× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 6c8430a236a00ba67e3fdd99284b23f61f699db36d26fabd6a8a75f886280b1d
File name: 6c8430a236a00ba67e3fdd99284b23f61f699db36d26fabd6a8a75f886280b1d
Detection ratio: 17 / 56
Analysis date: 2015-04-14 16:29:20 UTC ( 3 years, 11 months ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Strictor.83447 20150414
ALYac Gen:Variant.Strictor.83447 20150414
Avast Win32:Malware-gen 20150414
BitDefender Gen:Variant.Strictor.83447 20150414
Bkav HW32.Packed.612E 20150414
Emsisoft Gen:Variant.Strictor.83447 (B) 20150414
ESET-NOD32 Win32/Spy.Zbot.ACB 20150414
F-Secure Gen:Variant.Strictor.83447 20150414
Fortinet W32/Zbot.ACB!tr 20150414
GData Gen:Variant.Strictor.83447 20150414
Kaspersky Trojan-Spy.Win32.Zbot.vhyq 20150414
Malwarebytes Trojan.Agent.ED 20150414
eScan Gen:Variant.Strictor.83447 20150414
Panda Trj/Genetic.gen 20150414
Sophos AV Mal/Generic-S 20150414
Tencent Trojan.Win32.YY.Gen.5 20150414
TrendMicro-HouseCall TROJ_GEN.R011B01DE15 20150414
AegisLab 20150414
Yandex 20150414
AhnLab-V3 20150414
Alibaba 20150414
Antiy-AVL 20150414
AVG 20150414
AVware 20150414
Baidu-International 20150414
ByteHero 20150414
CAT-QuickHeal 20150414
ClamAV 20150414
CMC 20150413
Comodo 20150414
Cyren 20150414
DrWeb 20150414
F-Prot 20150414
Ikarus 20150414
Jiangmin 20150413
K7AntiVirus 20150414
K7GW 20150414
Kingsoft 20150414
McAfee 20150414
McAfee-GW-Edition 20150414
Microsoft 20150414
NANO-Antivirus 20150414
Norman 20150414
nProtect 20150414
Qihoo-360 20150414
Rising 20150414
SUPERAntiSpyware 20150414
Symantec 20150414
TheHacker 20150414
TotalDefense 20150414
TrendMicro 20150414
VBA32 20150414
VIPRE 20150414
ViRobot 20150414
Zillya 20150414
Zoner 20150413
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-04-10 13:41:56
Entry Point 0x00002707
Number of sections 4
PE sections
PE imports
ChooseColorA
GetWindowExtEx
SetMapMode
GetWindowOrgEx
FrameRgn
PatBlt
CreateFontA
GetStockObject
TextOutA
SelectObject
DPtoLP
SetBkMode
GetViewportExtEx
GetViewportOrgEx
SetViewportExtEx
Ellipse
CreateSolidBrush
GetSystemTime
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
IsProcessorFeaturePresent
EnterCriticalSection
LCMapStringW
SetHandleCount
LoadLibraryW
GetConsoleCP
GetOEMCP
QueryPerformanceCounter
IsDebuggerPresent
GetTickCount
TlsAlloc
GlobalUnlock
GetEnvironmentStringsW
FlushFileBuffers
GetModuleFileNameA
RtlUnwind
LoadLibraryA
GetStdHandle
DeleteCriticalSection
GetCurrentProcess
GetStartupInfoW
GetConsoleMode
DecodePointer
GetCurrentProcessId
SetLastError
GetModuleHandleW
GetCPInfo
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
HeapSize
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
GetProcessHeap
SetStdHandle
WideCharToMultiByte
GetModuleFileNameW
TlsFree
SetFilePointer
HeapSetInformation
ReadFile
SetUnhandledExceptionFilter
lstrcpyA
CloseHandle
GetSystemTimeAsFileTime
GetACP
HeapReAlloc
GetStringTypeW
GlobalLock
HeapAlloc
TerminateProcess
IsValidCodePage
HeapCreate
WriteFile
CreateFileW
GlobalAlloc
TlsGetValue
Sleep
GetFileType
TlsSetValue
CreateFileA
EncodePointer
GetCurrentThreadId
InterlockedIncrement
ExitProcess
GetFileSize
WriteConsoleW
LeaveCriticalSection
OleSavePictureFile
OleLoadPicture
GetWindowLongA
CreateWindowExA
IsWindow
DefFrameProcA
GetWindowRect
EndPaint
RegisterClassW
BeginPaint
MoveWindow
SendMessageA
GetDlgItem
PostQuitMessage
DefWindowProcA
GetWindow
InsertMenuItemA
ScreenToClient
LoadStringA
DestroyWindow
mmioWrite
mmioCreateChunk
mmioOpenA
mmioClose
GdipDisposeImage
GdipCreateBitmapFromFile
GdiplusStartup
GdipCreateHBITMAPFromBitmap
CreateStreamOnHGlobal
CoCreateInstance
CoUninitialize
CoInitialize
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2015:04:10 14:41:56+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
47104

LinkerVersion
10.0

EntryPoint
0x2707

InitializedDataSize
253952

SubsystemVersion
5.1

ImageVersion
0.0

OSVersion
5.1

UninitializedDataSize
0

File identification
MD5 1d429293fda1eddcb0707a6bf98a13dd
SHA1 ad4e82dff5c5678a643eb6e6d8e9a2928ddaab0a
SHA256 6c8430a236a00ba67e3fdd99284b23f61f699db36d26fabd6a8a75f886280b1d
ssdeep
6144:gKTaCr9PHykEXcGQM/Q1RxMHrXpToBFHjx3MG:BTaCr9KfXrQ5RaLSFHRx

authentihash 8579a1edadbfbc500b3049fe00fc6e6479d7b3fa038825295d4ad0046e06aa05
imphash e638068511f63ec6764aaf14817e0e9e
File size 295.0 KB ( 302080 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe via-tor

VirusTotal metadata
First submission 2015-04-14 16:29:20 UTC ( 3 years, 11 months ago )
Last submission 2015-11-09 22:38:38 UTC ( 3 years, 4 months ago )
Advanced heuristic and reputation engines
TrendMicro-HouseCall
TrendMicro's heuristic engine has flagged this file as: TROJ_GEN.R02KC0DDK15.

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
UDP communications