× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 7554d2fd08ce45964d0eca49b6b99f26b72b86c130ffa75aad05889faea688d5
File name: IkaEWNv9c
Detection ratio: 50 / 68
Analysis date: 2018-08-03 10:52:04 UTC ( 3 months, 2 weeks ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Symmi.17175 20180803
AegisLab Troj.W32.Generic!c 20180803
AhnLab-V3 Trojan/Win32.Llac.R129054 20180803
ALYac Gen:Variant.Symmi.17175 20180803
Antiy-AVL Trojan/Win32.AGeneric 20180803
Arcabit Trojan.Symmi.D4317 20180803
Avast Win32:Agent-AULZ [Trj] 20180802
AVG Win32:Agent-AULZ [Trj] 20180802
Avira (no cloud) TR/Dropper.VB.Gen2 20180803
AVware Trojan.Win32.Generic!BT 20180727
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9905 20180802
BitDefender Gen:Variant.Symmi.17175 20180803
CAT-QuickHeal Trojan.IGENERIC 20180803
ClamAV Win.Trojan.Agent-1150751 20180803
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20180723
Cybereason malicious.130cc4 20180225
Cylance Unsafe 20180803
Cyren W32/Trojan.VPKO-3890 20180803
Emsisoft Gen:Variant.Symmi.17175 (B) 20180803
Endgame malicious (high confidence) 20180730
ESET-NOD32 Win32/Spy.Zbot.AAO 20180803
F-Secure Gen:Variant.Symmi.17175 20180803
Fortinet W32/Generic.AAO!tr 20180803
GData Gen:Variant.Symmi.17175 20180803
Ikarus Trojan.Win32.Armadillo 20180803
Sophos ML heuristic 20180717
Jiangmin Trojan/Generic.biycb 20180803
K7AntiVirus Spyware ( 0029a43a1 ) 20180803
K7GW Spyware ( 0029a43a1 ) 20180803
Kaspersky Trojan.Win32.Generic 20180803
MAX malware (ai score=82) 20180803
McAfee Artemis!4BA58E1130CC 20180803
McAfee-GW-Edition BehavesLike.Win32.Dropper.vc 20180803
Microsoft Trojan:Win32/Malagent!gmb 20180803
eScan Gen:Variant.Symmi.17175 20180803
NANO-Antivirus Trojan.Win32.Barys.dcydrs 20180803
Palo Alto Networks (Known Signatures) generic.ml 20180803
Panda Trj/Chgt.B 20180802
Qihoo-360 Win32/Trojan.e6d 20180803
Rising Spyware.Zbot!8.16B (CLOUD) 20180803
Sophos AV Mal/Generic-S 20180803
Symantec ML.Attribute.HighConfidence 20180803
Tencent Win32.Trojan-spy.Zbot.Pftl 20180803
TrendMicro TSPY_ZBOT.YYSJ 20180803
TrendMicro-HouseCall TSPY_ZBOT.YYSJ 20180803
VIPRE Trojan.Win32.Generic!BT 20180803
ViRobot Trojan.Win32.Z.Symmi.2098176.A 20180803
Webroot W32.Malware.Heur 20180803
Yandex Trojan.Agent!sTHm1b5IcRU 20180803
ZoneAlarm by Check Point Trojan.Win32.Generic 20180803
Alibaba 20180713
Avast-Mobile 20180802
Babable 20180725
Bkav 20180803
CMC 20180803
Comodo 20180803
DrWeb 20180803
eGambit 20180803
F-Prot 20180803
Kingsoft 20180803
Malwarebytes 20180803
SentinelOne (Static ML) 20180701
SUPERAntiSpyware 20180803
Symantec Mobile Insight 20180801
TACHYON 20180803
TheHacker 20180802
TotalDefense 20180803
Trustlook 20180803
VBA32 20180802
Zillya 20180802
Zoner 20180803
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
niLNtATb

Product IVuuW
Original name IkaEWNv9c.exe
Internal name IkaEWNv9c
File version 1.06.0008
Description Hkxt
Comments AYpQqCy
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-04-26 17:17:42
Entry Point 0x000860BE
Number of sections 7
PE sections
Overlays
MD5 c3f01472d32cdd38d06db45b1d0528dc
File type data
Offset 2097152
Size 1024
Entropy 7.81
PE imports
GetOpenFileNameA
GetSaveFileNameA
CreateDCA
DeleteDC
SelectObject
CreatePalette
CreateDIBitmap
SelectPalette
BitBlt
CreateCompatibleDC
DeleteObject
RealizePalette
FreeConsole
ReleaseMutex
WaitForSingleObject
HeapDestroy
SetFileTime
GetFileAttributesW
GetLocalTime
GetStdHandle
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
SetErrorMode
FreeEnvironmentStringsW
GetThreadContext
GetLocaleInfoW
SetStdHandle
GetFileTime
GetTempPathA
WideCharToMultiByte
WaitForDebugEvent
InterlockedExchange
GetTempPathW
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
GetOEMCP
LocalFree
MoveFileA
ResumeThread
GetExitCodeProcess
GetEnvironmentVariableA
OutputDebugStringW
FindClose
TlsGetValue
FormatMessageA
GetFullPathNameW
OutputDebugStringA
SetLastError
DeviceIoControl
InitializeCriticalSection
CopyFileW
WriteProcessMemory
GetModuleFileNameW
IsDebuggerPresent
ExitProcess
FlushFileBuffers
GetModuleFileNameA
EnumSystemLocalesA
GetPrivateProfileStringA
SetConsoleCtrlHandler
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
FatalAppExitA
SetFilePointerEx
CreateMutexA
GetModuleHandleA
GlobalAddAtomW
CreateDirectoryExW
CreateThread
MoveFileExW
GlobalAddAtomA
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
SetEnvironmentVariableA
SetThreadContext
TerminateProcess
SetCurrentDirectoryW
GlobalAlloc
DebugActiveProcess
SearchPathA
VirtualQueryEx
SetEndOfFile
GetCurrentThreadId
InterlockedIncrement
WriteConsoleW
AreFileApisANSI
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
LoadLibraryW
GlobalGetAtomNameW
FreeLibrary
QueryPerformanceCounter
GetTickCount
TlsAlloc
VirtualProtect
GetVersionExA
LoadLibraryA
RtlUnwind
GetStartupInfoA
GetDateFormatA
GetFileSize
LCMapStringW
DeleteFileA
GetWindowsDirectoryA
GetStartupInfoW
ReadProcessMemory
SetEvent
DeleteFileW
GetUserDefaultLCID
VirtualProtectEx
GetProcessHeap
GetTempFileNameW
CompareStringW
RemoveDirectoryW
GetFileInformationByHandle
FindNextFileW
CreateDirectoryW
GetTimeFormatA
GetTempFileNameA
CreateFileMappingA
FindFirstFileW
IsValidLocale
DuplicateHandle
GetProcAddress
GetTimeZoneInformation
CreateFileW
CreateEventA
GetFileType
TlsSetValue
CreateFileA
HeapAlloc
LeaveCriticalSection
GetLastError
GlobalDeleteAtom
GetShortPathNameW
HeapCreate
GlobalFree
GetConsoleCP
GlobalGetAtomNameA
GetEnvironmentStringsW
GlobalUnlock
GetShortPathNameA
GetCurrentDirectoryW
WritePrivateProfileStringA
GetCurrentProcessId
GetDiskFreeSpaceExW
ContinueDebugEvent
GetCommandLineW
GetCPInfo
HeapSize
GetCommandLineA
InterlockedCompareExchange
GetCurrentThread
OpenMutexA
SuspendThread
RaiseException
MapViewOfFile
TlsFree
SetFilePointer
ReadFile
CloseHandle
GetACP
GlobalLock
GetModuleHandleW
GetFileAttributesExW
CreateProcessA
IsValidCodePage
UnmapViewOfFile
WriteFile
Sleep
IsBadReadPtr
SetThreadPriority
VirtualAlloc
SHGetSpecialFolderPathA
GetMessageA
PackDDElParam
UpdateWindow
SetPropA
BeginPaint
EnumWindows
DefWindowProcW
CreateDialogIndirectParamA
KillTimer
FindWindowA
DefWindowProcA
ShowWindow
GetPropA
GetWindowThreadProcessId
FreeDDElParam
GetSystemMetrics
IsWindow
DispatchMessageA
EndPaint
PostMessageA
MoveWindow
MessageBoxA
PeekMessageA
TranslateMessage
DialogBoxParamA
PostMessageW
RegisterClassExA
GetAsyncKeyState
DrawTextA
SetWindowTextA
SendMessageW
LoadStringA
RegisterClassW
SendMessageA
LoadStringW
SetTimer
GetDlgItem
CreateDialogParamA
RegisterClassA
InSendMessage
GetWindowTextLengthA
CreateWindowExA
LoadCursorA
DefDlgProcA
EnumThreadWindows
WaitForInputIdle
GetDesktopWindow
IsWindowUnicode
UnpackDDElParam
CreateWindowExW
GetWindowTextA
DestroyWindow
Number of PE resources by type
RT_ICON 3
KXNGVFQ 3
RT_GROUP_ICON 1
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 5
NEUTRAL 4
PE resources
ExifTool file metadata
CodeSize
819200

SubsystemVersion
4.0

Comments
AYpQqCy

LinkerVersion
83.82

ImageVersion
1.6

FileSubtype
0

FileVersionNumber
1.6.0.8

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

FileDescription
Hkxt

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

CharacterSet
Unicode

InitializedDataSize
1273856

EntryPoint
0x860be

OriginalFileName
IkaEWNv9c.exe

MIMEType
application/octet-stream

LegalCopyright
niLNtATb

FileVersion
1.06.0008

TimeStamp
2013:04:26 18:17:42+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
IkaEWNv9c

ProductVersion
1.06.0008

UninitializedDataSize
0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
chepH

LegalTrademarks
MRCJQg

ProductName
IVuuW

ProductVersionNumber
1.6.0.8

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 4ba58e1130cc46be447b54c03c4b1df4
SHA1 0d2478e712cca794d98ac621a2edc355e87002fa
SHA256 7554d2fd08ce45964d0eca49b6b99f26b72b86c130ffa75aad05889faea688d5
ssdeep
49152:oC8knk1m+fDwSoTv3P2HoeYgedk+PhO+gejlPgkt9:oC8knk1mg+/2HP+k+Q+pgkt9

authentihash 86b5de9459a0c6db2485e0d7d78f96b216afbb09826c97ccb016516951a2b53b
imphash a9dfa3363d8e044cb38536d273bb593d
File size 2.0 MB ( 2098176 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable (generic) (52.9%)
Generic Win/DOS Executable (23.5%)
DOS Executable Generic (23.5%)
Tags
peexe overlay

VirusTotal metadata
First submission 2014-08-19 01:35:51 UTC ( 4 years, 3 months ago )
Last submission 2014-08-19 01:35:51 UTC ( 4 years, 3 months ago )
File names IkaEWNv9c
IkaEWNv9c.exe
vt-upload-XHTMZ
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Hooking activity
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.