× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 6c939350ffdcd92bbe010ebc9c4fd4f3984017dce3de5ec844608bddb2633f93
File name: drugvokrug-win-znaemsoft-ru.exe
Detection ratio: 28 / 54
Analysis date: 2014-11-07 08:26:17 UTC ( 3 years, 9 months ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Kazy.488291 20141107
AhnLab-V3 PUP/Win32.LoadMoney 20141107
Avast Win32:LoadMoney-JU [PUP] 20141107
AVG Win32/Cryptor 20141107
Avira (no cloud) APPL/Downloader.Gen7 20141107
AVware Trojan.Win32.Generic.pak!cobra 20141107
BitDefender Gen:Variant.Kazy.488291 20141107
Bkav HW32.Packed.4E8F 20141106
ClamAV Win.Trojan.Agent-810509 20141106
Comodo Application.Win32.LoadMoney.LST 20141107
Cyren W32/Threat-SysVenFak-based!Maxi 20141107
DrWeb Trojan.LoadMoney.336 20141107
Emsisoft Gen:Variant.Kazy.488291 (B) 20141107
ESET-NOD32 Win32/Adware.LoadMoney.ZH 20141107
F-Prot W32/SysVenFak.A.gen!Eldorado 20141107
F-Secure Gen:Variant.Kazy.488291 20141107
GData Gen:Variant.Kazy.488291 20141107
K7AntiVirus Trojan ( 7000000f1 ) 20141106
K7GW Trojan ( 7000000f1 ) 20141107
Kaspersky not-a-virus:Downloader.Win32.Plocust.mvxq 20141107
Malwarebytes Trojan.Agent.ED 20141107
McAfee Packed-CQ 20141107
McAfee-GW-Edition BehavesLike.Win32.CryptVittalia.gh 20141107
Norman Kryptik.CDIC 20141107
Qihoo-360 Malware.QVM20.Gen 20141107
Rising PE:Malware.XPACK-HIE/Heur!1.9C48 20141106
VBA32 Malware-Cryptor.Limpopo 20141106
VIPRE Trojan.Win32.Generic.pak!cobra 20141107
AegisLab 20141107
Yandex 20141106
Antiy-AVL 20141107
Baidu-International 20141106
ByteHero 20141107
CAT-QuickHeal 20141107
CMC 20141107
Fortinet 20141107
Ikarus 20141107
Jiangmin 20141106
Kingsoft 20141107
Microsoft 20141107
eScan 20141105
NANO-Antivirus 20141107
nProtect 20141107
Sophos AV 20141107
SUPERAntiSpyware 20141107
Symantec 20141107
Tencent 20141107
TheHacker 20141104
TotalDefense 20141106
TrendMicro 20141107
TrendMicro-HouseCall 20141107
ViRobot 20141107
Zillya 20141105
Zoner 20141104
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (C) Microsoft Corp, 2004

Publisher Microsoft Corporation
Product Windows Movie Maker
Original name MOVIEMK2.EXE
Internal name MOVIEMK2
File version 2, 1, 4026, 0
Description Windows Movie Maker
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1992-06-19 22:22:17
Entry Point 0x00001663
Number of sections 6
PE sections
PE imports
GetPrivateProfileSectionNamesW
CreateTapePartition
LZInit
SetThreadPriorityBoost
GetHandleInformation
ScrollConsoleScreenBufferW
GetVolumePathNamesForVolumeNameW
FreeEnvironmentStringsA
CommConfigDialogW
GetLocaleInfoA
LocalAlloc
SetTimeZoneInformation
lstrcat
OpenFileMappingA
FreeEnvironmentStringsW
GetTapePosition
GetLocaleInfoW
GetConsoleSelectionInfo
GetCommModemStatus
FoldStringW
GetCPInfo
GetStringTypeA
WritePrivateProfileStructA
lstrcpy
GetSystemTimeAsFileTime
EnumResourceLanguagesA
GlobalMemoryStatusEx
GetDiskFreeSpaceA
FindActCtxSectionStringW
EnumDateFormatsW
lstrcmp
LocalFree
GetProfileIntW
IsWow64Process
InitAtomTable
GetLogicalDriveStringsA
FatalExit
AllocConsole
InterlockedDecrement
FindFirstVolumeMountPointA
SetLastError
GetExpandedNameA
PeekNamedPipe
ReadConsoleInputA
GlobalFindAtomW
lstrcpynW
UpdateResourceW
GetModuleFileNameW
CopyFileA
HeapAlloc
ReadConsoleInputW
GetConsoleHardwareState
VerLanguageNameW
GetModuleFileNameA
LockFileEx
Heap32First
InvalidateConsoleDIBits
OpenWaitableTimerW
MultiByteToWideChar
EnumCalendarInfoW
SetFilePointerEx
DeleteTimerQueueTimer
GetProfileSectionA
InterlockedExchangeAdd
LocalFlags
SetNamedPipeHandleState
MulDiv
GetFileInformationByHandle
SetEnvironmentVariableA
SetThreadContext
SearchPathW
ReadConsoleOutputW
GetCurrentConsoleFont
GetConsoleMode
ChangeTimerQueueTimer
BackupSeek
GetVersion
ReadConsoleOutputA
SetHandleCount
GetConsoleKeyboardLayoutNameW
lstrcmpiA
RequestDeviceWakeup
GetOEMCP
DisableThreadLibraryCalls
GetCommMask
LZOpenFileW
RtlUnwind
WriteConsoleInputW
GetStartupInfoA
AddAtomA
SetProcessPriorityBoost
WriteFileGather
LoadModule
GetNamedPipeHandleStateW
CreateFileMappingW
AssignProcessToJobObject
lstrcpyW
GetFileSizeEx
LZCopy
GetProfileStringA
CompareStringA
FindNextFileA
FindFirstFileExW
EnumDateFormatsExW
lstrcmpi
FindFirstVolumeA
OpenJobObjectW
SetCommState
QueryDosDeviceA
TlsSetValue
LocalUnlock
CreateProcessInternalW
OpenJobObjectA
BuildCommDCBA
DefineDosDeviceW
AttachConsole
SystemTimeToFileTime
GetShortPathNameW
FindFirstChangeNotificationA
lstrlenA
GetTapeStatus
CompareStringW
HeapCompact
CancelWaitableTimer
GetCPInfoExW
GetEnvironmentStrings
CopyFileExA
GetCurrentDirectoryA
EnumTimeFormatsA
GetCurrentActCtx
GetCommandLineA
EnumCalendarInfoExW
EnumResourceTypesA
GetSystemDefaultLangID
Heap32ListNext
TlsFree
GetGeoInfoA
SetComputerNameW
PeekConsoleInputA
ReadConsoleOutputCharacterA
CreateConsoleScreenBuffer
SetThreadExecutionState
FindResourceA
WriteConsoleOutputCharacterW
IsValidCodePage
OpenSemaphoreA
IsBadReadPtr
GetFileAttributesExA
GetDefaultCommConfigA
ChangeDisplaySettingsW
GetMessagePos
SetWindowRgn
UnregisterHotKey
LoadBitmapW
EnumWindowStationsA
SetSystemCursor
PostQuitMessage
GetWindowContextHelpId
GetClipboardViewer
OpenIcon
CharUpperBuffA
OemToCharBuffW
AppendMenuW
GetInputDesktop
CharUpperBuffW
GetWindowDC
CallNextHookEx
GetWindowWord
GetAsyncKeyState
MapDialogRect
ChildWindowFromPoint
AdjustWindowRectEx
GetMenu
DlgDirSelectExA
AnyPopup
SendMessageA
GetClassInfoW
DrawTextW
CharPrevExA
EnumDisplaySettingsA
LoadAcceleratorsA
GetWindowTextLengthA
GetTopWindow
RegisterHotKey
GetUpdateRgn
MapVirtualKeyExW
SendMessageCallbackW
GetMenuItemRect
CreateCursor
LoadAcceleratorsW
GetMenuItemInfoA
InvalidateRgn
GetMenuContextHelpId
UpdateWindow
SetWindowsHookW
CallMsgFilterA
GetClassInfoExA
ShowWindow
DrawFrameControl
CharToOemBuffA
SetInternalWindowPos
ValidateRgn
PeekMessageW
SetWindowPlacement
PeekMessageA
SetProgmanWindow
GetKeyNameTextA
SetThreadDesktop
SetCursorContents
GetMenuBarInfo
SetParent
SetClipboardData
OpenDesktopW
IsCharLowerA
LoadStringW
DrawMenuBar
IsCharLowerW
IsIconic
BroadcastSystemMessageExA
TabbedTextOutA
GetWindowLongA
SetTimer
GetKeyboardLayout
EnumThreadWindows
DlgDirListW
GetDialogBaseUnits
RealChildWindowFromPoint
GetWindowLongW
CreateIconIndirect
GetWindowInfo
CharToOemA
IsChild
GetInternalWindowPos
SetFocus
GetKeyboardLayoutNameA
BeginPaint
OffsetRect
DefWindowProcW
SetLastErrorEx
GetKeyboardLayoutNameW
TrackMouseEvent
GetComboBoxInfo
ArrangeIconicWindows
SetDebugErrorLevel
SetScrollRange
GetCursorInfo
ReleaseCapture
EnumDesktopsA
IsMenu
IsGUIThread
RegisterDeviceNotificationW
RealGetWindowClassA
SendDlgItemMessageW
PostMessageW
GetKeyNameTextW
SwapMouseButton
DrawCaption
SetWindowTextA
GetRawInputDeviceInfoW
ChildWindowFromPointEx
UnlockWindowStation
GetLastActivePopup
GetMessageTime
SetWindowTextW
CreateMenu
CharLowerBuffW
UnloadKeyboardLayout
GetSystemMenu
ScreenToClient
GetProcessWindowStation
ChangeMenuA
CreateDialogIndirectParamA
FindWindowExA
LoadCursorA
LoadIconA
TrackPopupMenu
GetMenuItemCount
DrawCaptionTempA
TileChildWindows
CheckDlgButton
SetWindowsHookExW
LoadIconW
DrawCaptionTempW
OpenClipboard
EmptyClipboard
GetCaretBlinkTime
GetScrollBarInfo
DrawTextA
SetLayeredWindowAttributes
SendInput
GetCapture
EndTask
GetPropW
PrivateExtractIconsA
LoadMenuW
CheckMenuItem
wvsprintfW
ShowScrollBar
ScrollChildren
RegisterClassExW
MessageBoxIndirectA
DialogBoxParamW
MessageBoxA
ChangeMenuW
CascadeChildWindows
PrivateExtractIconExW
SetUserObjectInformationW
SendMessageTimeoutW
MessageBoxIndirectW
GetTitleBarInfo
CopyImage
GetWindowThreadProcessId
MenuItemFromPoint
GetWindowModuleFileNameA
RealGetWindowClassW
GetAltTabInfoA
OemKeyScan
IsCharAlphaW
SetCursorPos
GetGUIThreadInfo
UnionRect
DeleteMenu
InvalidateRect
AnimateWindow
DefFrameProcA
ModifyMenuA
GetClassNameW
DefDlgProcA
AdjustWindowRect
CallWindowProcA
GetCursor
GetFocus
EnumPropsW
MenuWindowProcA
TranslateAcceleratorW
GetAncestor
SetCursor
LoadLibraryA
VirtualQuery
LocalAlloc
GetStringTypeExW
OleCreateFromData
CoMarshalInterThreadInterfaceInStream
ReadOleStg
CoGetApartmentID
CoEnableCallCancellation
CoGetCallerTID
IsEqualGUID
HICON_UserMarshal
CoRegisterSurrogate
UtGetDvtd32Info
CoCreateGuid
CoRegisterMallocSpy
OleCreateLinkFromData
OleCreateFromFile
HPALETTE_UserSize
OleDoAutoConvert
CoRegisterMessageFilter
ComPs_NdrDllCanUnloadNow
HBRUSH_UserSize
CoRegisterChannelHook
CoDeactivateObject
HENHMETAFILE_UserUnmarshal
OleRegGetUserType
OleInitialize
HACCEL_UserMarshal
CoLockObjectExternal
OleRegEnumVerbs
HBITMAP_UserUnmarshal
PropVariantCopy
CoTestCancel
SetErrorInfo
HMENU_UserMarshal
StgIsStorageFile
StgCreateDocfileOnILockBytes
OleFlushClipboard
CoRevokeClassObject
CoGetCurrentLogicalThreadId
CoFreeAllLibraries
CoGetObject
CoGetMalloc
CoQueryReleaseObject
CoReleaseServerProcess
CoBuildVersion
StrCmpNIW
SHChangeNotify
SHUpdateRecycleBinIcon
SHFileOperation
RealShellExecuteA
SHInvokePrinterCommandW
SHGetIconOverlayIndexA
SheChangeDirExW
SHGetPathFromIDListW
StrChrA
SHGetFileInfoW
Control_RunDLLW
OpenAs_RunDLLW
DragQueryFile
SHGetFolderPathAndSubDirW
DragQueryFileAorW
Options_RunDLLW
SHGetFolderPathW
SHGetDataFromIDListW
RealShellExecuteExW
DragFinish
SHGetFileInfo
StrNCmpIW
ShellExecuteW
SHGetSettings
SHGetNewLinkInfo
SHGetFolderPathA
Control_RunDLL
Shell_NotifyIcon
GetAsyncKeyState
InsertMenuA
GetAltTabInfoA
AllowForegroundActivation
CharUpperBuffA
ExitWindowsEx
SetWindowTextW
IsCharUpperW
SetParent
OpenWindowStationA
GetWindowWord
PlayGdiScriptOnPrinterIC
SetFormW
SetPrinterA
ADVANCEDSETUPDIALOG
ReadPrinter
AddJobA
GetSpoolFileHandle
WritePrinter
FindClosePrinterChangeNotification
AddJobW
FindNextPrinterChangeNotification
DevQueryPrint
EnumPrinterDriversW
DeletePrinterDataExA
ClosePrinter
DeletePrinterConnectionW
SetPortA
AddPrintProcessorA
EnumPrinterDataExW
DeletePrintProvidorA
DeletePrinterDriverW
DevicePropertySheets
DevQueryPrintEx
EnumMonitorsA
AbortPrinter
PerfOpen
AddPortExA
StartDocDlgA
AdvancedDocumentPropertiesA
AddFormW
PrinterMessageBoxA
WSADuplicateSocketA
WSASendTo
WSCUpdateProvider
WSASendDisconnect
WSARecv
accept
WSACreateEvent
WSCInstallNameSpace
WSAInstallServiceClassW
WPUCompleteOverlappedRequest
WSCInstallProvider
WSAAddressToStringA
getservbyport
select
WSAJoinLeaf
WSAAccept
closesocket
inet_addr
WSAWaitForMultipleEvents
WSAAsyncGetProtoByName
WSAGetLastError
WSALookupServiceEnd
WSASetServiceW
WSAAsyncGetHostByAddr
listen
WSANtohl
WSCUnInstallNameSpace
WSAUnhookBlockingHook
WSAAsyncSelect
WSAGetOverlappedResult
gethostbyname
socket
WSARemoveServiceClass
gethostname
inet_ntoa
WSCWriteNameSpaceOrder
recv
WSANtohs
WSASetEvent
WSACancelBlockingCall
WSAResetEvent
bind
WSAIsBlocking
WSCEnumProtocols
WTSVirtualChannelPurgeInput
WTSEnumerateSessionsA
WTSTerminateProcess
WTSVirtualChannelClose
WTSVirtualChannelPurgeOutput
WTSCloseServer
WTSEnumerateSessionsW
WTSDisconnectSession
WTSShutdownSystem
WTSLogoffSession
WTSWaitSystemEvent
WTSSetUserConfigA
WTSUnRegisterSessionNotification
WTSOpenServerA
WTSFreeMemory
WTSSetSessionInformationW
WTSOpenServerW
WTSEnumerateServersW
WTSQueryUserConfigW
WTSQuerySessionInformationA
WTSVirtualChannelWrite
WTSVirtualChannelRead
WTSQuerySessionInformationW
WTSQueryUserConfigA
WTSVirtualChannelQuery
WTSEnumerateServersA
Number of PE resources by type
RT_ICON 3
RT_RCDATA 2
RT_GROUP_ICON 1
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
NEUTRAL 6
ENGLISH US 2
PE resources
ExifTool file metadata
SubsystemVersion
4.0

InitializedDataSize
47104

ImageVersion
0.0

ProductName
Windows Movie Maker

FileVersionNumber
2.1.4026.0

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

LinkerVersion
2.25

OriginalFilename
MOVIEMK2.EXE

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
2, 1, 4026, 0

TimeStamp
1992:06:19 23:22:17+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
MOVIEMK2

FileAccessDate
2014:11:07 09:45:38+01:00

ProductVersion
2.1.4026.0

FileDescription
Windows Movie Maker

OSVersion
4.0

FileCreateDate
2014:11:07 09:45:38+01:00

FileOS
Win32

LegalCopyright
Copyright (C) Microsoft Corp, 2004

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
421888

FileSubtype
0

ProductVersionNumber
2.0.0.0

EntryPoint
0x1663

ObjectFileType
Dynamic link library

File identification
MD5 bc8b59adba3fa3da0e3be04975600df0
SHA1 5054171516d1b509959732e46ccf513cf37d086c
SHA256 6c939350ffdcd92bbe010ebc9c4fd4f3984017dce3de5ec844608bddb2633f93
ssdeep
12288:EyLGCg5Tipc8Yd+q/V0n0JDESk/xF+//Aa:BNm0XIhNuCDq/2l

authentihash d8756ea70da47441772f255dcdb2d2d6ea184e27a455676136f8879cdbe580c5
imphash b7669c7dadda50cda18bffc0eb1e4678
File size 460.7 KB ( 471744 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.3%)
Win32 Executable (generic) (26.2%)
Win16/32 Executable Delphi generic (12.0%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2014-11-07 08:26:17 UTC ( 3 years, 9 months ago )
Last submission 2014-11-07 08:26:17 UTC ( 3 years, 9 months ago )
File names MOVIEMK2.EXE
MOVIEMK2
drugvokrug-win-znaemsoft-ru.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
HTTP requests
DNS requests
TCP connections