× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 731e224a458ee9dd8c97ad64cc97f04eb0188e4069b67afc635a501e6e6e9ed8
File name: dpEDlzV.exe
Detection ratio: 51 / 57
Analysis date: 2016-06-01 00:46:20 UTC ( 2 years, 10 months ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKD.2026775 20160531
AegisLab Troj.W32.Generic!c 20160531
AhnLab-V3 Trojan/Win32.Yakes 20160531
ALYac Trojan.GenericKD.2026775 20160601
Antiy-AVL Trojan/Win32.Yakes 20160531
Arcabit Trojan.Generic.D1EED17 20160531
Avast Win32:Androp [Drp] 20160601
AVG Inject2.BIBU 20160601
Avira (no cloud) TR/Crypt.XPACK.Gen8 20160601
AVware Trojan.Win32.Generic!BT 20160601
Baidu Win32.Trojan.WisdomEyes.151026.9950.9993 20160530
Baidu-International Trojan.Win32.Yakes.hveg 20160531
BitDefender Trojan.GenericKD.2026775 20160531
Bkav W32.PansidoM.Trojan 20160531
CAT-QuickHeal Trojan.Lethic.MUE.B4 20160531
Comodo UnclassifiedMalware 20160531
Cyren W32/Rovnix.A.gen!Eldorado 20160601
DrWeb Trojan.KillFiles.18201 20160601
Emsisoft Trojan.GenericKD.2026775 (B) 20160601
ESET-NOD32 Win32/Injector.BRGH 20160601
F-Prot W32/Rovnix.A.gen!Eldorado 20160601
F-Secure Trojan.GenericKD.2026775 20160601
Fortinet W32/Injector.BRJE!tr 20160601
GData Trojan.GenericKD.2026775 20160601
Ikarus Backdoor.Win32.Ruskill 20160531
Jiangmin Trojan/Yakes.otr 20160601
K7AntiVirus Trojan ( 004b24cc1 ) 20160531
K7GW Trojan ( 004b24cc1 ) 20160531
Kaspersky HEUR:Trojan.Win32.Generic 20160601
Malwarebytes Ransom.Agent.ED 20160601
McAfee Trojan-FFLJ!EA76D61EC0BA 20160601
McAfee-GW-Edition BehavesLike.Win32.Backdoor.dm 20160531
Microsoft Worm:Win32/Dorkbot.I 20160601
eScan Trojan.GenericKD.2026775 20160601
NANO-Antivirus Trojan.Win32.Yakes.dklnrz 20160531
nProtect Trojan.GenericKD.2026775 20160531
Panda Trj/Genetic.gen 20160531
Qihoo-360 HEUR/QVM10.1.Malware.Gen 20160601
Rising Malware.Generic!69qTFLhofIB@5 (Thunder) 20160531
Sophos AV Mal/Wonton-T 20160601
Symantec Trojan Horse 20160601
Tencent Win32.Trojan.Inject.Auto 20160601
TheHacker Trojan/Injector.brgh 20160530
TotalDefense Win32/Dorkbot.FOBXaH 20160601
TrendMicro WORM_DORKBOT.ER 20160601
TrendMicro-HouseCall WORM_DORKBOT.ER 20160601
VBA32 Heur.Malware-Cryptor.Ngrbot 20160531
VIPRE Trojan.Win32.Generic!BT 20160601
ViRobot Trojan.Win32.Agent.272384.AT[h] 20160531
Yandex Trojan.Yakes!fMYqhvv+a4I 20160531
Zillya Trojan.Yakes.Win32.27264 20160531
Alibaba 20160531
ClamAV 20160531
CMC 20160530
Kingsoft 20160601
SUPERAntiSpyware 20160601
Zoner 20160531
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-12-14 08:29:10
Entry Point 0x00001F33
Number of sections 4
PE sections
PE imports
SetSecurityDescriptorDacl
RegFlushKey
RegCloseKey
RegQueryValueExA
InitializeSecurityDescriptor
RegSetValueExA
RegCreateKeyExA
RegOpenKeyExA
RegEnumKeyExA
RegQueryInfoKeyA
GetOpenFileNameA
GetSaveFileNameA
ChooseFontA
GetLastError
GetWriteWatch
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
SetHandleCount
GetOEMCP
QueryPerformanceCounter
IsDebuggerPresent
ExitProcess
SetProcessShutdownParameters
TlsAlloc
GetEnvironmentStringsW
FlushFileBuffers
GetModuleFileNameA
RtlUnwind
LoadLibraryA
FreeEnvironmentStringsA
DisconnectNamedPipe
GetStartupInfoA
GetProcessIoCounters
GetEnvironmentStrings
GetLocaleInfoA
HeapSize
GetCurrentProcessId
UnhandledExceptionFilter
SetProcessPriorityBoost
LCMapStringA
GetCPInfo
ClearCommBreak
InterlockedDecrement
MultiByteToWideChar
IsProcessInJob
FreeEnvironmentStringsW
InitializeCriticalSectionAndSpinCount
GetCommandLineA
GetProcAddress
GetStringTypeA
GetProcessHeap
LeaveCriticalSection
GetStringTypeW
ReleaseSemaphore
WideCharToMultiByte
TlsFree
DeleteCriticalSection
WTSGetActiveConsoleSessionId
SetUnhandledExceptionFilter
WriteFile
GetCurrentProcess
GetSystemTimeAsFileTime
ClearCommError
GetACP
HeapReAlloc
SetHandleInformation
GetModuleHandleW
HeapAlloc
TerminateProcess
GetProcessHandleCount
IsValidCodePage
HeapCreate
VirtualFree
TlsGetValue
Sleep
GetFileType
TlsSetValue
GetTickCount
GetCurrentThreadId
InterlockedIncrement
VirtualAlloc
SetLastError
CreateTapePartition
Number of PE resources by type
RT_ICON 8
RT_DIALOG 6
RT_MANIFEST 1
RT_MESSAGETABLE 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 17
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2014:12:14 09:29:10+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
29184

LinkerVersion
9.0

EntryPoint
0x1f33

InitializedDataSize
242176

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
0

File identification
MD5 ea76d61ec0ba93c822f8242ca78a9fe2
SHA1 b533bca4448722c6f80d281c7d620d65358a600b
SHA256 731e224a458ee9dd8c97ad64cc97f04eb0188e4069b67afc635a501e6e6e9ed8
ssdeep
3072:YU/+/yD9gGRh8n/2IRMtpCaZxhF7FoSqoHMDvex49ggjEpEU0:R+HGROn/KBZjVFnHgGx49ggjEw

authentihash 8f5d147dadff137d734ce3723e569dae56d489d7c4a0e73a420b224c5b0a657a
imphash fd000c90cafbdf884f00b8642cb31f96
File size 266.0 KB ( 272384 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (35.8%)
Win64 Executable (generic) (31.7%)
Windows screen saver (15.0%)
Win32 Dynamic Link Library (generic) (7.5%)
Win32 Executable (generic) (5.1%)
Tags
peexe usb-autorun

VirusTotal metadata
First submission 2014-12-14 14:02:15 UTC ( 4 years, 4 months ago )
Last submission 2015-03-03 01:06:30 UTC ( 4 years, 1 month ago )
File names dpEDlzV.exe
Xsrmrj.exe
6qwwb.exe
tQnJA.gif
731e224a458ee9dd8c97ad64cc97f04eb0188e4069b67afc635a501e6e6e9ed8.exe
RxRTVID.exe
Xvnknh.exe
Explorer.exe
731e224a458ee9dd8c97ad64cc97f04eb0188e4069b67afc635a501e6e6e9ed8
675E.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Runtime DLLs