× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 73b6dd0a41fcf898ebe52b5af5fcfb48af12442fc8c11257c08c275d50f0179e
File name: IrFKDDEW.exe
Detection ratio: 29 / 44
Analysis date: 2012-11-14 13:23:28 UTC ( 1 year, 5 months ago ) View latest
Antivirus Result Update
AVG unknown virus Win32/DH{NgNnCA} 20121114
Agnitum Trojan.Agent!zc2AxUUOu7I 20121114
AntiVir TR/Crypt.ZPACK.Gen 20121114
Avast Win32:Malware-gen 20121114
BitDefender Trojan.Generic.7781798 20121114
Comodo UnclassifiedMalware 20121114
DrWeb Trojan.Inject1.11469 20121114
ESET-NOD32 a variant of Win32/Agent.PIB 20121114
Emsisoft Trojan.Generic.7781798 (B) 20121114
F-Secure Trojan.Generic.7781798 20121114
Fortinet W32/Agent.XPK!tr 20121114
GData Trojan.Generic.7781798 20121114
Ikarus Backdoor.Win32.Binanen 20121114
Jiangmin Trojan/Generic.asjif 20121114
Kaspersky HEUR:Trojan.Win32.Generic 20121114
Kingsoft Win32.Troj.Undef.(kcloud) 20121112
McAfee Artemis!F089CBEE1131 20121114
McAfee-GW-Edition Heuristic.BehavesLike.Win32.Downloader.H 20121114
Microsoft Backdoor:Win32/Binanen.A 20121114
Norman W32/Troj_Generic.EFRRA 20121112
PCTools Trojan.Gen 20121114
Panda Trj/CI.A 20121114
Sophos Troj/Agent-XPK 20121114
Symantec Trojan.Gen 20121114
TheHacker Trojan/Agent.pgm 20121113
TrendMicro TROJ_GEN.RCBCDIP 20121114
TrendMicro-HouseCall TROJ_GEN.RCBCDIP 20121114
VIPRE Trojan.Win32.Generic!BT 20121114
nProtect Trojan.Generic.7781798 20121114
AhnLab-V3 20121114
Antiy-AVL 20121113
ByteHero 20121110
CAT-QuickHeal 20121114
ClamAV 20121114
Commtouch 20121114
F-Prot 20121114
K7AntiVirus 20121110
MicroWorld-eScan 20121114
Rising 20121114
SUPERAntiSpyware 20121114
TotalDefense 20121113
VBA32 20121114
ViRobot 20121114
eSafe 20121112
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
PEiD Armadillo v1.71
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-08-16 09:56:23
Entry Point 0x0000436C
Number of sections 3
PE sections
PE imports
GetLastError
HeapFree
GetStdHandle
LCMapStringW
SetHandleCount
lstrlenA
GetFileAttributesA
FreeLibrary
LCMapStringA
HeapDestroy
ExitProcess
IsBadWritePtr
GetEnvironmentStringsW
FlushFileBuffers
GetModuleFileNameA
RtlUnwind
LoadLibraryA
GetShortPathNameA
FreeEnvironmentStringsA
CreatePipe
GetCurrentProcess
GetEnvironmentStrings
DeleteFileA
GetCPInfo
UnhandledExceptionFilter
MultiByteToWideChar
HeapSize
IsBadCodePtr
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
IsBadReadPtr
SetStdHandle
WideCharToMultiByte
lstrcmpiA
GetStringTypeA
SetFilePointer
ReadFile
SetUnhandledExceptionFilter
WriteFile
GetStartupInfoA
CloseHandle
GetACP
HeapReAlloc
GetStringTypeW
GetOEMCP
TerminateProcess
CreateProcessA
GetEnvironmentVariableA
HeapCreate
VirtualFree
GetFileType
CreateFileA
HeapAlloc
GetVersion
VirtualAlloc
wsprintfA
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2012:08:16 10:56:23+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
32768

LinkerVersion
6.0

EntryPoint
0x436c

InitializedDataSize
40960

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 f089cbee11315f5a3256803cc727984d
SHA1 d0d8d7f67f09e44d05ccb18b67205198fdd64ba0
SHA256 73b6dd0a41fcf898ebe52b5af5fcfb48af12442fc8c11257c08c275d50f0179e
ssdeep
768:rrW+zpH4OcZyS8kBsLPwItuGqjIs+M4iHqhPhoQ3vXFk6Lwb7Owyf+mVDmJXyiHX:gXJ5jIst49oQPpQFGtVihTx4+kIt

File size 68.0 KB ( 69632 bytes )
File type Win32 EXE
Magic literal
MS-DOS executable PE for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
Tags
peexe armadillo

VirusTotal metadata
First submission 2012-11-14 13:23:28 UTC ( 1 year, 5 months ago )
Last submission 2012-11-29 15:14:38 UTC ( 1 year, 4 months ago )
File names IrFKDDEW.exe
file-4824158_exe
smona_73b6dd0a41fcf898ebe52b5af5fcfb48af12442fc8c11257c08c275d50f0179e.bin
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Set keys
Created processes
Shell commands
Opened mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
UDP communications