× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 6c29d54b448b9bfdc7ed4179792934535c963c66021e4e3a8b7251647dd9c55d
File name: 2f2ab4c6fef896370d64e0c5debf4a4c.dec
Detection ratio: 29 / 56
Analysis date: 2015-06-29 18:01:31 UTC ( 3 years, 2 months ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Dyzap.16 20150629
AhnLab-V3 Trojan/Win32.Dyzap 20150629
ALYac Gen:Variant.Dyzap.16 20150629
Antiy-AVL Trojan[Banker]/Win32.Dyre 20150629
Arcabit Trojan.Dyzap.16 20150629
Avast Win32:Injector-CPV [Trj] 20150629
Avira (no cloud) W32/Etap 20150629
BitDefender Gen:Variant.Dyzap.16 20150629
Comodo TrojWare.Win32.PWS.Dyzap.MY 20150629
Cyren W32/Dropper.gen8!Maximus 20150629
DrWeb MULDROP.Trojan 20150629
Emsisoft Gen:Variant.Dyzap.16 (B) 20150629
ESET-NOD32 a variant of Win32/Exploit.CVE-2013-3660.P 20150629
F-Prot W32/Dropper.gen8!Maximus 20150629
F-Secure Gen:Variant.Dyzap.16 20150629
GData Gen:Variant.Dyzap.16 20150629
Ikarus Trojan.Inject 20150629
K7AntiVirus Exploit ( 004c61c11 ) 20150629
K7GW Exploit ( 004c61c11 ) 20150629
Kaspersky Trojan-Banker.Win32.Dyre.rs 20150629
Malwarebytes Spyware.Dyre 20150629
McAfee-GW-Edition BehavesLike.Win32.CryptDoma.hc 20150629
eScan Gen:Variant.Dyzap.16 20150629
Panda Trj/Genetic.gen 20150629
Sophos AV Troj/UACMe-A 20150629
TrendMicro Cryp_Xin2 20150629
TrendMicro-HouseCall Cryp_Xin2 20150629
VBA32 suspected of Trojan.Downloader.gen.h 20150629
Zillya Trojan.Dyre.Win32.203 20150629
AegisLab 20150629
Yandex 20150628
Alibaba 20150629
AVG 20150629
AVware 20150629
Baidu-International 20150629
Bkav 20150629
ByteHero 20150629
CAT-QuickHeal 20150629
ClamAV 20150629
Fortinet 20150629
Jiangmin 20150626
Kingsoft 20150629
McAfee 20150629
Microsoft 20150629
NANO-Antivirus 20150629
nProtect 20150629
Qihoo-360 20150629
Rising 20150628
SUPERAntiSpyware 20150629
Symantec 20150629
Tencent 20150629
TheHacker 20150626
TotalDefense 20150629
VIPRE 20150629
ViRobot 20150629
Zoner 20150629
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-06-29 08:21:14
Entry Point 0x0000153D
Number of sections 5
PE sections
PE imports
GetTokenInformation
GetSidSubAuthorityCount
LookupPrivilegeValueA
GetSidSubAuthority
RegCloseKey
OpenProcessToken
AdjustTokenPrivileges
FreeSid
RegQueryValueExA
AllocateAndInitializeSid
RegEnumKeyA
RegSetValueExA
EqualSid
RegOpenKeyExA
CreateToolhelp32Snapshot
GetLastError
HeapFree
OpenProcess
GetSystemInfo
lstrcpynA
GetModuleFileNameW
ExitProcess
FlushFileBuffers
GetVersionExA
GetModuleFileNameA
LoadLibraryA
Process32Next
Process32NextW
HeapAlloc
GetCurrentProcess
SizeofResource
lstrlenA
LocalAlloc
Process32First
LockResource
CreateDirectoryA
DeleteFileA
DeleteFileW
lstrcatW
TerminateThread
Process32FirstW
GetProcessHeap
SetFilePointer
GetTempPathA
lstrcmpiA
CreateThread
GetFileAttributesA
GetModuleHandleA
lstrcmpA
lstrcatA
lstrcpyA
CloseHandle
GetComputerNameA
ExpandEnvironmentStringsA
LocalFree
TerminateProcess
CreateProcessA
lstrcmpiW
GetEnvironmentVariableA
LoadResource
WriteFile
Sleep
CreateFileA
GetTickCount
FindResourceA
GetCurrentProcessId
GetProcAddress
ShellExecuteExA
ShellExecuteExW
PathRemoveArgsA
PathRemoveFileSpecW
PathRemoveFileSpecA
PathGetArgsA
GetWindowLongA
RemovePropA
CreatePopupMenu
wsprintfA
SetPropA
GetMenuItemRect
RegisterClassExW
EnumWindows
DefWindowProcW
SendMessageA
EnableScrollBar
GetClassNameA
GetDlgItem
CreateWindowExW
wvsprintfA
SwitchToThisWindow
GetClientRect
GetPropA
SetActiveWindow
DestroyWindow
IsThemeActive
InternetConnectA
HttpOpenRequestA
HttpSendRequestA
InternetCloseHandle
InternetOpenA
ZwQueryInformationProcess
_chkstk
strcat
RtlAdjustPrivilege
strcpy
Number of PE resources by type
RT_RCDATA 1
Number of PE resources by language
ENGLISH US 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2015:06:29 09:21:14+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
31232

LinkerVersion
10.0

FileTypeExtension
exe

InitializedDataSize
510464

SubsystemVersion
5.1

EntryPoint
0x153d

OSVersion
5.1

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 74bb865665fdcad2c787959bc8273192
SHA1 65cf6c84ed21fc7eab7a3e813ee0423cdbdd2448
SHA256 6c29d54b448b9bfdc7ed4179792934535c963c66021e4e3a8b7251647dd9c55d
ssdeep
6144:e61UVMWcW3bbT7fZ0BQ3assxgZXuG7TBeXUqIViO8+vNR0/3sIpqIJtKLW3vUKG:e1RkQ3assOxfBoIVaX/3sIwIJ4L

authentihash ee1aa349a6089cdc9ab191cdfc2bf99c4e70e865c5d81ddad7664d5c134d4297
imphash 83168b499d80fb368e900be11cb60fbc
File size 530.0 KB ( 542720 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (52.5%)
Windows screen saver (22.0%)
Win32 Dynamic Link Library (generic) (11.0%)
Win32 Executable (generic) (7.5%)
Generic Win/DOS Executable (3.3%)
Tags
peexe cve-2013-3660 exploit

VirusTotal metadata
First submission 2015-06-29 18:01:31 UTC ( 3 years, 2 months ago )
Last submission 2015-06-29 18:01:31 UTC ( 3 years, 2 months ago )
File names 2f2ab4c6fef896370d64e0c5debf4a4c.dec
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
TCP connections