× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 6bdd9a1a11bd454683c26bfd48b5f81354929140edd5a19ee778a03992c2a23e
File name: 02d0a90b56c3109be8dae1fa3df512edfec357d3
Detection ratio: 34 / 54
Analysis date: 2014-06-13 18:34:25 UTC ( 4 years, 9 months ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Graftor.144106 20140613
AhnLab-V3 Dropper/Win32.Necurs 20140613
AntiVir TR/Crypt.Xpack.69724 20140613
Avast Win32:Dropper-gen [Drp] 20140613
AVG Inject2.AJSF 20140613
Baidu-International Trojan.Win32.Zbot.cgen 20140613
BitDefender Gen:Variant.Graftor.144106 20140613
Bkav HW32.Laneul.bwwe 20140613
DrWeb Win32.HLLW.Autoruner2.1926 20140613
Emsisoft Gen:Variant.Graftor.144106 (B) 20140613
ESET-NOD32 a variant of Win32/Injector.BFPW 20140613
F-Secure Gen:Variant.Graftor.144106 20140613
Fortinet W32/Generic.BFPW!tr 20140613
GData Gen:Variant.Graftor.144106 20140613
Ikarus Trojan.Inject2 20140613
K7AntiVirus Riskware ( 0040eff71 ) 20140613
K7GW Riskware ( 0040eff71 ) 20140613
Kaspersky Trojan-Spy.Win32.Zbot.sbei 20140613
Kingsoft Win32.Troj.ZBot.sb.(kcloud) 20140613
Malwarebytes Trojan.Ransom.ED 20140613
McAfee RDN/Generic Dropper!up 20140613
McAfee-GW-Edition RDN/Generic Dropper!up 20140613
Microsoft PWS:Win32/Zbot.gen!Y 20140613
eScan Gen:Variant.Graftor.144106 20140613
NANO-Antivirus Trojan.Win32.Androm.daxbsa 20140613
Norman Troj_Generic.UIFMH 20140613
Panda Trj/CI.A 20140613
Qihoo-360 Win32/Trojan.e3a 20140613
Sophos AV Troj/Wonton-DS 20140613
Symantec Trojan.ADH.2 20140613
Tencent Win32.Trojan.Crypt.Pgni 20140613
TrendMicro-HouseCall TROJ_GEN.R0C1H07FB14 20140613
VBA32 BScope.Malware-Cryptor.Ngrbot 20140613
VIPRE Trojan.Win32.Generic!BT 20140613
AegisLab 20140613
Yandex 20140612
Antiy-AVL 20140611
ByteHero 20140613
CAT-QuickHeal 20140613
ClamAV 20140613
CMC 20140613
Commtouch 20140613
Comodo 20140613
F-Prot 20140613
Jiangmin 20140613
nProtect 20140613
Rising 20140613
SUPERAntiSpyware 20140613
TheHacker 20140612
TotalDefense 20140613
TrendMicro 20140613
ViRobot 20140613
Zillya 20140612
Zoner 20140613
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-06-11 13:23:04
Entry Point 0x0000255F
Number of sections 4
PE sections
PE imports
SetThreadLocale
GetStdHandle
FileTimeToDosDateTime
FileTimeToSystemTime
GetFileAttributesA
WaitForSingleObject
FindFirstFileW
EncodePointer
CreateTimerQueue
GetFileAttributesW
GetCommandLineW
GetLocalTime
CreatePipe
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
LocalAlloc
UnhandledExceptionFilter
SetErrorMode
FreeEnvironmentStringsW
lstrcatW
HeapSize
GetFullPathNameA
GetTempPathA
GetCPInfo
LoadLibraryW
GetDiskFreeSpaceW
WriteFile
GetSystemTimeAsFileTime
GetDiskFreeSpaceA
GetStringTypeW
SetFileAttributesA
FreeLibrary
MoveFileA
ResumeThread
GetExitCodeProcess
InitializeCriticalSection
LoadResource
SetLocaleInfoA
GlobalHandle
FindClose
TlsGetValue
FormatMessageA
SetFileAttributesW
SetLastError
InterlockedDecrement
CopyFileW
RemoveDirectoryW
GlobalFindAtomA
ExitProcess
FlushFileBuffers
RemoveDirectoryA
FlushViewOfFile
LoadLibraryA
HeapSetInformation
EnumCalendarInfoA
LoadLibraryExA
SetThreadPriority
GetSystemDefaultLCID
LoadLibraryExW
MultiByteToWideChar
GetPrivateProfileStructW
GetPrivateProfileStringW
FindNextChangeNotification
GetModuleHandleA
GetFullPathNameW
CreateSemaphoreA
CreateThread
GetSystemDirectoryW
DeleteCriticalSection
GetExitCodeThread
GlobalAddAtomA
SetUnhandledExceptionFilter
MulDiv
IsProcessorFeaturePresent
ExitThread
MoveFileExA
SetEnvironmentVariableA
TerminateProcess
FindCloseChangeNotification
SearchPathW
GetVersion
SetCurrentDirectoryW
VirtualQuery
SetEndOfFile
GetCurrentThreadId
GetProcAddress
SetCurrentDirectoryA
WriteConsoleW
MoveFileW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
TerminateThread
lstrcmpiA
GetVersionExW
SetEvent
QueryPerformanceCounter
GetTickCount
SetFileApisToANSI
GetVersionExA
lstrcmpiW
RtlUnwind
GlobalSize
TlsAlloc
GetStartupInfoA
GetDateFormatA
GetWindowsDirectoryW
DecodePointer
GetFileSize
LCMapStringW
OpenProcess
CreateDirectoryA
DeleteFileA
GetWindowsDirectoryA
GetStartupInfoW
CreateDirectoryW
DeleteFileW
GetUserDefaultLCID
GetTempFileNameW
CompareStringW
lstrcpyW
GetModuleFileNameW
ExpandEnvironmentStringsW
lstrcmpA
FindFirstFileA
lstrcpyA
InterlockedIncrement
GetProfileStringA
CompareStringA
GetTempFileNameA
CreateFileMappingA
FindNextFileA
lstrcmpW
HeapCreate
WaitForMultipleObjects
GetTempPathW
GetTimeZoneInformation
CreateFileW
CreateEventA
IsDebuggerPresent
GetFileType
TlsSetValue
CreateFileA
HeapAlloc
LeaveCriticalSection
GetLastError
SystemTimeToFileTime
GlobalDeleteAtom
GetShortPathNameW
FindFirstChangeNotificationA
GetSystemInfo
lstrlenA
GlobalFree
GetConsoleCP
HeapReAlloc
FindNextFileW
GetThreadLocale
GetEnvironmentStringsW
GlobalUnlock
GlobalAlloc
GetModuleFileNameA
GetShortPathNameA
CreateProcessW
FileTimeToLocalFileTime
SizeofResource
CompareFileTime
GetCurrentProcessId
LockResource
SetFileTime
lstrlenW
GetCurrentDirectoryA
WinExec
GetCommandLineA
WritePrivateProfileStringW
lstrcpynW
RaiseException
ReleaseSemaphore
MapViewOfFile
TlsFree
SetFilePointer
ReadFile
CloseHandle
GetTimeFormatA
lstrcpynA
GetACP
GlobalLock
GetModuleHandleW
FreeResource
SetStdHandle
CreateProcessA
WideCharToMultiByte
IsValidCodePage
UnmapViewOfFile
OpenSemaphoreA
VirtualFree
Sleep
FindResourceA
VirtualAlloc
GetOEMCP
ResetEvent
Number of PE resources by type
RT_BITMAP 1
JPEG 1
Number of PE resources by language
ENGLISH PHILIPPINES 1
ENGLISH US 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2014:06:11 14:23:04+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
45568

LinkerVersion
9.0

EntryPoint
0x255f

InitializedDataSize
163840

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
0

File identification
MD5 4cbad4bfcf784cfc7f5d99aade4b7cc2
SHA1 66e3d6409e6fc3c3421cedd6c81a7b193d3c12de
SHA256 6bdd9a1a11bd454683c26bfd48b5f81354929140edd5a19ee778a03992c2a23e
ssdeep
3072:Z0NVm8dyuGE1r2B0OvTBotESbfW507T4hbhzLCoQqg06vS:ZANdys2TvuES/7T4Hz+oRg5q

authentihash ed9706e68ee94a698883d4f231d2b432e14029ca6ea043a7ab7ae3f55e9c7922
imphash 8b9ec65729905b5e5a2eb043a4480488
File size 206.0 KB ( 210944 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2014-06-12 05:18:05 UTC ( 4 years, 9 months ago )
Last submission 2014-06-13 18:34:25 UTC ( 4 years, 9 months ago )
File names 283a2edd9ec7f5093ec949a2236946999be859d07d4155bcd7421d87accc2342-1402550284
LXUSiAm.tmp
7.exe
02d0a90b56c3109be8dae1fa3df512edfec357d3
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Created processes
Code injections in the following processes
Opened mutexes
Runtime DLLs
UDP communications