× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 6eed89cebec32968cc7852b4b37143c28c78b5dda3eeb71555e9880cce2774fd
File name: free.exe
Detection ratio: 37 / 53
Analysis date: 2014-05-16 10:14:58 UTC ( 1 year, 2 months ago )
Antivirus Result Update
AVG Generic32.CCTU 20140516
Ad-Aware Trojan.GenericKD.963566 20140516
AhnLab-V3 Win-Trojan/Zbot.73216.L 20140515
AntiVir TR/Rogue.963566 20140516
Avast Win32:Trojan-gen 20140516
Baidu-International Trojan.Win32.Sharik.AhZG 20140516
BitDefender Trojan.GenericKD.963566 20140516
Bkav W32.Clod2dd.Trojan.dd54 20140515
Comodo TrojWare.Win32.Kryptik.BAXK 20140516
DrWeb Trojan.Enchanim.5 20140516
ESET-NOD32 a variant of Win32/Kryptik.AZOS 20140516
Emsisoft Trojan.GenericKD.963566 (B) 20140516
F-Secure Trojan.GenericKD.963566 20140516
Fortinet W32/ZAccess.Y!tr 20140516
GData Trojan.GenericKD.963566 20140516
Ikarus Trojan.SuspectCRC 20140516
K7AntiVirus Riskware ( 0040eff71 ) 20140516
K7GW Riskware ( 0040eff71 ) 20140515
Kaspersky Trojan.Win32.Sharik.peo 20140516
Malwarebytes Virus.Expiro 20140516
McAfee Artemis!80B3735863CC 20140516
McAfee-GW-Edition Artemis!80B3735863CC 20140516
MicroWorld-eScan Trojan.GenericKD.963566 20140516
NANO-Antivirus Trojan.Win32.Sharik.cobvif 20140516
Norman Suspicious_Gen4.DRJZS 20140516
Panda Generic Malware 20140516
Qihoo-360 HEUR/Malware.QVM07.Gen 20140516
SUPERAntiSpyware Trojan.Agent/Gen-Festo 20140516
Sophos Mal/Generic-S 20140516
Symantec Trojan.Zbot 20140516
Tencent Win32.Trojan.Spnr.bwtf 20140516
TheHacker Trojan/Kryptik.azos 20140515
TrendMicro TROJ_SPNR.14EB13 20140516
TrendMicro-HouseCall TROJ_SPNR.14EB13 20140516
VIPRE Trojan.Win32.Zbot.ma!ag (v) 20140516
Zillya Trojan.Sharik.Win32.97 20140516
nProtect Trojan.GenericKD.963566 20140515
AegisLab 20140516
Agnitum 20140515
Antiy-AVL 20140516
ByteHero 20140516
CAT-QuickHeal 20140516
CMC 20140512
ClamAV 20140516
Commtouch 20140516
F-Prot 20140516
Jiangmin 20140516
Kingsoft 20140516
Microsoft 20140516
Rising 20140507
TotalDefense 20140515
VBA32 20140514
ViRobot 20140516
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
PEiD Armadillo v1.71
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-04-24 12:20:01
Link date 1:20 PM 4/24/2013
Entry Point 0x00004E0D
Number of sections 4
PE sections
PE imports
GetLastError
HeapFree
LocalLock
GetDriveTypeW
GetNamedPipeInfo
SetHandleCount
GetSystemInfo
LoadLibraryW
GetExitCodeProcess
LCMapStringA
HeapDestroy
ExitProcess
GetEnvironmentStringsW
FlushFileBuffers
LoadLibraryA
GetStdHandle
GetModuleFileNameA
FreeLibrary
FindFirstChangeNotificationW
GetCommandLineA
HeapAlloc
GetStartupInfoA
_lwrite
GetEnvironmentStrings
RtlUnwind
GetCurrentProcessId
LCMapStringW
GetProfileSectionW
GetCompressedFileSizeW
GetCPInfo
UnhandledExceptionFilter
MultiByteToWideChar
GetPrivateProfileStructW
FreeEnvironmentStringsW
DeleteFileW
GetProcAddress
GetNamedPipeHandleStateW
SetStdHandle
GetProfileStringW
GetModuleHandleA
FreeEnvironmentStringsA
WideCharToMultiByte
SetEnvironmentVariableW
GetStringTypeA
SetFilePointer
GetDiskFreeSpaceW
GlobalAddAtomA
WriteFile
GetCurrentProcess
CreateMutexW
CloseHandle
IsBadHugeReadPtr
GetProcessWorkingSetSize
GetACP
HeapReAlloc
GetStringTypeW
GetVersion
FreeResource
SetPriorityClass
GetPrivateProfileSectionW
FormatMessageW
TerminateProcess
CreateProcessA
LocalSize
GetProcessShutdownParameters
FreeLibraryAndExitThread
InitializeCriticalSection
HeapCreate
PostQueuedCompletionStatus
VirtualFree
GetFileType
TlsSetValue
SignalObjectAndWait
SetMailslotInfo
OpenSemaphoreW
VirtualAlloc
GetOEMCP
GetWindow
CharToOemW
LoadBitmapA
InvalidateRgn
Number of PE resources by type
RT_MENU 2
RT_ACCELERATOR 1
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 4
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2013:04:24 13:20:01+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
37376

LinkerVersion
8.0

FileAccessDate
2014:05:16 11:19:59+01:00

EntryPoint
0x4e0d

InitializedDataSize
1031680

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

FileCreateDate
2014:05:16 11:19:59+01:00

UninitializedDataSize
0

File identification
MD5 80b3735863cc59d3edc6e7331a231c88
SHA1 87485ac47a8d7322fcfd532acd39dd6d1a4ef6d6
SHA256 6eed89cebec32968cc7852b4b37143c28c78b5dda3eeb71555e9880cce2774fd
ssdeep
1536:vYG1BHsvYofMJwQwtzDoNKyji0XxheD2MZ/dMs4o0vU:NMvDJQwt3s1hqBVdMs4o0vU

imphash ec54d9cad96662184b5b1d8e2f086d9c
File size 71.5 KB ( 73216 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe armadillo

VirusTotal metadata
First submission 2013-04-25 07:12:30 UTC ( 2 years, 3 months ago )
Last submission 2014-05-16 10:14:58 UTC ( 1 year, 2 months ago )
File names free.exe
80b3735863cc59d3edc6e7331a231c88.87485ac47a8d7322fcfd532acd39dd6d1a4ef6d6
output.10403402.txt
10403402
a3379f91fb31d5fa9e5b6d12446a5943190b50a3
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Deleted files
Searched windows
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
TCP connections
UDP communications