× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 6c0893a5477d185813e588b5bf816005d124065bfbbd4f8a6b37f1b211039c79
File name: taxanom.exe
Detection ratio: 3 / 55
Analysis date: 2015-12-01 11:22:27 UTC ( 3 years, 3 months ago ) View latest
Antivirus Result Update
Bkav HW32.Packed.20F9 20151130
McAfee-GW-Edition BehavesLike.Win32.PWSZbot.cc 20151201
Qihoo-360 HEUR/QVM07.1.Malware.Gen 20151201
Ad-Aware 20151130
AegisLab 20151201
Yandex 20151130
AhnLab-V3 20151130
Alibaba 20151201
ALYac 20151201
Antiy-AVL 20151201
Arcabit 20151201
Avast 20151201
AVG 20151130
Avira (no cloud) 20151201
AVware 20151201
Baidu-International 20151201
BitDefender 20151201
ByteHero 20151201
CAT-QuickHeal 20151201
ClamAV 20151201
CMC 20151201
Comodo 20151201
Cyren 20151201
DrWeb 20151201
Emsisoft 20151201
ESET-NOD32 20151201
F-Prot 20151201
F-Secure 20151201
Fortinet 20151201
GData 20151201
Ikarus 20151201
Jiangmin 20151130
K7AntiVirus 20151201
K7GW 20151201
Kaspersky 20151201
Malwarebytes 20151201
McAfee 20151201
Microsoft 20151201
eScan 20151201
NANO-Antivirus 20151201
nProtect 20151201
Panda 20151130
Rising 20151129
Sophos AV 20151201
SUPERAntiSpyware 20151201
Symantec 20151130
Tencent 20151201
TheHacker 20151127
TrendMicro 20151201
TrendMicro-HouseCall 20151201
VBA32 20151130
VIPRE 20151201
ViRobot 20151201
Zillya 20151201
Zoner 20151201
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-11-27 13:25:01
Entry Point 0x00004176
Number of sections 3
PE sections
PE imports
RegEnumKeyW
TranslateCharsetInfo
CreateBitmap
CreatePalette
GetTextMetricsA
Polyline
CreateFontW
Rectangle
GetSystemTime
HeapFree
GetStdHandle
GlobalFree
GlobalUnlock
GetModuleFileNameA
FreeEnvironmentStringsA
GetStartupInfoA
HeapSize
CloseHandle
GetModuleHandleA
GetCurrentProcess
CompareStringA
GetSystemTimeAsFileTime
FindNextFileA
GetACP
HeapReAlloc
GetTimeZoneInformation
HeapCreate
CreateFileA
VirtualAlloc
MulDiv
Ord(1775)
Ord(4080)
Ord(537)
Ord(4710)
Ord(3597)
Ord(3136)
Ord(6375)
Ord(755)
Ord(3798)
Ord(2621)
Ord(3259)
Ord(5290)
Ord(2446)
Ord(815)
Ord(922)
Ord(641)
Ord(3716)
Ord(2514)
Ord(4425)
Ord(5277)
Ord(567)
Ord(1134)
Ord(4465)
Ord(2863)
Ord(5300)
Ord(6111)
Ord(4627)
Ord(1168)
Ord(3738)
Ord(4853)
Ord(2982)
Ord(4234)
Ord(825)
Ord(3081)
Ord(5199)
Ord(5307)
Ord(4441)
Ord(4424)
Ord(540)
Ord(4078)
Ord(2554)
Ord(6376)
Ord(1727)
Ord(1776)
Ord(2379)
Ord(2725)
Ord(4998)
Ord(800)
Ord(3749)
Ord(4694)
Ord(2512)
Ord(470)
Ord(4274)
Ord(5261)
Ord(4079)
Ord(1146)
Ord(3147)
Ord(2124)
Ord(6052)
Ord(3262)
Ord(1576)
Ord(4353)
Ord(5065)
Ord(4407)
Ord(6877)
Ord(858)
Ord(2396)
Ord(3831)
Ord(6374)
Ord(5280)
Ord(3825)
Ord(2976)
Ord(1089)
Ord(2985)
Ord(3922)
Ord(3346)
Ord(4160)
Ord(4376)
Ord(3402)
Ord(324)
Ord(3830)
Ord(790)
Ord(2385)
Ord(4278)
Ord(3079)
Ord(2055)
Ord(4837)
Ord(5241)
Ord(2648)
Ord(5714)
Ord(5289)
Ord(4622)
Ord(561)
Ord(2302)
Ord(4486)
Ord(4698)
Ord(5163)
Ord(6055)
Ord(5265)
Ord(4673)
Ord(5302)
Ord(5731)
_except_handler3
__p__fmode
strtol
_acmdln
_adjust_fdiv
__CxxFrameHandler
_setmbcp
__p__commode
__setusermatherr
__dllonexit
_onexit
exit
_XcptFilter
__getmainargs
_initterm
_controlfp
_exit
__set_app_type
GetMessageW
MessageBeep
SetClassLongA
GetClipboardData
GetSystemMetrics
AppendMenuA
DispatchMessageA
EnableWindow
PostMessageA
DrawIcon
GetSysColor
CreateDialogParamW
SetClipboardData
SendMessageA
GetClientRect
IsIconic
SetTimer
LoadIconA
FlashWindow
GetSystemMenu
InsertMenuW
IsDialogMessageA
waveOutSetVolume
waveOutGetVolume
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

SubsystemVersion
4.0

MachineType
Intel 386 or later, and compatibles

TimeStamp
2015:11:27 14:25:01+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
0

LinkerVersion
6.0

FileTypeExtension
exe

InitializedDataSize
163840

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

EntryPoint
0x4176

OSVersion
4.0

ImageVersion
0.0

UninitializedDataSize
0

CarbonBlack CarbonBlack acts as a surveillance camera for computers
While monitoring an end-user machine in-the-wild, CarbonBlack noticed the following files in execution wrote this sample to disk.
Compressed bundles
PCAP parents
File identification
MD5 e590d72e4a7a26aefcf4aa2b438dbb64
SHA1 9b00e41f9ae5237f1f4bc1bef320f7f0954f962b
SHA256 6c0893a5477d185813e588b5bf816005d124065bfbbd4f8a6b37f1b211039c79
ssdeep
3072:zywAaSRzZHyvgzkSkGMq2rVPJ/IGVcO07TMY36KvimzJbUr:5AaSRzZSv4k6MbrVP60cR7TR0

authentihash 5206abd157200e8b93e40ff990413bcc629ef147f9448158c4daaaef133d20ca
imphash 6ea6d662b0c85bb90092b53e30d743b5
File size 164.0 KB ( 167936 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2015-12-01 09:55:17 UTC ( 3 years, 3 months ago )
Last submission 2016-12-16 01:34:08 UTC ( 2 years, 3 months ago )
File names dwhcc70.tmp
dwh9963.tmp
dwhe94b.tmp
dwhfd48.tmp
dwh2a7f.tmp
dwhf5cd.tmp
dwhd3b3.tmp
dwh2582.tmp
dwh2072.tmp
dwh1a86.tmp
dwhad41.tmp
dwhcc8c.tmp
dwh4376.tmp
dwh7dd7.tmp
dwh5e7b.tmp
dwha3ac.tmp
dwhda49.tmp
dwh55dc.tmp
dwhcdde.tmp
dwhcb4a.tmp
dwh1be8.tmp
dwhb76b.tmp
dwh39a0.tmp
dwhf43a.tmp
dwhf3d0.tmp
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Code injections in the following processes
Opened mutexes
Runtime DLLs