× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 68908a9240c201b2d2dbc55e02b4277b2f883830201a0c4d2a031a30aa838f4d
File name: oBHemft.exe
Detection ratio: 43 / 54
Analysis date: 2015-11-16 17:44:16 UTC ( 3 years ago ) View latest
Antivirus Result Update
Yandex Worm.Ngrbot!cbA3O5D1jzs 20151116
AhnLab-V3 Trojan/Win32.MDA 20151116
ALYac Gen:Variant.Zusy.142016 20151116
Antiy-AVL Worm/Win32.Ngrbot 20151116
Arcabit Trojan.Zusy.D22AC0 20151116
Avast Win32:Emotet-AF [Cryp] 20151116
AVG BackDoor.SmallX.BTA 20151116
Avira (no cloud) TR/Crypt.Xpack.187282 20151116
AVware Trojan.Win32.Generic!BT 20151116
Baidu-International Worm.Win32.Ngrbot.aoxr 20151116
BitDefender Gen:Variant.Zusy.142016 20151116
Bkav W32.Cloda37.Trojan.0c71 20151116
CAT-QuickHeal Ransom.Crowti.B4 20151116
Comodo UnclassifiedMalware 20151116
Cyren W32/Agent.XL.gen!Eldorado 20151116
DrWeb Trojan.Packed.30714 20151116
Emsisoft Gen:Variant.Zusy.142016 (B) 20151116
ESET-NOD32 Win32/Dorkbot.B 20151116
F-Prot W32/Agent.XL.gen!Eldorado 20151116
F-Secure Gen:Variant.Zusy.142016 20151116
Fortinet W32/Kryptik.DTHD!tr 20151116
GData Gen:Variant.Zusy.142016 20151116
Ikarus Trojan.Win32.Crypt 20151116
K7AntiVirus Trojan ( 0001589d1 ) 20151116
K7GW Trojan ( 0001589d1 ) 20151116
Kaspersky Worm.Win32.Ngrbot.aoxr 20151116
Malwarebytes Backdoor.Bot 20151116
McAfee RDN/Sdbot.worm!ce 20151116
McAfee-GW-Edition BehavesLike.Win32.PackedAP.fh 20151116
Microsoft Worm:Win32/Dorkbot 20151116
eScan Gen:Variant.Zusy.142016 20151116
NANO-Antivirus Trojan.Win32.Ngrbot.drcnne 20151116
Panda Trj/Genetic.gen 20151115
Qihoo-360 HEUR/QVM10.1.Malware.Gen 20151116
Sophos AV Troj/Wonton-RK 20151116
Symantec Trojan.Gen 20151116
Tencent Win32.Worm.Ngrbot.Wlyz 20151116
TrendMicro TROJ_FORUCON.BMC 20151116
TrendMicro-HouseCall TROJ_FORUCON.BMC 20151116
VBA32 Malware-Cryptor.Limpopo 20151116
VIPRE Trojan.Win32.Generic!BT 20151116
ViRobot Trojan.Win32.S.Agent.329728.BU[h] 20151116
Zillya Worm.Ngrbot.Win32.6954 20151116
AegisLab 20151116
Alibaba 20151116
ByteHero 20151116
ClamAV 20151116
CMC 20151113
Jiangmin 20151115
nProtect 20151116
Rising 20151116
SUPERAntiSpyware 20151116
TheHacker 20151113
Zoner 20151115
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright Bloodshed Software

Product Dev-C++
Original name devcpp.exe
Internal name devcpp.exe
File version 4.9.9.2
Description Dev-C++ IDE
Comments Under the GNU General Public License
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-04-29 08:16:25
Entry Point 0x00030C42
Number of sections 4
PE sections
PE imports
RegSetValueExW
CommDlgExtendedError
CreatePatternBrush
RectVisible
GetClipBox
CreateRectRgn
CreateFontIndirectW
GetStdHandle
ReleaseMutex
EncodePointer
ReplaceFileW
GetProcessId
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetLocaleInfoA
FreeEnvironmentStringsW
SetStdHandle
GetCommModemStatus
GetTempPathA
WideCharToMultiByte
GetThreadIOPendingFlag
GetStringTypeA
WriteFile
GetSystemTimeAsFileTime
TransmitCommChar
HeapReAlloc
GetStringTypeW
SetEvent
IsWow64Process
InitAtomTable
TlsGetValue
GetFullPathNameW
SetLastError
PeekNamedPipe
GetWriteWatch
GetNamedPipeInfo
RemoveDirectoryW
IsDebuggerPresent
HeapAlloc
GetModuleFileNameA
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
LockFileEx
TlsSetValue
SetUnhandledExceptionFilter
GetMailslotInfo
GetSystemDirectoryA
SetHandleInformation
SetPriorityClass
TerminateProcess
GetVersion
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
TerminateThread
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
VirtualProtect
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetStartupInfoA
GetProcAddress
GetProcessHeap
GetTempFileNameW
GetModuleFileNameW
GetFileInformationByHandle
GetCurrentThreadId
WTSGetActiveConsoleSessionId
GetTimeFormatA
CreateFileMappingA
FindFirstFileW
EscapeCommFunction
GetFileType
SetMessageWaitingIndicator
ExitProcess
PrepareTape
InterlockedIncrement
GetLastError
LCMapStringW
HeapCreate
GetTapeStatus
LCMapStringA
GetEnvironmentStringsW
CancelWaitableTimer
GetEnvironmentStrings
GetCurrentProcessId
LockResource
GetCommandLineW
GetCPInfo
HeapSize
GetCommandLineA
GetCurrentThread
SuspendThread
DecodeSystemPointer
TlsFree
PulseEvent
GetACP
GetModuleHandleW
IsValidCodePage
UnmapViewOfFile
VirtualFree
Sleep
VirtualAlloc
MapUserPhysicalPagesScatter
DragAcceptFiles
SHGetFileInfoA
SHBrowseForFolderA
GetMessageA
GetLayeredWindowAttributes
GetCaretBlinkTime
GetOpenClipboardWindow
GetParent
GetScrollBarInfo
IsCharAlphaNumericA
PostQuitMessage
GetClipCursor
CreateCaret
GetProcessDefaultLayout
MapVirtualKeyW
CharPrevW
IsWinEventHookInstalled
SetClassLongA
RemoveMenu
GetWindowThreadProcessId
GetSystemMetrics
IsWindow
GetMenu
ScrollWindowEx
SetDlgItemTextA
DrawIcon
GetMessageExtraInfo
GetClipboardViewer
ChangeClipboardChain
GetMenuItemRect
GetMessageTime
GetDC
CopyImage
GetCursorPos
ChildWindowFromPointEx
GetDlgCtrlID
EndDeferWindowPos
CheckMenuItem
DefFrameProcW
GetAltTabInfoA
GetTitleBarInfo
OemKeyScan
DrawIconEx
IsWindowVisible
GetWindowPlacement
GetMenuCheckMarkDimensions
IsCharAlphaNumericW
WinHelpA
IsIconic
InSendMessage
TrackMouseEvent
IsClipboardFormatAvailable
LoadImageW
TrackPopupMenu
CountClipboardFormats
GetGuiResources
IsDlgButtonChecked
KillTimer
BeginDeferWindowPos
CreateIconFromResource
IsWindowUnicode
IsMenu
RealChildWindowFromPoint
GetMenuItemID
GetClipboardFormatNameW
OpenClipboard
WindowFromDC
ClosePrinter
OleCreateMenuDescriptor
Number of PE resources by type
RT_RCDATA 1
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
NEUTRAL 2
ENGLISH US 1
PE resources
ExifTool file metadata
SubsystemVersion
5.0

Comments
Under the GNU General Public License

InitializedDataSize
108032

ImageVersion
0.0

ProductName
Dev-C++

FileVersionNumber
4.9.9.2

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Windows, Latin1

LinkerVersion
9.0

FileTypeExtension
exe

OriginalFileName
devcpp.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
4.9.9.2

TimeStamp
2015:04:29 09:16:25+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
devcpp.exe

ProductVersion
5

FileDescription
Dev-C++ IDE

OSVersion
5.0

FileOS
Win32

LegalCopyright
Copyright Bloodshed Software

MachineType
Intel 386 or later, and compatibles

CompanyName
Bloodshed Software

CodeSize
220672

FileSubtype
0

ProductVersionNumber
4.9.9.2

EntryPoint
0x30c42

ObjectFileType
Executable application

File identification
MD5 64256a277369d8965d9364d660a84e49
SHA1 c63f7f3b08cf8a00c3b0fbdb2bfe3ae981dd1c32
SHA256 68908a9240c201b2d2dbc55e02b4277b2f883830201a0c4d2a031a30aa838f4d
ssdeep
6144:LQwhv/+xycU3gcMVbsktheQIelbjASSCLfNHMwozD2:UY/+xyJ3gcMVdnbjNnL1sNzC

authentihash 2260e9bbd6cce862434a3e49f86adb8688caec5653f843d654ab5bbdbbafd1f4
imphash d4495d09f35e79e4414a6c60a306ad4a
File size 322.0 KB ( 329728 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 EXE PECompact compressed (generic) (46.2%)
Win32 Executable MS Visual C++ (generic) (34.7%)
Win32 Dynamic Link Library (generic) (7.3%)
Win32 Executable (generic) (5.0%)
OS/2 Executable (generic) (2.2%)
Tags
peexe

VirusTotal metadata
First submission 2015-04-30 16:32:08 UTC ( 3 years, 7 months ago )
Last submission 2015-11-16 17:44:16 UTC ( 3 years ago )
File names oBHemft.exe
uezezy.exe
68908A9240C201B2D2DBC55E02B4277B2F883830201A0C4D2A031A30AA838F4D.EXE
devcpp.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created processes
Opened mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
UDP communications