× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 6fddbc07b7374a265cc164d55a8b66fcc4a8695168d0f8bdcf8024d33679d351
File name: a111a453.exe
Detection ratio: 41 / 54
Analysis date: 2014-10-25 00:50:10 UTC ( 4 years, 3 months ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Symmi.43578 20141025
Yandex Backdoor.Azbreg!FKUq/b/oJmo 20141024
AhnLab-V3 Dropper/Win32.Necurs 20141024
Antiy-AVL Trojan[Backdoor]/Win32.Azbreg 20141024
Avast Win32:Malware-gen 20141025
AVG Inject2.ALKJ 20141025
Avira (no cloud) TR/Crypt.Xpack.73056 20141025
AVware Trojan.Win32.Generic!BT 20141025
Baidu-International Worm.Win32.Ngrbot.77 20141024
BitDefender Gen:Variant.Symmi.43578 20141025
CAT-QuickHeal TrojanRansom.Crowti.A6 20141022
Comodo UnclassifiedMalware 20141024
DrWeb Win32.HLLW.Autoruner2.1926 20141025
Emsisoft Gen:Variant.Symmi.43578 (B) 20141025
ESET-NOD32 a variant of Win32/Injector.BGNW 20141024
F-Prot W32/Powessere.A.gen!Eldorado 20141025
F-Secure Gen:Variant.Symmi.43578 20141025
Fortinet W32/Yakes.FHJN!tr 20141025
GData Gen:Variant.Symmi.43578 20141025
Ikarus Backdoor.Win32.Azbreg 20141024
K7AntiVirus Riskware ( 0040eff71 ) 20141024
K7GW Riskware ( 0040eff71 ) 20141024
Kaspersky Backdoor.Win32.Azbreg.aabz 20141024
Kingsoft Win32.Hack.Azbreg.aa.(kcloud) 20141025
Malwarebytes Trojan.Injector.Agent 20141025
McAfee RDN/Generic Dropper!ur 20141025
McAfee-GW-Edition BehavesLike.Win32.PWSZbot.ch 20141025
Microsoft Trojan:Win32/Lethic.B 20141025
eScan Gen:Variant.Symmi.43578 20141024
NANO-Antivirus Trojan.Win32.Androm.dbonie 20141024
Norman Troj_Generic.UPHJP 20141024
Qihoo-360 Win32/Trojan.35a 20141025
Sophos AV Troj/Wonton-ES 20141024
Symantec Backdoor.Trojan 20141025
Tencent Win32.Backdoor.Azbreg.Lhwx 20141025
TotalDefense Win32/Lethic.GZYOGWC 20141024
TrendMicro TROJ_KRYPTRES.SM 20141025
TrendMicro-HouseCall TROJ_KRYPTRES.SM 20141025
VBA32 Malware-Cryptor.Limpopo 20141023
VIPRE Trojan.Win32.Generic!BT 20141024
Zillya Backdoor.Azbreg.Win32.3778 20141023
AegisLab 20141025
Bkav 20141024
ByteHero 20141025
ClamAV 20141024
CMC 20141024
Cyren 20141025
Jiangmin 20141024
nProtect 20141024
Rising 20141024
SUPERAntiSpyware 20141025
TheHacker 20141022
ViRobot 20141024
Zoner 20141024
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-06-24 08:14:15
Entry Point 0x00009923
Number of sections 4
PE sections
PE imports
GetTextExtentPointI
AddFontResourceExW
CreateEllipticRgn
ArcTo
CreateColorSpaceA
FrameRgn
SelectObject
CreateBrushIndirect
EnumMetaFile
RectInRegion
TextOutA
CreateColorSpaceW
AbortPath
GetStretchBltMode
ChoosePixelFormat
PolyBezier
DrawEscape
CopyEnhMetaFileA
GetDCBrushColor
GetStdHandle
GetFileAttributesA
WaitForSingleObject
FindNextFileA
HeapDestroy
GetFileAttributesW
GetProcessId
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetLocaleInfoA
LoadLibraryExW
FreeEnvironmentStringsW
GetLocaleInfoW
SetStdHandle
GetTempPathA
GetCPInfo
GetStringTypeA
GetTempPathW
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
SetFileAttributesA
GetOEMCP
ResumeThread
InitializeCriticalSection
LoadResource
FindClose
InterlockedDecrement
FindNextChangeNotification
SetFileAttributesW
OutputDebugStringA
SetLastError
CopyFileW
GetModuleFileNameW
CopyFileA
HeapAlloc
GetModuleFileNameA
LoadLibraryExA
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
GetModuleHandleA
SetMessageWaitingIndicator
SetUnhandledExceptionFilter
MulDiv
IsProcessorFeaturePresent
SetHandleInformation
TerminateProcess
FindCloseChangeNotification
GlobalAlloc
GetCurrentThreadId
InterlockedIncrement
CloseHandle
HeapFree
EnterCriticalSection
SetHandleCount
TerminateThread
GetExitCodeProcess
QueryPerformanceCounter
GetTickCount
TlsAlloc
VirtualProtect
GetVersionExA
LoadLibraryA
RtlUnwind
GetStartupInfoA
GetFileSize
DeleteFileA
SetFileValidData
CreateDirectoryW
DeleteFileW
GetProcAddress
GetProcessHeap
AssignProcessToJobObject
RemoveDirectoryW
FindFirstFileA
FindFirstFileW
lstrcmpW
SetEvent
CreateFileW
GetFileType
TlsSetValue
ExitProcess
LeaveCriticalSection
GetLastError
LCMapStringW
GetSystemInfo
lstrlenA
GlobalFree
FindResourceW
LCMapStringA
GetEnvironmentStringsW
VirtualQuery
RemoveDirectoryA
CreateProcessW
GetEnvironmentStrings
GetCurrentProcessId
WideCharToMultiByte
HeapSize
GetCommandLineA
RaiseException
TlsFree
SetFilePointer
ReadFile
FindNextFileW
GetACP
GetModuleHandleW
GetVersion
SizeofResource
CreateProcessA
HeapCreate
WriteFile
VirtualFree
Sleep
VirtualAlloc
ColorAdjustLuma
ChangeDisplaySettingsW
GetMessagePos
LoadBitmapW
DestroyMenu
PostQuitMessage
DrawStateW
SetWindowPos
IsWindow
EndPaint
ScrollWindowEx
DlgDirSelectComboBoxExW
CreateDesktopW
DispatchMessageW
GetAsyncKeyState
MapDialogRect
SendMessageW
SendMessageA
GetClassInfoW
DrawTextW
LoadImageW
SetMessageExtraInfo
GetActiveWindow
LoadAcceleratorsW
DestroyWindow
DdeSetQualityOfService
GetParent
GetCursorInfo
SetClassLongW
ShowWindow
GetNextDlgGroupItem
PeekMessageW
EnableWindow
CharUpperW
IsWindowEnabled
GetDlgItemTextW
RegisterClassW
LoadStringA
SetClipboardData
LoadStringW
IsIconic
CreateMenu
UnhookWinEvent
FillRect
CharNextA
CreateWindowExW
GetWindowLongW
CharNextW
CharPrevA
BeginPaint
DefWindowProcW
GetComboBoxInfo
CharPrevW
GetSystemMetrics
SetWindowLongW
GetWindowRect
PostMessageW
GetKeyNameTextW
CheckDlgButton
CreateDialogParamW
CreatePopupMenu
SetWindowTextW
SetTimer
GetDlgItem
ScreenToClient
TrackPopupMenu
FindWindowExW
IsDlgButtonChecked
GetDesktopWindow
LoadCursorW
GetSystemMenu
ReuseDDElParam
GetDC
SetForegroundWindow
NotifyWinEvent
ExitWindowsEx
OpenClipboard
EmptyClipboard
EndDialog
FindWindowW
FindWindowA
wvsprintfW
MessageBoxW
SetMenu
DdeSetUserHandle
DialogBoxParamW
MessageBoxA
AppendMenuW
ChangeClipboardChain
GetClassWord
MessageBoxIndirectW
GetSysColor
SetDlgItemTextW
DestroyIcon
IsWindowVisible
SystemParametersInfoW
InvalidateRect
wsprintfA
CallWindowProcW
GetClientRect
EnableMenuItem
SendMessageTimeoutW
wsprintfW
CloseClipboard
SetCursor
Number of PE resources by type
Struct(13) 1
RT_VERSION 1
Number of PE resources by language
NEUTRAL 1
ENGLISH US 1
PE resources
ExifTool file metadata
LegalTrademarks
Owner fairly connected hell improve

SubsystemVersion
5.0

Comments
Piano July hollow June perfectly

InitializedDataSize
33280

ImageVersion
0.0

ProductName
Passage

FileVersionNumber
5.42.37.0

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

CharacterSet
Unicode

LinkerVersion
9.0

OriginalFilename
Passage.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
5.42.37.0

TimeStamp
2014:06:24 09:14:15+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Passage

FileAccessDate
2014:10:25 01:52:22+01:00

ProductVersion
5.42.37.0

FileDescription
Stove pain porch principal

OSVersion
5.0

FileCreateDate
2014:10:25 01:52:22+01:00

FileOS
Win32

LegalCopyright
Copyright Halfway graph

MachineType
Intel 386 or later, and compatibles

CompanyName
Nodded origin

CodeSize
77824

FileSubtype
0

ProductVersionNumber
5.42.37.0

EntryPoint
0x9923

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 326743d4729a6f22220ad7021a2aa59d
SHA1 d8f9fc6183e311f48c099a69e996ffe14d0fe568
SHA256 6fddbc07b7374a265cc164d55a8b66fcc4a8695168d0f8bdcf8024d33679d351
ssdeep
1536:6lP2x42HBVnHQsllvFV3US31gHPcUJPMElJz1uQwbnFk4wK0uyQHNb6X5iIZlZmI:6gxDQYGegvc41AT0uyimXYEqE0Wh

authentihash c494b87309e2a3dd6cb83af24d28889ba0160b15cf64624c8e230dbdb31608b5
imphash 257b06ade96d234bed04a8327235c2d0
File size 109.5 KB ( 112128 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.1%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2014-06-24 09:27:57 UTC ( 4 years, 8 months ago )
Last submission 2014-10-25 00:50:10 UTC ( 4 years, 3 months ago )
File names f3ed.exe
6FDDBC07B7374A265CC164D55A8B66FCC4A8695168D0F8BDCF8024D33679D351
a111a453.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
Behaviour characterization
Zemana
dll-injection

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Created processes
Code injections in the following processes
Opened mutexes
Runtime DLLs