× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 68a4c22ca44ed256b20ee45d7a5fba8cb96d1ac98062d645b52d03e4a360966c
File name: fsdfs.Win32.DDOSTF.mmd
Detection ratio: 39 / 55
Analysis date: 2016-04-08 14:30:35 UTC ( 3 years, 1 month ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Zusy.175358 20160408
AegisLab Troj.W32.Gen.mDJ4 20160408
AhnLab-V3 Trojan/Win32.Scar 20160408
ALYac Gen:Variant.Zusy.175358 20160408
Arcabit Trojan.Zusy.D2ACFE 20160408
Avast Win32:Nitol-A [Trj] 20160408
AVG Generic35.AMJ 20160408
Baidu Win32.Trojan.ServStart.ax 20160408
BitDefender Gen:Variant.Zusy.175358 20160408
CAT-QuickHeal Trojan.Microfake.018196 20160407
ClamAV Win.Trojan.Agent-1346504 20160408
Cyren W32/Nitol.K.gen!Eldorado 20160408
DrWeb Trojan.DownLoader18.16955 20160408
Emsisoft Gen:Variant.Zusy.175358 (B) 20160408
ESET-NOD32 a variant of Win32/Agent.RMM 20160408
F-Prot W32/Nitol.K.gen!Eldorado 20160408
F-Secure Gen:Variant.Zusy.175358 20160408
Fortinet W32/Staser.AD!tr 20160404
GData Gen:Variant.Zusy.175358 20160408
Ikarus Trojan.Win32.Agent 20160408
Jiangmin Trojan.Generic.ovbd 20160408
K7AntiVirus Trojan ( 0040f8a91 ) 20160408
K7GW Trojan ( 0040f8a91 ) 20160404
Kaspersky HEUR:Trojan.Win32.Generic 20160408
Malwarebytes Trojan.FakeMS.EDGen 20160408
McAfee Generic.dx!DE61DE242B55 20160408
McAfee-GW-Edition BehavesLike.Win32.Virut.pm 20160408
Microsoft DDoS:Win32/Nitol!rfn 20160408
eScan Gen:Variant.Zusy.175358 20160408
NANO-Antivirus Trojan.Win32.MicroFake.cchebz 20160408
Panda Trj/Genetic.gen 20160408
Qihoo-360 HEUR/QVM41.2.Malware.Gen 20160408
Rising PE:Trojan.HijcLpk!1.9987 [F] 20160408
Sophos AV Mal/Nitol-C 20160408
Tencent Win32.Trojan.Fakeusp.Htca 20160408
TrendMicro WORM_NITOL.SMB0 20160408
TrendMicro-HouseCall WORM_NITOL.SMB0 20160408
VBA32 Trojan.MicroFake 20160408
Yandex Trojan.MicroFake!Nyu0d5RIIDk 20160406
Alibaba 20160408
Antiy-AVL 20160408
AVware 20160408
Baidu-International 20160408
Bkav 20160408
CMC 20160407
Comodo 20160408
Kingsoft 20160408
nProtect 20160408
SUPERAntiSpyware 20160408
Symantec 20160408
TheHacker 20160408
VIPRE 20160408
ViRobot 20160408
Zillya 20160408
Zoner 20160408
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
? Microsoft Corporation. All rights reserved.

Product Microsoft? Windows? Operating System
Original name EhStorAuthn.exe
File version 6.1.7600.16385 (win7_rtm.090713-1255)
Description Windows Enhanced Storage Password Authentication Program
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-02-27 13:03:55
Entry Point 0x00007302
Number of sections 4
PE sections
PE imports
CloseServiceHandle
RegOpenKeyA
RegCloseKey
StartServiceCtrlDispatcherA
OpenServiceA
SetServiceStatus
CreateServiceA
RegQueryValueExA
LockServiceDatabase
RegSetValueExA
StartServiceA
ChangeServiceConfig2A
RegOpenKeyExA
OpenSCManagerA
UnlockServiceDatabase
RegisterServiceCtrlHandlerA
GetLastError
GetSystemInfo
lstrlenA
GetFileAttributesA
GlobalFree
WaitForSingleObject
CopyFileA
GetTickCount
GetModuleFileNameA
EndUpdateResourceA
LoadLibraryA
WinExec
UpdateResourceA
GetStartupInfoA
SizeofResource
GetFileSize
lstrcatA
LockResource
GetProcAddress
GetTempPathA
CreateThread
GetModuleHandleA
GetSystemDefaultUILanguage
ReadFile
GetCurrentProcessId
WriteFile
GetCurrentProcess
EnumResourceNamesA
CloseHandle
GetComputerNameA
ExitThread
MoveFileExA
MoveFileA
CreateProcessA
LoadResource
lstrcpyA
GlobalAlloc
Sleep
CreateFileA
FindResourceA
BeginUpdateResourceA
strncmp
rand
_acmdln
_ftol
memset
strcat
__dllonexit
fprintf
printf
strlen
_except_handler3
??2@YAPAXI@Z
_onexit
exit
sprintf
__setusermatherr
_local_unwind2
__p__commode
localtime
__CxxFrameHandler
srand
_exit
_adjust_fdiv
??3@YAXPAX@Z
free
atoi
__getmainargs
memcpy
_XcptFilter
strstr
strcpy
__p__fmode
time
_initterm
_controlfp
__set_app_type
_iob
wsprintfA
InternetReadFile
InternetOpenUrlA
InternetCloseHandle
InternetOpenA
setsockopt
WSASocketA
htonl
socket
__WSAFDIsSet
WSAIoctl
closesocket
inet_addr
send
WSACleanup
WSAStartup
gethostbyname
select
sendto
htons
recv
WSAGetLastError
connect
GetIfTable
Number of PE resources by type
RT_ICON 1
RT_VERSION 1
RT_RCDATA 1
RT_GROUP_ICON 1
Number of PE resources by language
CHINESE SIMPLIFIED 4
PE resources
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
20992

ImageVersion
0.0

ProductName
Microsoft? Windows? Operating System

FileVersionNumber
1.0.0.2

LanguageCode
Chinese (Simplified)

FileFlagsMask
0x003f

FileDescription
Windows Enhanced Storage Password Authentication Program

CharacterSet
Unicode

LinkerVersion
6.0

FileTypeExtension
exe

OriginalFileName
EhStorAuthn.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
6.1.7600.16385 (win7_rtm.090713-1255)

TimeStamp
2016:02:27 14:03:55+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
6.1.7600.16385

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Windows NT 32-bit

LegalCopyright
? Microsoft Corporation. All rights reserved.

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
26112

FileSubtype
0

ProductVersionNumber
1.0.0.2

EntryPoint
0x7302

ObjectFileType
Executable application

File identification
MD5 92a894ad5a7fca9fd6d4c4ebf21b21de
SHA1 f2dfa87e6de8d0a7b9e6aa493da8fa31bc6cf1e2
SHA256 68a4c22ca44ed256b20ee45d7a5fba8cb96d1ac98062d645b52d03e4a360966c
ssdeep
768:c7RBhwxj2Mtj7EELw/7a1vhMPeOtCMJJ19dWUAohfjiT5edip:clo2MtVMjS5MPEMJPv0qfWT5M4

authentihash 9d75e070fd58cf84810a57f3843bc9704c0b55e293314aee92f5d5b4dee85a83
imphash fdd2947214548fe703c42f54ac249249
File size 46.5 KB ( 47616 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (40.9%)
Win64 Executable (generic) (36.2%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
Win32 Executable MS Visual FoxPro 7 (2.9%)
Tags
peexe

VirusTotal metadata
First submission 2016-04-08 14:30:35 UTC ( 3 years, 1 month ago )
Last submission 2016-04-08 14:30:35 UTC ( 3 years, 1 month ago )
File names EhStorAuthn.exe
fsdfs.Win32.DDOSTF.mmd
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Runtime DLLs
UDP communications