× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 6d0b05f80872e2474e78ed019abec4993423c22f56346b519a46ad319d842766
File name: 6d0b05f80872e2474e78ed019abec4993423c22f56346b519a46ad319d842766
Detection ratio: 2 / 48
Analysis date: 2013-09-26 20:35:16 UTC ( 5 years, 5 months ago )
Antivirus Result Update
ClamAV Win.Trojan.Escape 20130926
Symantec WS.Reputation.1 20130926
Yandex 20130926
AhnLab-V3 20130926
AntiVir 20130926
Antiy-AVL 20130926
Avast 20130926
AVG 20130926
Baidu-International 20130926
BitDefender 20130926
Bkav 20130926
ByteHero 20130920
CAT-QuickHeal 20130926
Commtouch 20130926
Comodo 20130926
DrWeb 20130926
Emsisoft 20130926
ESET-NOD32 20130926
F-Prot 20130926
F-Secure 20130926
Fortinet 20130926
GData 20130926
Ikarus 20130926
Jiangmin 20130903
K7AntiVirus 20130926
K7GW 20130926
Kaspersky 20130926
Kingsoft 20130829
Malwarebytes 20130926
McAfee 20130926
McAfee-GW-Edition 20130926
Microsoft 20130926
eScan 20130926
NANO-Antivirus 20130926
Norman 20130926
nProtect 20130926
Panda 20130926
PCTools 20130925
Rising 20130926
Sophos AV 20130926
SUPERAntiSpyware 20130926
TheHacker 20130926
TotalDefense 20130925
TrendMicro 20130926
TrendMicro-HouseCall 20130926
VBA32 20130926
VIPRE 20130926
ViRobot 20130926
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
PEiD Armadillo v1.71
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2001-12-15 20:38:15
Entry Point 0x000129EB
Number of sections 4
PE sections
PE imports
PatBlt
GetStockObject
GetLastError
InitializeCriticalSection
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
SetHandleCount
LoadLibraryA
GetFileAttributesA
WaitForSingleObject
GetOEMCP
LCMapStringA
HeapDestroy
HeapAlloc
SetFileTime
FlushFileBuffers
GetEnvironmentStringsW
GetVersionExA
GetModuleFileNameA
RtlUnwind
RemoveDirectoryA
FreeEnvironmentStringsA
DeleteCriticalSection
GetStartupInfoA
IsBadWritePtr
GetEnvironmentStrings
GetFileSize
CreateDirectoryA
DeleteFileA
WideCharToMultiByte
UnhandledExceptionFilter
MultiByteToWideChar
HeapSize
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
GetFileType
SetStdHandle
GetModuleHandleA
GetTempPathA
RaiseException
GetCPInfo
GetStringTypeA
SetFilePointer
ReadFile
IsBadCodePtr
WriteFile
GetCurrentProcess
FindFirstFileA
CloseHandle
GetTempFileNameA
FindNextFileA
GetACP
HeapReAlloc
GetStringTypeW
SetFileAttributesA
TerminateProcess
CreateProcessA
SetUnhandledExceptionFilter
GetEnvironmentVariableA
HeapCreate
VirtualFree
FindClose
IsBadReadPtr
CreateFileA
ExitProcess
GetVersion
VirtualAlloc
SetCurrentDirectoryA
LeaveCriticalSection
SHGetPathFromIDListA
SHBrowseForFolderA
ShellExecuteA
GetMessageA
UpdateWindow
EndDialog
PostQuitMessage
DefWindowProcA
ShowWindow
SendDlgItemMessageA
GetSystemMetrics
GetWindowRect
DispatchMessageA
EnableWindow
SetDlgItemTextA
PostMessageA
MoveWindow
GetDlgItemTextA
MessageBoxA
PeekMessageA
TranslateMessage
DialogBoxParamA
GetDC
RegisterClassExA
ReleaseDC
SetWindowTextA
SendMessageA
GetClientRect
GetDlgItem
CreateWindowExA
LoadCursorA
LoadIconA
GetOpenFileNameA
CoTaskMemFree
Number of PE resources by type
RT_ICON 1
RT_DIALOG 1
RT_GROUP_ICON 1
Number of PE resources by language
JAPANESE DEFAULT 3
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2001:12:15 21:38:15+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
103936

LinkerVersion
6.0

EntryPoint
0x129eb

InitializedDataSize
29696

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 4f9b3a1dce2caab7ead569bd8f2d4ed6
SHA1 7ab32dfe4ab19662e1627bcfd036defa46688bc0
SHA256 6d0b05f80872e2474e78ed019abec4993423c22f56346b519a46ad319d842766
ssdeep
24576:sAK+6qT+iPiDIePFx7YUh8+ZygCEI8xlIuitSeEsOu6vhubF:XK+6qKiPgdPn8US8VIolIuitSbO

File size 1005.1 KB ( 1029222 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.1%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe armadillo

VirusTotal metadata
First submission 2013-09-22 21:02:16 UTC ( 5 years, 6 months ago )
Last submission 2013-09-26 20:35:16 UTC ( 5 years, 5 months ago )
File names 3laDkXfw.docm
aa
MIafdW.dwg
15345134
7ab32dfe4ab19662e1627bcfd036defa46688bc0
output.15345134.txt
6d0b05f80872e2474e78ed019abec4993423c22f56346b519a46ad319d842766
uphoiku7.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.