× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 74f539fae25299555afbc1a090d639fe2eb5db123226cc4b39a27ae1e3a6278d
File name: 008492136
Detection ratio: 52 / 56
Analysis date: 2015-06-12 12:36:25 UTC ( 3 weeks, 3 days ago )
Antivirus Result Update
ALYac Trojan.GenericKD.1652103 20150612
AVG Downloader.Generic13.CCCX 20150612
AVware Win32.Malware!Drop 20150612
Ad-Aware Trojan.GenericKD.1652103 20150612
Agnitum Trojan.DL.Waski! 20150611
AhnLab-V3 Trojan/Win32.Zbot 20150612
Antiy-AVL Trojan/Win32.Bublik 20150612
Arcabit Trojan.Generic.D193587 20150612
Avast Win32:Trojan-gen 20150612
Avira TR/Necurs.H.1 20150612
Baidu-International Trojan.Win32.Bublik.clmd 20150612
BitDefender Trojan.GenericKD.1652103 20150612
CAT-QuickHeal TrojanDownloader.Upatre.rw3 20150612
ClamAV Win.Trojan.Generickd-567 20150611
Comodo TrojWare.Win32.Kryptik.CBXB 20150612
Cyren W32/Trojan.AZAS-5859 20150612
DrWeb Trojan.DownLoad3.28161 20150612
ESET-NOD32 Win32/TrojanDownloader.Waski.A 20150612
Emsisoft Trojan.GenericKD.1652103 (B) 20150612
F-Prot W32/Trojan2.ODVY 20150612
F-Secure Trojan.GenericKD.1652103 20150612
Fortinet W32/Agent.SQW!tr 20150612
GData Trojan.GenericKD.1652103 20150612
Ikarus Trojan-Spy.Zbot 20150612
Jiangmin Trojan/Bublik.lzs 20150610
K7AntiVirus Trojan-Downloader ( 0040f7f11 ) 20150612
K7GW Trojan-Downloader ( 0040f7f11 ) 20150612
Kaspersky Trojan.Win32.Bublik.clmd 20150612
Kingsoft Win32.Troj.Undef.(kcloud) 20150612
Malwarebytes Trojan.Downloader.UPT 20150612
McAfee Generic.sj 20150612
McAfee-GW-Edition BehavesLike.Win32.Downloader.lm 20150612
MicroWorld-eScan Trojan.GenericKD.1652103 20150612
Microsoft TrojanDownloader:Win32/Upatre.AA 20150612
NANO-Antivirus Trojan.Win32.Bublik.cxanxn 20150612
Panda Trj/WLT.A 20150612
Qihoo-360 HEUR/Malware.QVM20.Gen 20150612
Rising PE:Trojan.Win32.Generic.16B6A74C!381069132 20150612
SUPERAntiSpyware Trojan.Agent/Gen-Necurs 20150612
Sophos Troj/Zbot-IEA 20150612
Symantec Trojan.Zbot 20150612
Tencent Trojan.Win32.YY.Gen.3 20150612
TheHacker Trojan/Downloader.Waski.a 20150611
TotalDefense Win32/Upatre.EdVdXFC 20150612
TrendMicro TROJ_UPATRE.AAN 20150612
TrendMicro-HouseCall TROJ_UPATRE.AAN 20150612
VBA32 Trojan.Bublik 20150612
VIPRE Win32.Malware!Drop 20150612
ViRobot Trojan.Win32.Zbot.19456.B[h] 20150612
Zillya Trojan.Bublik.Win32.13675 20150611
Zoner Trojan.Waski.A 20150612
nProtect Trojan/W32.Bublik.19456.I 20150612
AegisLab 20150612
Bkav 20150612
ByteHero 20150612
CMC 20150610
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-07-31 07:43:04
Link date 8:43 AM 7/31/2013
Entry Point 0x00001996
Number of sections 3
PE sections
PE imports
GetStartupInfoA
GetModuleHandleA
HeapAlloc
CloseHandle
GetVersionExA
LoadLibraryA
GetProcessHeap
DrawTextA
CreateWindowExA
RegisterClassA
UpdateWindow
TrackPopupMenu
GetWindowRect
SetCapture
EndPaint
BeginPaint
PostMessageA
GetDlgItemTextA
SendMessageA
GetWindowTextA
MessageBoxA
DispatchMessageA
TranslateAcceleratorA
DefWindowProcA
ShowWindow
GetKeyState
GetMessageA
SetCursor
Number of PE resources by type
RT_ICON 1
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 4
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

FileFlagsMask
0x0000

MachineType
Intel 386 or later, and compatibles

FileOS
Unknown (0x5)

TimeStamp
2013:07:31 08:43:04+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
5632

LinkerVersion
5.12

FileSubtype
0

ProductVersionNumber
1.0.0.2

FileTypeExtension
exe

InitializedDataSize
12800

SubsystemVersion
4.0

ImageVersion
2.1

OSVersion
4.0

FileVersionNumber
1.0.0.2

EntryPoint
0x1996

UninitializedDataSize
0

ObjectFileType
Executable application

File identification
MD5 09cd9eb12effac3a5e9bcb83673d9807
SHA1 baad2cf8a7d25ffa752fccea7575b13009e19a12
SHA256 74f539fae25299555afbc1a090d639fe2eb5db123226cc4b39a27ae1e3a6278d
ssdeep
192:gkNUhM5KAPWgLzfaWB27kOLd0R0XAsqSHrAdpA/4WBP82e1q92G:gkNDkPL40XAsBHrAdQ4WBP82wU2G

authentihash 2e190285d368207c10ee11e4577ed845f22c80bba3a9bb3cf9dea5419dae0c22
imphash f05eb749a5202c19233659e352176ac2
File size 19.0 KB ( 19456 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.3%)
Win32 Executable (generic) (26.2%)
Win16/32 Executable Delphi generic (12.0%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2014-04-23 17:04:20 UTC ( 1 year, 2 months ago )
Last submission 2015-06-12 12:36:25 UTC ( 3 weeks, 3 days ago )
File names FAX975009.exe
FAX975009.exe-
09CD9EB12EFFAC3A5E9BCB83673D9807
09cd9eb12effac3a5e9bcb83673d9807.scr
c-40964-2999-1398273121
report_7492740375439754.scr
008492136
101.exe
file
file-6880601_exe-
FAX975009.scr
09cd9eb12effac3a5e9bcb83673d9807.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
UDP communications