× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 6b47f66e25741b6e368ae38ac4110573f2eb59fddb0cda6923f811f7985e388c
File name: VirusShare_8cc0ff469b131634838f0e3d8c3ad1d5
Detection ratio: 48 / 56
Analysis date: 2016-06-13 11:39:15 UTC ( 2 years, 11 months ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Symmi.665 20160613
AegisLab Troj.PSW32.W.QQPass.l9CX 20160613
AhnLab-V3 Trojan/Win32.Cospet 20160613
ALYac Gen:Variant.Symmi.665 20160613
Antiy-AVL Trojan/Win32.Cospet 20160613
Arcabit Trojan.Symmi.665 20160613
Avast Win32:Malware-gen 20160613
AVG Worm/Generic2.EJY 20160613
Avira (no cloud) TR/Spy.Gen 20160613
AVware Trojan-Spy.Win32.VB.Dialog!cobra (v) 20160613
Baidu Win32.Trojan.WisdomEyes.151026.9950.9999 20160612
BitDefender Gen:Variant.Symmi.665 20160613
CAT-QuickHeal TrojanPWS.VB.CX 20160613
ClamAV Win.Worm.Autorun-8429 20160613
CMC Trojan.Win32.Cospet!O 20160613
Comodo TrojWare.Win32.Cospet.K 20160613
Cyren W32/VB-Trojan-SMTR-based!Maximu 20160613
DrWeb Trojan.DownLoader5.41634 20160613
Emsisoft Gen:Variant.Symmi.665 (B) 20160613
ESET-NOD32 a variant of Win32/AutoRun.PSW.VB.H 20160613
F-Prot W32/VB-Trojan-SMTR-based!Maximu 20160613
F-Secure Gen:Variant.Symmi.665 20160613
Fortinet W32/Cospet.HA!tr 20160613
GData Gen:Variant.Symmi.665 20160613
Ikarus Trojan-PWS.Win32.VB 20160613
Jiangmin Trojan/Cospet.adx 20160613
K7AntiVirus Riskware ( 0040eff71 ) 20160613
K7GW Riskware ( 0040eff71 ) 20160613
Kaspersky Trojan.Win32.Scar.ogjn 20160613
Malwarebytes Backdoor.Bifrose 20160613
McAfee W32/Generic.worm!p2p 20160613
McAfee-GW-Edition BehavesLike.Win32.Autorun.dm 20160613
Microsoft Backdoor:Win32/VB.LU 20160613
eScan Gen:Variant.Symmi.665 20160613
NANO-Antivirus Trojan.Win32.Cospet.cojagi 20160613
Panda Trj/CI.A 20160612
Qihoo-360 HEUR/QVM03.0.Malware.Gen 20160613
Sophos AV Mal/VB-PN 20160613
SUPERAntiSpyware Trojan.Agent/Gen-Spyden 20160613
Symantec Suspicious.Cloud.2 20160613
Tencent Win32.Trojan.Comei.Eerg 20160613
TheHacker Trojan/Cospet.hie 20160612
TrendMicro TROJ_GEN.R047C0DF816 20160613
VBA32 Trojan.VBRA.02044 20160611
VIPRE Trojan-Spy.Win32.VB.Dialog!cobra (v) 20160613
ViRobot Trojan.Win32.A.Cospet.72310[h] 20160613
Yandex Trojan.Cospet!7xSwr3zl8fM 20160612
Zillya Trojan.Cospet.Win32.1537 20160612
Alibaba 20160613
Baidu-International 20160606
Bkav 20160613
Kingsoft 20160613
nProtect 20160610
TotalDefense 20160613
TrendMicro-HouseCall 20160613
Zoner 20160613
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Product Ymgsr
Original name server.exe
Internal name server
File version 5.00
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2010-11-03 17:51:57
Entry Point 0x0000131C
Number of sections 3
PE sections
Overlays
MD5 07b38e174bd9c19671380f5400d9754c
File type data
Offset 212992
Size 29302
Entropy 3.17
PE imports
Ord(320)
EVENT_SINK_QueryInterface
Ord(645)
Ord(518)
Ord(535)
Ord(648)
Ord(548)
Ord(516)
Ord(616)
EVENT_SINK_Invoke
Ord(531)
Ord(685)
Ord(558)
Ord(712)
Ord(710)
Ord(689)
Ord(525)
Ord(613)
EVENT_SINK_AddRef
Ord(681)
Ord(576)
Ord(651)
Ord(592)
EVENT_SINK_GetIDsOfNames
Ord(717)
Ord(666)
__vbaExceptHandler
Ord(632)
MethCallEngine
DllFunctionCall
Zombie_GetTypeInfoCount
Ord(626)
Ord(578)
Ord(714)
Ord(620)
Ord(517)
Ord(550)
Zombie_GetTypeInfo
Ord(599)
Ord(608)
Ord(570)
Ord(522)
Ord(519)
Ord(561)
Ord(612)
Ord(520)
Ord(694)
Ord(100)
Ord(526)
Ord(321)
Ord(319)
ProcCallEngine
Ord(711)
Ord(660)
Ord(601)
Ord(690)
EVENT_SINK_Release
Ord(595)
Ord(600)
Ord(617)
Ord(573)
Ord(610)
Ord(581)
Ord(528)
Ord(529)
Ord(580)
Ord(667)
Ord(716)
Ord(607)
Ord(571)
Ord(644)
Ord(606)
Ord(631)
Ord(579)
Ord(577)
Ord(619)
Ord(537)
Ord(598)
Ord(563)
Number of PE resources by type
RT_ICON 2
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 3
ENGLISH US 1
PE resources
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
16384

ImageVersion
5.0

ProductName
Ymgsr

FileVersionNumber
5.0.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

CharacterSet
Unicode

LinkerVersion
6.0

FileTypeExtension
exe

OriginalFileName
server.exe

MIMEType
application/octet-stream

FileVersion
5.0

TimeStamp
2010:11:03 18:51:57+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
server

ProductVersion
5.0

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
204800

FileSubtype
0

ProductVersionNumber
5.0.0.0

EntryPoint
0x131c

ObjectFileType
Executable application

File identification
MD5 8cc0ff469b131634838f0e3d8c3ad1d5
SHA1 e0ba6416174b74abb72a589d5962110003040f3d
SHA256 6b47f66e25741b6e368ae38ac4110573f2eb59fddb0cda6923f811f7985e388c
ssdeep
3072:EVMHmu8MBpiTEAQ5bW7dQ74t4O8deqGWp3ASklovCIlwnL7:EVMHjd5bodQS83FpsWnlwH

authentihash db73e913c6599ce6bcd576288d00bf75c30b8b1bfab2d0d949eedcd51e5d4528
imphash 3f0e7bf7bb3ddc57ed2cfcfe42ffd67d
File size 236.6 KB ( 242294 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (54.1%)
Win32 Executable MS Visual C++ (generic) (20.6%)
Win64 Executable (generic) (18.2%)
Win32 Executable (generic) (2.9%)
OS/2 Executable (generic) (1.3%)
Tags
peexe overlay

VirusTotal metadata
First submission 2016-06-08 09:48:00 UTC ( 2 years, 11 months ago )
Last submission 2016-06-08 09:48:00 UTC ( 2 years, 11 months ago )
File names VirusShare_8cc0ff469b131634838f0e3d8c3ad1d5
6zNrK3yqD.tif
VirusShare_8cc0ff469b131634838f0e3d8c3ad1d5
server.exe
server
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created processes
Created mutexes
Opened service managers
Opened services
Hooking activity
Runtime DLLs
Additional details
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.
UDP communications