× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 67021d88895c0bd43ae91a4a2e22ce6b14471bd938d25278d279b7691c026e85
File name: Dhl___Sendungsverfolgung___1.exe
Detection ratio: 43 / 56
Analysis date: 2015-05-17 16:27:33 UTC ( 4 years ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.Generic.13053442 20150517
Yandex Backdoor.Androm!a8hlAEWhGw4 20150516
AhnLab-V3 Trojan/Win32.MDA 20150517
ALYac Trojan.Generic.13053442 20150517
Antiy-AVL Trojan[Backdoor]/Win32.Androm 20150517
Avast Win32:Malware-gen 20150517
AVG Crypt4.EHZ 20150517
AVware Trojan.Win32.Generic!BT 20150517
Baidu-International Trojan.Win32.Injector.BXBY 20150517
BitDefender Trojan.Generic.13053442 20150517
CAT-QuickHeal TrojanPWS.Zbot.A4 20150516
Comodo UnclassifiedMalware 20150517
Cyren W32/Trojan.XMWL-5266 20150517
DrWeb Trojan.DownLoader12.61308 20150517
Emsisoft Trojan.Generic.13053442 (B) 20150517
ESET-NOD32 a variant of Win32/Injector.BXBY 20150517
F-Secure Trojan.Generic.13053442 20150517
Fortinet W32/BXBY!tr 20150517
GData Trojan.Generic.13053442 20150517
Ikarus Trojan.Win32.Injector 20150517
Jiangmin TrojanDropper.Injector.brhw 20150516
K7AntiVirus Riskware ( 0040eff71 ) 20150517
K7GW Riskware ( 0040eff71 ) 20150517
Kaspersky Backdoor.Win32.Androm.gnon 20150517
Malwarebytes Trojan.Agent.UPT 20150517
McAfee RDN/Generic BackDoor!bcj 20150517
McAfee-GW-Edition RDN/Generic BackDoor!bcj 20150517
Microsoft Trojan:Win32/Emotet.G 20150517
eScan Trojan.Generic.13053442 20150517
NANO-Antivirus Trojan.Win32.Injector.dprjwx 20150517
Norman Troj_Generic.ZSAKF 20150517
nProtect Trojan.Generic.13053442 20150515
Panda Trj/Genetic.gen 20150517
Qihoo-360 HEUR/QVM07.1.Malware.Gen 20150517
Sophos AV Mal/Zbot-TQ 20150517
SUPERAntiSpyware Trojan.Agent/Gen-Qudamah 20150516
Symantec Trojan.Zbot 20150517
Tencent Trojan.Win32.YY.Gen.24 20150517
TrendMicro TROJ_GEN.R0C1C0ECV15 20150517
TrendMicro-HouseCall TROJ_MALKRYP.SM7 20150517
VBA32 BScope.Malware-Cryptor.Hlux 20150515
VIPRE Trojan.Win32.Generic!BT 20150517
ViRobot Trojan.Win32.Agent.151552.CI[h] 20150517
AegisLab 20150517
Alibaba 20150517
Bkav 20150516
ByteHero 20150517
ClamAV 20150517
CMC 20150513
F-Prot 20150517
Kingsoft 20150517
Rising 20150517
TheHacker 20150515
TotalDefense 20150517
Zillya 20150515
Zoner 20150515
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-03-25 18:12:45
Entry Point 0x00004906
Number of sections 4
PE sections
PE imports
SwapBuffers
CreateCompatibleDC
BitBlt
ChoosePixelFormat
CreateCompatibleBitmap
gluOrtho2D
gluPerspective
GetModuleHandleW
GetStartupInfoW
Ord(3820)
Ord(2406)
Ord(2438)
Ord(4621)
Ord(6332)
Ord(1634)
Ord(2980)
Ord(5099)
Ord(2374)
Ord(3289)
Ord(5026)
Ord(2350)
Ord(5237)
Ord(4934)
Ord(5208)
Ord(4073)
Ord(4240)
Ord(5996)
Ord(5006)
Ord(4381)
Ord(5736)
Ord(4422)
Ord(4523)
Ord(5247)
Ord(5727)
Ord(4362)
Ord(2093)
Ord(641)
Ord(1822)
Ord(4148)
Ord(4616)
Ord(3167)
Ord(5298)
Ord(2873)
Ord(3917)
Ord(4717)
Ord(2392)
Ord(4852)
Ord(4462)
Ord(2383)
Ord(4539)
Ord(6370)
Ord(815)
Ord(4525)
Ord(3257)
Ord(2717)
Ord(2119)
Ord(5236)
Ord(4418)
Ord(3449)
Ord(2388)
Ord(5256)
Ord(338)
Ord(6371)
Ord(4431)
Ord(4343)
Ord(2502)
Ord(3076)
Ord(4414)
Ord(4233)
Ord(3566)
Ord(1633)
Ord(1739)
Ord(4430)
Ord(3142)
Ord(3060)
Ord(3193)
Ord(5285)
Ord(3733)
Ord(4617)
Ord(4932)
Ord(4955)
Ord(5813)
Ord(4234)
Ord(825)
Ord(2644)
Ord(4604)
Ord(5296)
Ord(4692)
Ord(5276)
Ord(5251)
Ord(567)
Ord(4401)
Ord(2874)
Ord(2506)
Ord(1716)
Ord(4335)
Ord(3345)
Ord(4886)
Ord(1143)
Ord(1767)
Ord(2371)
Ord(975)
Ord(4480)
Ord(4229)
Ord(401)
Ord(344)
Ord(823)
Ord(2505)
Ord(2047)
Ord(4537)
Ord(1851)
Ord(4958)
Ord(2504)
Ord(813)
Ord(640)
Ord(6048)
Ord(5257)
Ord(4607)
Ord(5157)
Ord(765)
Ord(4298)
Ord(4147)
Ord(2875)
Ord(6051)
Ord(5261)
Ord(3074)
Ord(4880)
Ord(2613)
Ord(4885)
Ord(4609)
Ord(4884)
Ord(554)
Ord(4269)
Ord(6375)
Ord(6193)
Ord(2977)
Ord(2116)
Ord(5233)
Ord(2641)
Ord(3864)
Ord(4268)
Ord(3053)
Ord(796)
Ord(1850)
Ord(5095)
Ord(674)
Ord(293)
Ord(4831)
Ord(5070)
Ord(4992)
Ord(1089)
Ord(657)
Ord(5573)
Ord(6076)
Ord(2715)
Ord(4426)
Ord(3398)
Ord(5055)
Ord(3346)
Ord(2397)
Ord(3693)
Ord(529)
Ord(1662)
Ord(4608)
Ord(4461)
Ord(5832)
Ord(4459)
Ord(4817)
Ord(3743)
Ord(986)
Ord(2377)
Ord(4893)
Ord(3825)
Ord(4502)
Ord(4419)
Ord(323)
Ord(4606)
Ord(4074)
Ord(1719)
Ord(2640)
Ord(2109)
Ord(4891)
Ord(4421)
Ord(3744)
Ord(4520)
Ord(3254)
Ord(1165)
Ord(4947)
Ord(3341)
Ord(1569)
Ord(4451)
Ord(5273)
Ord(4582)
Ord(402)
Ord(2534)
Ord(1817)
Ord(4347)
Ord(1658)
Ord(4623)
Ord(324)
Ord(560)
Ord(2391)
Ord(1937)
Ord(4158)
Ord(4847)
Ord(1768)
Ord(4704)
Ord(5297)
Ord(3793)
Ord(617)
Ord(3826)
Ord(5193)
Ord(2971)
Ord(5468)
Ord(5096)
Ord(1720)
Ord(4075)
Ord(5250)
Ord(652)
Ord(5094)
Ord(4420)
Ord(2627)
Ord(289)
Ord(4364)
Ord(2444)
Ord(5499)
Ord(4435)
Ord(5303)
Ord(4518)
Ord(6171)
Ord(2546)
Ord(4583)
Ord(5280)
Ord(6617)
Ord(807)
Ord(561)
Ord(5781)
Ord(411)
Ord(2382)
Ord(3054)
Ord(3658)
Ord(6113)
Ord(6372)
Ord(3131)
Ord(2375)
Ord(4154)
Ord(5059)
Ord(3397)
Ord(2550)
Ord(6211)
Ord(4072)
Ord(4103)
Ord(4241)
Ord(5279)
Ord(4370)
Ord(613)
Ord(976)
Ord(2437)
Ord(296)
Ord(5649)
Ord(5239)
Ord(5710)
Ord(3592)
Ord(5286)
Ord(4690)
Ord(3621)
Ord(4580)
Ord(5098)
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
??1_Winit@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??_7runtime_error@std@@6B@
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ
??0Init@ios_base@std@@QAE@XZ
_purecall
__CxxFrameHandler
_except_handler3
_adjust_fdiv
_initterm
__p__fmode
??1type_info@@UAE@XZ
__p__commode
__setusermatherr
__dllonexit
_onexit
__wgetmainargs
_ftol
_XcptFilter
??1exception@@UAE@XZ
exit
_controlfp
__set_app_type
strlen
_exit
_wcmdln
glVertex2f
glPopMatrix
glClearColor
wglCreateContext
glCallList
glFlush
glBegin
glColor3f
glClear
glPopAttrib
glRotatef
glLoadIdentity
glCallLists
glPushAttrib
glTranslated
glVertex3d
wglMakeCurrent
glVertex3f
glViewport
glRasterPos3f
wglGetCurrentContext
glNewList
wglDeleteContext
glPushMatrix
glMatrixMode
glEnd
glOrtho
glListBase
glColor3ub
glEndList
glFrontFace
glDeleteLists
EmptyClipboard
GetSystemMetrics
InvalidateRect
UpdateWindow
EnableWindow
SetClipboardData
LoadCursorW
GetClientRect
ReleaseDC
CloseClipboard
SetCursor
GetDC
OpenClipboard
Number of PE resources by type
RT_STRING 14
RT_MENU 4
RT_CURSOR 3
RT_DIALOG 2
RT_GROUP_CURSOR 2
Struct(77) 1
RT_ICON 1
Struct(241) 1
RT_ACCELERATOR 1
RT_BITMAP 1
RT_GROUP_ICON 1
Number of PE resources by language
KOREAN 14
ENGLISH US 14
NEUTRAL 3
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2015:03:25 19:12:45+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
16384

LinkerVersion
6.0

EntryPoint
0x4906

InitializedDataSize
131072

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 14966c5cc8646011f73aa14dfd6ebe06
SHA1 a9ab399eeae4f6317cd017282ac662ba1071c57d
SHA256 67021d88895c0bd43ae91a4a2e22ce6b14471bd938d25278d279b7691c026e85
ssdeep
3072:A/KAAMMs1r7jXKt3C4Y1u7FyYTJ/O+DWo67ku8oBB0dWW:A/XAMMsBuEJ3YNTDWF7ku8LdWW

authentihash 7c29f6df482e65d7f8455c5b5da965b2c115c081ec86b1652332fcf63cb546cc
imphash 1d4b152448ea20ad37925bb7122ff603
File size 148.0 KB ( 151552 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (64.6%)
Win32 Dynamic Link Library (generic) (15.4%)
Win32 Executable (generic) (10.5%)
Generic Win/DOS Executable (4.6%)
DOS Executable Generic (4.6%)
Tags
peexe

VirusTotal metadata
First submission 2015-03-26 08:21:10 UTC ( 4 years, 1 month ago )
Last submission 2016-11-24 13:14:28 UTC ( 2 years, 5 months ago )
File names Dhl___Sendungsverfolgung___0038478_993489_000022____Status__add__lang___de__in___0000022.exe
Dhl___Sendungsverfolgung___1.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Code injections in the following processes
Opened mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
UDP communications