GE.7B0060F6 20150622
TrendMicro-HouseCall TROJ_GE.7B0060F6 20150622
VBA32 Trojan.Staser 20150620
VIPRE Trojan.Win32.Generic!BT 20150622
AegisLab 20150622
AhnLab-V3 20150621
Alibaba 20150621
ALYac 20150622
Antiy-AVL 20150622
AVG 20150622
Baidu-International 20150622
Bkav 20150622
ByteHero 20150622
CAT-QuickHeal 20150622
CMC 20150622
Cyren 20150622
DrWeb 20150622
F-Prot 20150622
GData 20150622
Jiangmin 20150620
Kaspersky 20150622
Kingsoft 20150622
Malwarebytes 20150622
Microsoft 20150622
nProtect 20150622
Panda 20150622
Qihoo-360 20150622
Rising 20150618
Sophos AV 20150622
SUPERAntiSpyware 20150621
Tencent 20150622
TheHacker 20150622
TotalDefense 20150622
ViRobot 20150622
Zillya 20150621
Zoner 20150622
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
F-PROT NSIS, RAR, UPX
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-12-02 10:07:30
Entry Point 0x0001D5DB
Number of sections 4
PE sections
Overlays
MD5 8fc7453139a840498a3299b4e0c2ec2d
File type application/x-rar
Offset 367616
Size 1691038
Entropy 8.00
PE imports
RegCreateKeyExW
RegCloseKey
OpenProcessToken
RegSetValueExW
RegOpenKeyExW
SetFileSecurityW
AdjustTokenPrivileges
LookupPrivilegeValueW
RegQueryValueExW
InitCommonControlsEx
GetSaveFileNameW
GetOpenFileNameW
CommDlgExtendedError
GetDeviceCaps
DeleteDC
SelectObject
StretchBlt
GetObjectW
CreateDIBSection
CreateCompatibleDC
DeleteObject
CreateCompatibleBitmap
GetStdHandle
GetConsoleOutputCP
FileTimeToSystemTime
WaitForSingleObject
GetFileAttributesW
SystemTimeToTzSpecificLocalTime
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
OpenFileMappingW
GetConsoleMode
GetLocaleInfoA
FreeEnvironmentStringsW
GetLocaleInfoW
SetStdHandle
WideCharToMultiByte
GetStringTypeA
GetTempPathW
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
GetOEMCP
GetExitCodeProcess
InitializeCriticalSection
FindClose
InterlockedDecrement
MoveFileW
SetFileAttributesW
SetLastError
GetSystemTime
DeviceIoControl
GetModuleFileNameW
IsDebuggerPresent
ExitProcess
GetModuleFileNameA
SetThreadPriority
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
SetFilePointer
GetFullPathNameW
CreateThread
SetEnvironmentVariableW
MoveFileExW
SetUnhandledExceptionFilter
TzSpecificLocalTimeToSystemTime
TerminateProcess
CreateSemaphoreW
WriteConsoleA
SetCurrentDirectoryW
GlobalAlloc
LocalFileTimeToFileTime
SetEndOfFile
GetCurrentThreadId
InterlockedIncrement
GetNumberFormatW
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
LoadLibraryW
GetVersionExW
FreeLibrary
QueryPerformanceCounter
GetTickCount
TlsAlloc
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetStartupInfoA
GetDateFormatW
SetEvent
DeleteFileW
GetProcAddress
CreateFileMappingW
CompareStringW
WriteFile
RemoveDirectoryW
ExpandEnvironmentStringsW
FindNextFileW
CreateDirectoryW
ResetEvent
FindFirstFileW
GetProcessAffinityMask
CreateEventW
CreateFileW
GetFileType
TlsSetValue
CreateFileA
HeapAlloc
LeaveCriticalSection
GetLastError
SystemTimeToFileTime
LCMapStringW
GetShortPathNameW
HeapCreate
GetConsoleCP
LCMapStringA
GetTimeFormatW
GetEnvironmentStringsW
IsDBCSLeadByte
FileTimeToLocalFileTime
GetEnvironmentStrings
GetCurrentDirectoryW
GetCurrentProcessId
SetFileTime
GetCommandLineW
GetCPInfo
HeapSize
GetCommandLineA
RaiseException
ReleaseSemaphore
MapViewOfFile
TlsFree
GetModuleHandleA
ReadFile
CloseHandle
GetACP
GetModuleHandleW
GetLongPathNameW
IsValidCodePage
UnmapViewOfFile
FindResourceW
VirtualFree
Sleep
VirtualAlloc
CreateHardLinkW
VariantInit
SHBrowseForFolderW
SHChangeNotify
SHFileOperationW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
ShellExecuteExW
SHGetFileInfoW
SHGetMalloc
SHAutoComplete
MapWindowPoints
SetFocus
GetParent
UpdateWindow
EndDialog
LoadBitmapW
SetWindowTextW
DefWindowProcW
GetWindowTextW
GetMessageW
ShowWindow
SetWindowPos
wvsprintfW
GetSystemMetrics
SetWindowLongW
IsWindow
SendMessageW
GetWindowRect
EnableWindow
CharUpperW
DialogBoxParamW
SendDlgItemMessageW
GetDlgItemTextW
PostMessageW
GetSysColor
SetDlgItemTextW
GetDC
GetWindowLongW
ReleaseDC
DestroyIcon
TranslateMessage
IsWindowVisible
LoadStringW
GetClientRect
GetDlgItem
GetWindow
OemToCharBuffA
DispatchMessageW
MessageBoxW
PeekMessageW
GetClassNameW
CopyRect
WaitForInputIdle
LoadCursorW
LoadIconW
FindWindowExW
CreateWindowExW
RegisterClassExW
SetForegroundWindow
DestroyWindow
CreateStreamOnHGlobal
CoCreateInstance
CLSIDFromString
OleInitialize
OleUninitialize
Number of PE resources by type
RT_STRING 9
RT_ICON 8
RT_DIALOG 6
RT_MANIFEST 1
RT_BITMAP 1
RT_GROUP_ICON 1
Number of PE resources by language
RUSSIAN NEUTRAL 17
NEUTRAL DEFAULT 9
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2014:12:02 11:07:30+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
165376

LinkerVersion
9.0

FileTypeExtension
exe

InitializedDataSize
201216

SubsystemVersion
5.0

EntryPoint
0x1d5db

OSVersion
5.0

ImageVersion
0.0

UninitializedDataSize
0

Compressed bundles
File identification
MD5 faf5eff505a66ec4e61707f8756684d6
SHA1 ad4f25cc7d0f9c04da4f6bf06b4e5f78da0681a5
SHA256 65984e264c12cb6576b602cce06bed2ae460827e103ce1966cc44ca0cdf1e596
ssdeep
24576:t20gPgFKCrZqZa13axDFKiEECT/gTonENjKozG7kCYruP8BrQc6AkWH3K3VYRPK3:EKP4canKi1Zzr8krQcdNHpNna3jHmQ

authentihash 60141cf71ee4fd326878e6cd0c73ff65c1cc70927fcaaa12562fa2b86d2631af
imphash 4cfda23baf1e2e983ddfeca47a5c755a
File size 2.0 MB ( 2058654 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
nsis peexe upx overlay

VirusTotal metadata
First submission 2015-06-22 13:27:33 UTC ( 3 years, 4 months ago )
Last submission 2015-06-22 13:27:33 UTC ( 3 years, 4 months ago )
File names 11.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.