× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 74f539fae25299555afbc1a090d639fe2eb5db123226cc4b39a27ae1e3a6278d
File name: FAX975009.scr
Detection ratio: 59 / 61
Analysis date: 2017-04-29 21:22:18 UTC ( 3 weeks, 5 days ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKD.1652103 20170429
AegisLab Troj.W32.Bublik.lXQH 20170429
AhnLab-V3 Trojan/Win32.Zbot.C323211 20170429
ALYac Trojan.GenericKD.1652103 20170429
Antiy-AVL Trojan/Win32.Bublik 20170429
Arcabit Trojan.Generic.D193587 20170429
Avast Win32:Trojan-gen 20170429
AVG Downloader.Generic13.CCCX 20170429
Avira (no cloud) TR/Necurs.H.1 20170429
AVware Win32.Malware!Drop 20170429
Baidu Win32.Trojan-Downloader.Waski.a 20170428
BitDefender Trojan.GenericKD.1652103 20170429
CAT-QuickHeal Downloader.Upatre.19948 20170429
ClamAV Win.Trojan.Generickd-551 20170429
Comodo TrojWare.Win32.Kryptik.CBXB 20170429
CrowdStrike Falcon (ML) malicious_confidence_67% (W) 20170130
Cyren W32/Trojan.AZAS-5859 20170429
DrWeb Trojan.DownLoad3.28161 20170429
Emsisoft Trojan.GenericKD.1652103 (B) 20170429
Endgame malicious (high confidence) 20170419
ESET-NOD32 Win32/TrojanDownloader.Waski.A 20170429
F-Prot W32/Trojan2.ODVY 20170429
F-Secure Trojan.GenericKD.1652103 20170429
Fortinet W32/Agent.SQW!tr 20170429
GData Win32.Trojan.Agent.A5J836 20170429
Ikarus Trojan-Spy.Zbot 20170429
Invincea generic.a 20170413
Jiangmin Trojan/Bublik.hbe 20170428
K7AntiVirus Trojan-Downloader ( 0040f7f11 ) 20170429
K7GW Trojan-Downloader ( 0040f7f11 ) 20170426
Kaspersky Trojan.Win32.Bublik.clmd 20170429
Malwarebytes Trojan.Downloader.UPT 20170429
McAfee Generic.sj 20170429
McAfee-GW-Edition BehavesLike.Win32.Downloader.lm 20170429
Microsoft TrojanDownloader:Win32/Upatre.AA 20170429
eScan Trojan.GenericKD.1652103 20170429
NANO-Antivirus Trojan.Win32.Bublik.cxanxn 20170429
nProtect Trojan/W32.Bublik.19456.I 20170429
Palo Alto Networks (Known Signatures) generic.ml 20170429
Panda Trj/WLT.A 20170429
Qihoo-360 HEUR/Malware.QVM20.Gen 20170429
Rising Trojan.Generic (cloud:EqXx89NlBtP) 20170429
SentinelOne (Static ML) static engine - malicious 20170330
Sophos Troj/Zbot-IEA 20170429
SUPERAntiSpyware Trojan.Agent/Gen-Necurs 20170429
Symantec Trojan.Zbot 20170429
Tencent Win32.Trojan.Bublik.Hzh 20170429
TheHacker Trojan/Downloader.Waski.a 20170429
TotalDefense Win32/Upatre.EdVdXFC 20170426
TrendMicro TROJ_UPATRE.AAN 20170429
TrendMicro-HouseCall TROJ_UPATRE.AAN 20170429
VBA32 Trojan.Bublik 20170429
VIPRE Win32.Malware!Drop 20170429
ViRobot Trojan.Win32.Zbot.19456.B[h] 20170429
Webroot W32.Rogue.Gen 20170429
Yandex Trojan.DL.Waski! 20170428
Zillya Trojan.Bublik.Win32.13675 20170428
ZoneAlarm by Check Point Trojan.Win32.Bublik.clmd 20170429
Zoner Trojan.Waski.A 20170429
Alibaba 20170428
CMC 20170427
Kingsoft 20170429
Symantec Mobile Insight 20170428
Trustlook 20170429
WhiteArmor 20170409
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-07-31 07:43:04
Entry Point 0x00001996
Number of sections 3
PE sections
PE imports
GetStartupInfoA
GetModuleHandleA
HeapAlloc
CloseHandle
GetVersionExA
LoadLibraryA
GetProcessHeap
DrawTextA
CreateWindowExA
RegisterClassA
UpdateWindow
TrackPopupMenu
GetWindowRect
SetCapture
EndPaint
BeginPaint
PostMessageA
GetDlgItemTextA
SendMessageA
GetWindowTextA
MessageBoxA
DispatchMessageA
TranslateAcceleratorA
DefWindowProcA
ShowWindow
GetKeyState
GetMessageA
SetCursor
Number of PE resources by type
RT_ICON 1
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 4
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

FileFlagsMask
0x0000

MachineType
Intel 386 or later, and compatibles

FileOS
Unknown (0x5)

TimeStamp
2013:07:31 08:43:04+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
5632

LinkerVersion
5.12

FileSubtype
0

ProductVersionNumber
1.0.0.2

FileTypeExtension
exe

InitializedDataSize
12800

SubsystemVersion
4.0

ImageVersion
2.1

OSVersion
4.0

FileVersionNumber
1.0.0.2

EntryPoint
0x1996

UninitializedDataSize
0

ObjectFileType
Executable application

File identification
MD5 09cd9eb12effac3a5e9bcb83673d9807
SHA1 baad2cf8a7d25ffa752fccea7575b13009e19a12
SHA256 74f539fae25299555afbc1a090d639fe2eb5db123226cc4b39a27ae1e3a6278d
ssdeep
192:gkNUhM5KAPWgLzfaWB27kOLd0R0XAsqSHrAdpA/4WBP82e1q92G:gkNDkPL40XAsBHrAdQ4WBP82wU2G

authentihash 2e190285d368207c10ee11e4577ed845f22c80bba3a9bb3cf9dea5419dae0c22
imphash f05eb749a5202c19233659e352176ac2
File size 19.0 KB ( 19456 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.3%)
Win32 Executable (generic) (26.2%)
Win16/32 Executable Delphi generic (12.0%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2014-04-23 17:04:20 UTC ( 3 years, 1 month ago )
Last submission 2016-06-12 20:47:58 UTC ( 11 months, 2 weeks ago )
File names FAX975009.exe
FAX975009.exe-
09CD9EB12EFFAC3A5E9BCB83673D9807
09cd9eb12effac3a5e9bcb83673d9807.scr
c-40964-2999-1398273121
report_7492740375439754.scr
008492136
101.exe
file
file-6880601_exe-
FAX975009.scr
09cd9eb12effac3a5e9bcb83673d9807.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
UDP communications