× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 74f539fae25299555afbc1a090d639fe2eb5db123226cc4b39a27ae1e3a6278d
File name: 008492136
Detection ratio: 53 / 57
Analysis date: 2016-04-26 19:09:56 UTC ( 1 month ago )
Antivirus Result Update
ALYac Trojan.GenericKD.1652103 20160426
AVG Downloader.Generic13.CCCX 20160426
AVware Win32.Malware!Drop 20160426
Ad-Aware Trojan.GenericKD.1652103 20160426
AegisLab Troj.W32.Bublik.lXQH 20160426
AhnLab-V3 Trojan/Win32.Zbot 20160426
Antiy-AVL Trojan/Win32.Bublik 20160426
Arcabit Trojan.Generic.D193587 20160426
Avast Win32:Trojan-gen 20160426
Avira (no cloud) TR/Necurs.H.1 20160426
Baidu Win32.Trojan-Downloader.Waski.a 20160426
Baidu-International Trojan.Win32.Bublik.clmd 20160426
BitDefender Trojan.GenericKD.1652103 20160426
CAT-QuickHeal Downloader.Upatre.018846 20160426
ClamAV Win.Trojan.Generickd-551 20160426
Comodo TrojWare.Win32.Kryptik.CBXB 20160426
Cyren W32/Trojan.AZAS-5859 20160426
DrWeb Trojan.DownLoad3.28161 20160426
ESET-NOD32 Win32/TrojanDownloader.Waski.A 20160426
Emsisoft Trojan.GenericKD.1652103 (B) 20160426
F-Prot W32/Trojan2.ODVY 20160426
F-Secure Trojan.GenericKD.1652103 20160426
Fortinet W32/Agent.SQW!tr 20160425
GData Trojan.GenericKD.1652103 20160426
Ikarus Trojan-Spy.Zbot 20160426
Jiangmin Trojan/Bublik.hbe 20160426
K7AntiVirus Trojan-Downloader ( 0040f7f11 ) 20160426
K7GW Trojan-Downloader ( 0040f7f11 ) 20160426
Kaspersky Trojan.Win32.Bublik.clmd 20160426
Malwarebytes Trojan.Downloader.UPT 20160426
McAfee Generic.sj 20160426
McAfee-GW-Edition BehavesLike.Win32.Downloader.lm 20160426
eScan Trojan.GenericKD.1652103 20160426
Microsoft TrojanDownloader:Win32/Upatre.AA 20160426
NANO-Antivirus Trojan.Win32.Bublik.cxanxn 20160426
Panda Trj/WLT.A 20160426
Qihoo-360 HEUR/Malware.QVM20.Gen 20160426
Rising Trojan.DL.Win32.Upatre.aab 20160426
SUPERAntiSpyware Trojan.Agent/Gen-Necurs 20160426
Sophos Troj/Zbot-IEA 20160426
Symantec Trojan.Zbot 20160426
Tencent Win32.Trojan.Bublik.Hzh 20160426
TheHacker Trojan/Downloader.Waski.a 20160426
TotalDefense Win32/Upatre.EdVdXFC 20160426
TrendMicro TROJ_UPATRE.AAN 20160426
TrendMicro-HouseCall TROJ_UPATRE.AAN 20160426
VBA32 Trojan.Bublik 20160425
VIPRE Win32.Malware!Drop 20160426
ViRobot Trojan.Win32.Zbot.19456.B[h] 20160426
Yandex Trojan.DL.Waski! 20160426
Zillya Trojan.Bublik.Win32.13675 20160426
Zoner Trojan.Waski.A 20160426
nProtect Trojan/W32.Bublik.19456.I 20160426
Alibaba 20160426
Bkav 20160426
CMC 20160425
Kingsoft 20160426
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-07-31 07:43:04
Entry Point 0x00001996
Number of sections 3
PE sections
PE imports
GetStartupInfoA
GetModuleHandleA
HeapAlloc
CloseHandle
GetVersionExA
LoadLibraryA
GetProcessHeap
DrawTextA
CreateWindowExA
RegisterClassA
UpdateWindow
TrackPopupMenu
GetWindowRect
SetCapture
EndPaint
BeginPaint
PostMessageA
GetDlgItemTextA
SendMessageA
GetWindowTextA
MessageBoxA
DispatchMessageA
TranslateAcceleratorA
DefWindowProcA
ShowWindow
GetKeyState
GetMessageA
SetCursor
Number of PE resources by type
RT_ICON 1
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 4
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

FileFlagsMask
0x0000

MachineType
Intel 386 or later, and compatibles

FileOS
Unknown (0x5)

TimeStamp
2013:07:31 08:43:04+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
5632

LinkerVersion
5.12

FileSubtype
0

ProductVersionNumber
1.0.0.2

FileTypeExtension
exe

InitializedDataSize
12800

SubsystemVersion
4.0

ImageVersion
2.1

OSVersion
4.0

FileVersionNumber
1.0.0.2

EntryPoint
0x1996

UninitializedDataSize
0

ObjectFileType
Executable application

File identification
MD5 09cd9eb12effac3a5e9bcb83673d9807
SHA1 baad2cf8a7d25ffa752fccea7575b13009e19a12
SHA256 74f539fae25299555afbc1a090d639fe2eb5db123226cc4b39a27ae1e3a6278d
ssdeep
192:gkNUhM5KAPWgLzfaWB27kOLd0R0XAsqSHrAdpA/4WBP82e1q92G:gkNDkPL40XAsBHrAdQ4WBP82wU2G

authentihash 2e190285d368207c10ee11e4577ed845f22c80bba3a9bb3cf9dea5419dae0c22
imphash f05eb749a5202c19233659e352176ac2
File size 19.0 KB ( 19456 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.3%)
Win32 Executable (generic) (26.2%)
Win16/32 Executable Delphi generic (12.0%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2014-04-23 17:04:20 UTC ( 2 years, 1 month ago )
Last submission 2015-06-12 12:36:25 UTC ( 11 months, 3 weeks ago )
File names FAX975009.exe
FAX975009.exe-
09CD9EB12EFFAC3A5E9BCB83673D9807
09cd9eb12effac3a5e9bcb83673d9807.scr
c-40964-2999-1398273121
report_7492740375439754.scr
008492136
101.exe
file
file-6880601_exe-
FAX975009.scr
09cd9eb12effac3a5e9bcb83673d9807.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
UDP communications