× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 726c51ca3a5041440a19a1222a97988b6f18eed4a6c30a810e83081df9ac02ee
File name: ldx55.exe
Detection ratio: 4 / 54
Analysis date: 2014-06-19 02:50:39 UTC ( 4 years, 9 months ago ) View latest
Antivirus Result Update
ByteHero Trojan.Malware.Obscu.Gen.002 20140619
CMC Packed.Win32.Katusha.1!O 20140618
Qihoo-360 Malware.QVM20.Gen 20140619
Rising PE:Malware.XPACK-HIE/Heur!1.9C48 20140618
Ad-Aware 20140618
AegisLab 20140618
Yandex 20140618
AhnLab-V3 20140618
AntiVir 20140618
Antiy-AVL 20140618
Avast 20140618
AVG 20140618
Baidu-International 20140618
BitDefender 20140618
Bkav 20140618
CAT-QuickHeal 20140617
ClamAV 20140618
Commtouch 20140618
Comodo 20140618
DrWeb 20140618
Emsisoft 20140618
ESET-NOD32 20140618
F-Prot 20140618
F-Secure 20140618
Fortinet 20140618
GData 20140618
Ikarus 20140618
Jiangmin 20140618
K7AntiVirus 20140618
K7GW 20140618
Kaspersky 20140618
Kingsoft 20140619
Malwarebytes 20140618
McAfee 20140618
McAfee-GW-Edition 20140618
Microsoft 20140618
eScan 20140618
NANO-Antivirus 20140618
Norman 20140618
nProtect 20140618
Panda 20140618
Sophos AV 20140618
SUPERAntiSpyware 20140618
Symantec 20140618
Tencent 20140619
TheHacker 20140617
TotalDefense 20140618
TrendMicro 20140618
TrendMicro-HouseCall 20140618
VBA32 20140618
VIPRE 20140618
ViRobot 20140618
Zillya 20140618
Zoner 20140616
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-05-15 07:36:45
Entry Point 0x0000416E
Number of sections 3
PE sections
Overlays
MD5 bf619eac0cdf3f68d496ea9344137e8b
File type ASCII text
Offset 136192
Size 512
Entropy 0.00
PE imports
AuthzInitializeContextFromSid
AuthzFreeResourceManager
AuthzAddSidsToContext
AuthzFreeAuditEvent
AuthzFreeContext
CertFreeCRLContext
CertAlgIdToOID
CertGetNameStringA
CertOpenStore
CertAddStoreToCollection
CertDuplicateStore
CertCompareCertificate
CertFindExtension
CertControlStore
CertFindChainInStore
CertSaveStore
CryptFindOIDInfo
CertNameToStrA
CertDuplicateCRLContext
CertCreateContext
CertCreateCRLContext
DeviceIoControl
GetStdHandle
GetComputerNameW
GetAtomNameW
CreateNamedPipeW
GetConsoleAliasW
CopyFileA
GetVersionExA
GetLocalTime
GetCurrentProcess
GetCurrentDirectoryW
GetLocaleInfoA
DeleteFileA
GetShortPathNameA
GetProcAddress
GetProcessHeap
OpenMutexA
SetStdHandle
CreateMutexA
CompareStringW
CreateSemaphoreA
GetBinaryTypeW
GetModuleHandleA
lstrcmpA
InterlockedExchange
ResetEvent
GetDiskFreeSpaceA
GetFullPathNameA
FormatMessageW
CreateEventW
InterlockedDecrement
GetFileType
SetCurrentDirectoryA
CloseHandle
GradientFill
AlphaBlend
DllInitialize
TransparentBlt
vSetDdrawflag
SetFocus
wsprintfA
CreateWindowExA
IsWindow
IsZoomed
GetMessageW
DialogBoxParamA
LoadCursorA
IsDialogMessageA
CharToOemA
Number of PE resources by type
Struct(32) 3
Number of PE resources by language
RUSSIAN 3
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2014:05:15 08:36:45+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
37376

LinkerVersion
7.1

EntryPoint
0x416e

InitializedDataSize
97792

SubsystemVersion
4.0

ImageVersion
5.1

OSVersion
5.1

UninitializedDataSize
0

File identification
MD5 2f1a0451dbe3e37829289c6dd5a45933
SHA1 8bc92711f3e5fc23b12793417958bbbf3a8b7915
SHA256 726c51ca3a5041440a19a1222a97988b6f18eed4a6c30a810e83081df9ac02ee
ssdeep
1536:IwOdIjPHw8xFoSkANXimt9Ldt+yFE/ZM+0raGAcKy1jeQzCeiSK1AZTVWDRmqGXX:IwVPHw0kmimt9Jt+v/NQ7hFznPZceX

authentihash 7dd0eb86ac7c1b2bafd05d435e176918b228761e923437cb8a45d793f40bdab0
imphash 5e44cf76ebb3c2e6e8637035f85bef1d
File size 133.5 KB ( 136704 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Generic Win/DOS Executable (49.9%)
DOS Executable Generic (49.8%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)
Tags
peexe overlay

VirusTotal metadata
First submission 2014-06-19 02:50:39 UTC ( 4 years, 9 months ago )
Last submission 2015-12-19 17:25:09 UTC ( 3 years, 3 months ago )
File names ldx55.exe
726c51ca3a5041440a19a1222a97988b6f18eed4a6c30a810e83081df9ac02ee.vir
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
DNS requests
UDP communications