× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 74f539fae25299555afbc1a090d639fe2eb5db123226cc4b39a27ae1e3a6278d
File name: FAX975009.scr
Detection ratio: 55 / 62
Analysis date: 2017-08-14 01:40:34 UTC ( 2 months, 1 week ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKD.1652103 20170813
AegisLab Troj.W32.Bublik.clmd!c 20170814
AhnLab-V3 Trojan/Win32.Zbot.C323211 20170813
ALYac Trojan.GenericKD.1652103 20170814
Antiy-AVL Trojan/Win32.Bublik 20170814
Arcabit Trojan.Generic.D193587 20170813
Avast Win32:Trojan-gen 20170814
AVG Win32:Trojan-gen 20170814
Avira (no cloud) TR/Necurs.H.1 20170813
AVware Win32.Malware!Drop 20170813
Baidu Win32.Trojan-Downloader.Waski.a 20170811
BitDefender Trojan.GenericKD.1652103 20170814
CAT-QuickHeal Downloader.Upatre.19948 20170812
ClamAV Win.Trojan.Generickd-551 20170813
Comodo TrojWare.Win32.Kryptik.CBXB 20170814
CrowdStrike Falcon (ML) malicious_confidence_90% (W) 20170804
Cyren W32/Trojan.AZAS-5859 20170814
DrWeb Trojan.DownLoad3.28161 20170814
Emsisoft Trojan.GenericKD.1652103 (B) 20170814
Endgame malicious (high confidence) 20170721
ESET-NOD32 Win32/TrojanDownloader.Waski.A 20170813
F-Prot W32/Trojan2.ODVY 20170814
F-Secure Trojan.GenericKD.1652103 20170814
Fortinet W32/Agent.SQW!tr 20170813
GData Win32.Trojan.Agent.A5J836 20170814
Sophos ML heuristic 20170607
Jiangmin Trojan/Bublik.hbe 20170814
K7AntiVirus Trojan-Downloader ( 0040f7f11 ) 20170813
K7GW Trojan-Downloader ( 0040f7f11 ) 20170814
Kaspersky Trojan.Win32.Bublik.clmd 20170813
Malwarebytes Trojan.Downloader.UPT 20170813
MAX malware (ai score=88) 20170813
McAfee Generic.sj 20170813
McAfee-GW-Edition BehavesLike.Win32.Downloader.lm 20170813
Microsoft TrojanDownloader:Win32/Upatre 20170814
eScan Trojan.GenericKD.1652103 20170814
NANO-Antivirus Trojan.Win32.Bublik.cxanxn 20170814
nProtect Trojan/W32.Bublik.19456.I 20170814
Palo Alto Networks (Known Signatures) generic.ml 20170814
Panda Trj/WLT.A 20170813
Qihoo-360 HEUR/Malware.QVM20.Gen 20170814
Rising Trojan.Generic (cloud:EqXx89NlBtP) 20170814
Sophos AV Troj/Zbot-IEA 20170814
SUPERAntiSpyware Trojan.Agent/Gen-Necurs 20170813
Symantec Trojan.Zbot 20170813
Tencent Win32.Trojan.Bublik.Hzh 20170814
TheHacker Trojan/Downloader.Waski.a 20170810
TotalDefense Win32/Upatre.EdVdXFC 20170813
VBA32 Trojan.Bublik 20170811
VIPRE Win32.Malware!Drop 20170814
ViRobot Trojan.Win32.Zbot.19456.B 20170813
WhiteArmor Malware.HighConfidence 20170731
Yandex Trojan.DL.Waski! 20170807
ZoneAlarm by Check Point Trojan.Win32.Bublik.clmd 20170814
Zoner Trojan.Waski.A 20170814
Alibaba 20170811
Bkav 20170812
CMC 20170813
Kingsoft 20170814
SentinelOne (Static ML) 20170806
Symantec Mobile Insight 20170813
TrendMicro-HouseCall 20170814
Trustlook 20170814
Webroot 20170814
Zillya 20170811
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-07-31 07:43:04
Entry Point 0x00001996
Number of sections 3
PE sections
PE imports
GetStartupInfoA
GetModuleHandleA
HeapAlloc
CloseHandle
GetVersionExA
LoadLibraryA
GetProcessHeap
DrawTextA
CreateWindowExA
RegisterClassA
UpdateWindow
TrackPopupMenu
GetWindowRect
SetCapture
EndPaint
BeginPaint
PostMessageA
GetDlgItemTextA
SendMessageA
GetWindowTextA
MessageBoxA
DispatchMessageA
TranslateAcceleratorA
DefWindowProcA
ShowWindow
GetKeyState
GetMessageA
SetCursor
Number of PE resources by type
RT_ICON 1
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 4
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

FileFlagsMask
0x0000

MachineType
Intel 386 or later, and compatibles

FileOS
Unknown (0x5)

TimeStamp
2013:07:31 08:43:04+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
5632

LinkerVersion
5.12

FileSubtype
0

ProductVersionNumber
1.0.0.2

FileTypeExtension
exe

InitializedDataSize
12800

SubsystemVersion
4.0

ImageVersion
2.1

OSVersion
4.0

FileVersionNumber
1.0.0.2

EntryPoint
0x1996

UninitializedDataSize
0

ObjectFileType
Executable application

File identification
MD5 09cd9eb12effac3a5e9bcb83673d9807
SHA1 baad2cf8a7d25ffa752fccea7575b13009e19a12
SHA256 74f539fae25299555afbc1a090d639fe2eb5db123226cc4b39a27ae1e3a6278d
ssdeep
192:gkNUhM5KAPWgLzfaWB27kOLd0R0XAsqSHrAdpA/4WBP82e1q92G:gkNDkPL40XAsBHrAdQ4WBP82wU2G

authentihash 2e190285d368207c10ee11e4577ed845f22c80bba3a9bb3cf9dea5419dae0c22
imphash f05eb749a5202c19233659e352176ac2
File size 19.0 KB ( 19456 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.3%)
Win32 Executable (generic) (26.2%)
Win16/32 Executable Delphi generic (12.0%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2014-04-23 17:04:20 UTC ( 3 years, 6 months ago )
Last submission 2016-06-12 20:47:58 UTC ( 1 year, 4 months ago )
File names FAX975009.exe
FAX975009.exe-
09CD9EB12EFFAC3A5E9BCB83673D9807
09cd9eb12effac3a5e9bcb83673d9807.scr
c-40964-2999-1398273121
report_7492740375439754.scr
008492136
101.exe
file
file-6880601_exe-
FAX975009.scr
09cd9eb12effac3a5e9bcb83673d9807.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
UDP communications