× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 6b00bc9c66954885b67f61df56614cbc7201e70697f5046476122090d160d703
File name: 18.exe.malware
Detection ratio: 25 / 53
Analysis date: 2014-07-04 08:12:27 UTC ( 4 years, 8 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.1738903 20140704
AntiVir TR/Crypt.EPACK.20648 20140704
Avast Win32:Dropper-gen [Drp] 20140704
AVG Generic36.UTH 20140704
Baidu-International Trojan.Win32.Zbot.CGen 20140704
BitDefender Trojan.GenericKD.1738903 20140704
Bkav HW32.Laneul.wsqe 20140702
Comodo UnclassifiedMalware 20140703
Emsisoft Trojan.GenericKD.1738903 (B) 20140704
ESET-NOD32 a variant of Win32/Kryptik.CFSQ 20140704
GData Trojan.GenericKD.1738903 20140704
Ikarus Win32.SuspectCrc 20140704
Kaspersky Hoax.Win32.ArchSMS.cbuyb 20140704
Malwarebytes Trojan.Ransom.ED 20140704
McAfee Artemis!D35F408F7D1E 20140704
McAfee-GW-Edition Heuristic.LooksLike.Win32.Suspicious.J 20140704
Microsoft PWS:Win32/Zbot 20140704
eScan Trojan.GenericKD.1738903 20140704
Norman Troj_Generic.UUPJW 20140704
Panda Trj/Chgt.C 20140704
Qihoo-360 HEUR/Malware.QVM19.Gen 20140704
Rising PE:Malware.XPACK-HIE/Heur!1.9C48 20140703
Sophos AV Mal/Generic-S 20140704
Tencent Win32.Trojan-psw.Archsms.Wpjj 20140704
TrendMicro-HouseCall Suspicious_GEN.F47V0703 20140704
AegisLab 20140704
Yandex 20140703
AhnLab-V3 20140703
Antiy-AVL 20140703
ByteHero 20140704
CAT-QuickHeal 20140704
ClamAV 20140704
CMC 20140704
Commtouch 20140704
DrWeb 20140704
F-Prot 20140704
Fortinet 20140704
Jiangmin 20140704
K7AntiVirus 20140703
K7GW 20140703
Kingsoft 20140704
NANO-Antivirus 20140704
nProtect 20140703
SUPERAntiSpyware 20140704
Symantec 20140704
TheHacker 20140703
TotalDefense 20140703
TrendMicro 20140704
VBA32 20140704
VIPRE 20140704
ViRobot 20140704
Zillya 20140703
Zoner 20140703
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2005-05-14 04:13:42
Entry Point 0x00001000
Number of sections 6
PE sections
PE imports
GetDeviceCaps
DeleteDC
CreateFontIndirectW
GetStockObject
GetObjectW
BitBlt
CreateCompatibleDC
DeleteObject
CreateCompatibleBitmap
GetUserDefaultUILanguage
GlobalGetAtomNameW
CopyFileW
UpdateResourceW
GetEnvironmentStringsA
GetTapeStatus
GetOEMCP
QueryPerformanceCounter
AssignProcessToJobObject
GetTickCount
IsBadWritePtr
EndUpdateResourceA
Toolhelp32ReadProcessMemory
CreatePipe
GetCurrentProcess
OpenProcess
EnumSystemLocalesW
GetDateFormatW
LoadLibraryExW
ReadProcessMemory
WritePrivateProfileSectionA
GetCurrentThread
GetProfileStringW
GetTimeFormatW
QueryPerformanceFrequency
LocalFlags
SetNamedPipeHandleState
SetUnhandledExceptionFilter
Process32First
lstrcpynA
IsValidLocale
SetHandleInformation
GetBinaryTypeA
FindCloseChangeNotification
SetCommMask
GetProcessShutdownParameters
GetEnvironmentVariableA
SearchPathA
AllocConsole
Sleep
GetCurrentThreadId
GetMessagePos
GetParent
HideCaret
GetCapture
PostQuitMessage
GetShellWindow
FindWindowA
RemoveMenu
GetDesktopWindow
GetClipboardFormatNameA
DrawIcon
mouse_event
GetMessageTime
GetWindow
GetSysColor
CheckDlgButton
GetKeyState
GetCursorPos
GetDlgCtrlID
IsZoomed
IsWindowEnabled
GetClientRect
GetDlgItem
IsIconic
GetWindowTextLengthA
SetMenuItemInfoW
ChangeMenuA
GetKeyboardLayout
GetTopWindow
GetForegroundWindow
GetSysColorBrush
GetCursor
GetFocus
GetActiveWindow
GetKeyboardType
IsChild
Number of PE resources by type
RT_GROUP_CURSOR 1
RT_CURSOR 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 2
GERMAN 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2005:05:14 05:13:42+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
166400

LinkerVersion
0.0

Warning
Error processing PE data dictionary

FileTypeExtension
exe

InitializedDataSize
57872

SubsystemVersion
4.1

EntryPoint
0x1000

OSVersion
4.0

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 d35f408f7d1e19a32073f3fc0e7f9331
SHA1 a9778b204d253b90586013223e5d0256bd137b1a
SHA256 6b00bc9c66954885b67f61df56614cbc7201e70697f5046476122090d160d703
ssdeep
1536:naXEMSPxCg3FrYylJ2spqCZ80CANbMMsDDQb3AMY2984IMilzD:ud4xCg1rd2EZ0ANbMZDDQkMY2T4lzD

authentihash 7bfbb698847f25fb8417c687b0a7cbe71190b45f83b6b443f0f9c6f5512f26ec
imphash f59a3e0da5742d8762584ddf175d31d7
File size 220.0 KB ( 225280 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable (generic) (42.4%)
Win16/32 Executable Delphi generic (19.5%)
Generic Win/DOS Executable (18.8%)
DOS Executable Generic (18.8%)
VXD Driver (0.2%)
Tags
peexe

VirusTotal metadata
First submission 2014-07-03 07:38:17 UTC ( 4 years, 8 months ago )
Last submission 2014-07-04 08:12:27 UTC ( 4 years, 8 months ago )
File names 18.exe.malware
9.exe
18.exe
g91SdSqjh.txt
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Moved files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
HTTP requests
DNS requests
TCP connections