× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 6c6ec718bf72e24620fd8e58302c802b7b69e8685ff4f3de703cd4106fd5e0a3
File name: inst.exe
Detection ratio: 34 / 56
Analysis date: 2016-08-24 09:02:36 UTC ( 2 years, 6 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.3485490 20160824
AegisLab Heur.Advml.Gen!c 20160824
AhnLab-V3 Trojan/Win32.Bublik.N2086800923 20160824
ALYac Trojan.GenericKD.3485490 20160824
Antiy-AVL Trojan/Win32.Bublik 20160824
Arcabit Trojan.Generic.D352F32 20160824
Avast Win32:Malware-gen 20160824
AVG Generic_s.JIQ 20160824
Avira (no cloud) TR/AD.Nivdort.dprl 20160824
AVware Trojan.Win32.Generic!BT 20160824
Baidu Win32.Trojan.WisdomEyes.151026.9950.9976 20160824
BitDefender Trojan.GenericKD.3485490 20160824
Bkav HW32.Packed.A970 20160823
Cyren W32/Vawtrak.HODF-0504 20160824
Emsisoft Trojan.GenericKD.3485490 (B) 20160824
ESET-NOD32 Win32/PSW.Papras.EJ 20160824
F-Prot W32/Vawtrak.AU 20160824
F-Secure Trojan.GenericKD.3485490 20160824
Fortinet W32/Kryptik.FEYA!tr 20160824
GData Trojan.GenericKD.3485490 20160824
Ikarus Trojan.Win32.PSW 20160823
K7AntiVirus Password-Stealer ( 004cd4f51 ) 20160824
K7GW Password-Stealer ( 004cd4f51 ) 20160824
Kaspersky Trojan.Win32.Bublik.eqfq 20160823
Malwarebytes Trojan.Crypt 20160824
McAfee RDN/Generic PWS.y 20160824
McAfee-GW-Edition BehavesLike.Win32.Expiro.dc 20160824
Microsoft Backdoor:Win32/Vawtrak.E 20160824
eScan Trojan.GenericKD.3485490 20160824
Panda Trj/CI.A 20160823
Rising Malware.Generic!TJIFFq6JGAI@2 (Thunder) 20160824
Sophos AV Troj/Agent-ATHH 20160824
Symantec Trojan.Snifula.F 20160824
VIPRE Trojan.Win32.Generic!BT 20160824
Alibaba 20160824
CAT-QuickHeal 20160824
ClamAV 20160824
CMC 20160824
Comodo 20160823
DrWeb 20160824
Jiangmin 20160824
Kingsoft 20160824
NANO-Antivirus 20160824
nProtect 20160824
Qihoo-360 20160824
SUPERAntiSpyware 20160823
Tencent 20160824
TheHacker 20160824
TotalDefense 20160824
TrendMicro 20160824
TrendMicro-HouseCall 20160824
VBA32 20160823
ViRobot 20160824
Yandex 20160823
Zillya 20160820
Zoner 20160824
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (c) SEIKO EPSON CORPORATION 2003-2004. All rights reserved.

Product EPSON Printer Driver
Original name ep0lvr1w.dll
Internal name ep0lvr1w.dll
File version 6.1.6914.0 (fbl_dox_dev_ihvs.081001-2123)
Description EPSON Printer Driver
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-09-21 07:02:43
Entry Point 0x00002785
Number of sections 6
PE sections
PE imports
GetStockObject
CreateToolhelp32Snapshot
GetSystemTime
GetLastError
GetTempFileNameA
GetShortPathNameW
CopyFileExA
TerminateThread
LoadLibraryW
FreeLibrary
CreateTimerQueue
GetTimeFormatW
GetSystemWindowsDirectoryW
VirtualProtect
GetVersionExA
LoadLibraryA
GetDevicePowerState
CreateNamedPipeA
FoldStringA
GetCurrentProcess
GetVolumeInformationA
CommConfigDialogW
GetCurrentProcessId
AddAtomA
DebugActiveProcessStop
GetCalendarInfoW
GetSystemDefaultLCID
GetStartupInfoW
FoldStringW
GetFileInformationByHandle
DeleteFileW
CopyFileExW
GetCurrentThread
GetFileTime
CompareStringW
RaiseException
WideCharToMultiByte
GetSystemDirectoryW
MoveFileExW
lstrcmpA
GetDiskFreeSpaceW
DelayLoadFailureHook
InterlockedExchange
GetTempPathW
CloseHandle
GetComputerNameExW
LocalAlloc
GetProcAddress
MoveFileA
GlobalMemoryStatus
CreateProcessW
AllocConsole
CreateJobObjectW
DeleteVolumeMountPointW
DebugBreak
GetVersion
CloseConsoleHandle
GetNumberFormatW
acmStreamClose
acmFormatEnumW
acmFilterTagDetailsA
acmMetrics
acmStreamConvert
acmFilterTagDetailsW
acmDriverMessage
acmDriverEnum
acmStreamUnprepareHeader
acmDriverClose
acmStreamMessage
acmFormatTagEnumW
acmDriverAddW
acmDriverDetailsW
acmStreamPrepareHeader
acmFormatChooseA
acmStreamOpen
acmDriverDetailsA
acmDriverAddA
acmFilterEnumA
acmGetVersion
acmDriverRemove
acmFormatEnumA
acmFormatSuggest
acmFilterChooseA
acmDriverOpen
GetForegroundWindow
GetInputState
FindWindowA
InflateRect
IsWindowEnabled
GetWindow
GetMenu
GetQueueStatus
GetWindowModuleFileNameW
RegisterClassA
GetMenuItemCount
GetWindowLongA
GetWindowTextLengthA
LoadIconA
GetActiveWindow
GetTopWindow
CopyRect
GetDesktopWindow
LoadCursorW
GetFocus
GetWindowRgnBox
IsChild
ScriptGetFontProperties
ScriptApplyDigitSubstitution
ScriptGetLogicalWidths
ScriptBreak
ScriptString_pcOutChars
ScriptStringFree
ScriptItemize
ScriptStringOut
ScriptString_pSize
ScriptStringXtoCP
ScriptTextOut
ScriptCacheGetHeight
ScriptShape
ScriptLayout
ScriptStringValidate
ScriptStringAnalyse
ScriptGetProperties
Number of PE resources by type
Struct(100) 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 2
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
6.0

InitializedDataSize
217088

ImageVersion
0.0

ProductName
EPSON Printer Driver

FileVersionNumber
6.1.6914.0

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

LinkerVersion
11.0

FileTypeExtension
exe

OriginalFileName
ep0lvr1w.dll

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
6.1.6914.0 (fbl_dox_dev_ihvs.081001-2123)

TimeStamp
2014:09:21 08:02:43+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
ep0lvr1w.dll

ProductVersion
6.1.6914.0

FileDescription
EPSON Printer Driver

OSVersion
6.0

FileOS
Windows NT 32-bit

LegalCopyright
Copyright (c) SEIKO EPSON CORPORATION 2003-2004. All rights reserved.

MachineType
Intel 386 or later, and compatibles

CompanyName
SEIKO EPSON CORPORATION

CodeSize
77824

FileSubtype
1

ProductVersionNumber
6.1.6914.0

EntryPoint
0x2785

ObjectFileType
Driver

File identification
MD5 feb0791b2a7964782798ebdc2ed6ec5d
SHA1 19292ca3a6dd1fc616d03582a010d1f8cea2f8b8
SHA256 6c6ec718bf72e24620fd8e58302c802b7b69e8685ff4f3de703cd4106fd5e0a3
ssdeep
6144:We4iuyt+HEPm5qH3aA//UhYmHcygEAhyF+vK9j:Wxi5tGtA//upR

authentihash 12879d4e581157696b2c396a304b04302b541fb85667fe924a9652a1bfe2a3c9
imphash 77bfde9ea390bc7d6f8b418aeea15379
File size 240.0 KB ( 245760 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.3%)
Win32 Executable (generic) (26.2%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2016-08-22 16:51:29 UTC ( 2 years, 7 months ago )
Last submission 2016-09-24 01:08:12 UTC ( 2 years, 5 months ago )
File names hobxot.exe
inst.exe
ep0lvr1w.dll
BNFFD1.tmp
VirusShare_feb0791b2a7964782798ebdc2ed6ec5d
ZebLubt.exe
5Ea1X.sys
aa
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
DNS requests
UDP communications