× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 76f5cc93794620c1808077fef71b1a1d43b6b63a5d2b2e62c2f4af60f57f7bbb
File name: dc35b211b5eb5bd8af02c412e411d40e.be2e5d975614b968e33c3f93973c7759...
Detection ratio: 40 / 46
Analysis date: 2013-05-13 16:38:40 UTC ( 2 years, 3 months ago )
Antivirus Result Update
AVG Generic20.TUZ 20130513
Agnitum Trojan.FakeAV!VE2JPwgrtsE 20130513
AhnLab-V3 Trojan/Win32.FakeAV 20130513
AntiVir TR/Crypt.XPACK.Gen2 20130513
Avast Win32:MalOb-DO [Cryp] 20130513
BitDefender Trojan.Fakealert.20908 20130513
ByteHero Trojan.Win32.Heur.012 20130510
CAT-QuickHeal Trojan.FraudPack 20130513
ClamAV Trojan.Fakesec-123 20130513
Commtouch W32/FakeAlert.IF.gen!Eldorado 20130513
Comodo Packed.Win32.Krap.~IC 20130513
DrWeb Trojan.Fakealert.19447 20130513
ESET-NOD32 a variant of Win32/Kryptik.IGU 20130513
Emsisoft Trojan.Fakealert.20908 (B) 20130513
F-Prot W32/FakeAlert.IF.gen!Eldorado 20130513
F-Secure Trojan.Fakealert.20908 20130513
Fortinet W32/Katusha.R!tr 20130513
GData Trojan.Fakealert.20908 20130513
Ikarus Trojan.Win32.FakeAV 20130513
Jiangmin Trojan/Fakeav.cai 20130513
K7AntiVirus Riskware 20130513
K7GW Trojan 20130513
Kaspersky Packed.Win32.Krap.ic 20130513
Malwarebytes Rogue.SecurityTool 20130513
McAfee FakeAlert-SecurityTool.ab 20130513
McAfee-GW-Edition FakeAlert-SecurityTool.ab 20130513
MicroWorld-eScan Trojan.Fakealert.20908 20130513
Microsoft Rogue:Win32/Winwebsec 20130513
Norman Suspicious_Gen2.FBBUZ 20130513
PCTools SecurityToolFraud!Gen4 20130513
Panda Trj/CI.A 20130513
Sophos Mal/FakeAV-EE 20130513
Symantec SecurityToolFraud!Gen4 20130513
TheHacker Trojan/FakeAV.ven 20130513
TotalDefense Win32/FraudSecurityTool.N!generi 20130513
TrendMicro TROJ_FAKEAV.SMCG 20130513
TrendMicro-HouseCall TROJ_FAKEAV.SMCG 20130513
VBA32 Trojan.FakeAV.0997 20130513
VIPRE VirTool.Win32.Obfuscator.ah!e (v) 20130513
nProtect Trojan/W32.FakeAV.1240064 20130513
Antiy-AVL 20130513
Kingsoft 20130506
NANO-Antivirus 20130513
SUPERAntiSpyware 20130513
ViRobot 20130513
eSafe 20130513
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2001-05-24 17:15:12
Entry Point 0x0009535D
Number of sections 3
PE sections
PE imports
GetTokenInformation
SetSecurityDescriptorDacl
RegFlushKey
RegCloseKey
OpenProcessToken
RegQueryValueExA
GetSecurityDescriptorDacl
AllocateAndInitializeSid
InitializeSecurityDescriptor
OpenThreadToken
ControlService
InitializeAcl
EqualSid
GetAce
WriteEncryptedFileRaw
CheckTokenMembership
ImageList_ReplaceIcon
DestroyPropertySheetPage
InitCommonControlsEx
Polygon
CreateRectRgn
PatBlt
CreateBitmap
SelectObject
CombineRgn
GetMapMode
CreateCompatibleDC
DeleteObject
CreateCompatibleBitmap
Rectangle
GetLastError
HeapFree
EnterCriticalSection
ReleaseMutex
HeapCreate
FileTimeToSystemTime
SetTapeParameters
GetTapeStatus
FreeLibrary
LoadLibraryA
LockFile
SystemTimeToTzSpecificLocalTime
GetCurrentProcess
SystemTimeToFileTime
LockResource
SetFileTime
GetProcessHeaps
GetCurrentDirectoryA
UnhandledExceptionFilter
MultiByteToWideChar
BackupWrite
GetProcAddress
GetCurrentThread
OpenMutexA
CreateMutexA
WriteTapemark
ReleaseSemaphore
GetModuleHandleA
ReadFile
GlobalFree
SetUnhandledExceptionFilter
CloseHandle
GetSystemTimeAsFileTime
ExitThread
GetVersion
LocalFree
TerminateProcess
DeviceIoControl
InitializeCriticalSection
LoadResource
LocalFileTimeToFileTime
GetTapePosition
SetEndOfFile
BackupSeek
GetCurrentThreadId
GetProcessHeap
VirtualAlloc
_purecall
__wgetmainargs
_putenv
wprintf
fread
_wcsnicmp
__dllonexit
_mbslen
_wcslwr
wcstok
_wcsupr
fflush
_getpid
_cexit
_wcsdup
_c_exit
clearerr
_errno
fseek
_tzset
_onexit
wcslen
ftell
isalpha
exit
_ftol
_filelength
_local_unwind2
wcsrchr
_wcmdln
_adjust_fdiv
__CxxFrameHandler
_wcsicmp
_fdopen
fclose
__p__commode
_wcsrev
free
_CxxThrowException
wcsncmp
_except_handler3
calloc
_open_osfhandle
realloc
_snwprintf
memmove
swscanf
wcscpy
swprintf
time
_controlfp
localtime
__set_app_type
NetApiBufferSize
NetServerEnum
NetShareGetInfo
isdigit
NtQueryQuotaInformationFile
wcscspn
_aulldvrm
NtSetQuotaInformationFile
CoInitializeEx
CoUninitialize
CoCreateGuid
CoCreateInstance
CoInitializeSecurity
CoTaskMemFree
StringFromGUID2
SetupCloseInfFile
SetupFindNextLine
SHGetSpecialFolderLocation
SHGetMalloc
SHGetDesktopFolder
GetMessageA
GetParent
UpdateWindow
CreateIconIndirect
PostQuitMessage
DefWindowProcA
ShowWindow
LockSetForegroundWindow
SetWindowPos
GetWindowThreadProcessId
IsWindow
DispatchMessageA
EnableWindow
WindowFromPoint
ChildWindowFromPoint
TranslateMessage
CallNextHookEx
GetDC
RegisterClassExA
GetAsyncKeyState
ReleaseDC
GetIconInfo
GetMenu
SendMessageA
SetTimer
GetDlgItem
BringWindowToTop
IsIconic
ClientToScreen
DeleteMenu
InvalidateRect
GetSubMenu
CreateWindowExA
GetActiveWindow
CopyRect
InflateRect
GetFocus
FlashWindow
InvalidateRgn
ExitWindowsEx
DestroyWindow
Number of PE resources by type
RT_ICON 4
RT_GROUP_ICON 1
RT_VERSION 1
RT_RCDATA 1
Number of PE resources by language
ENGLISH US 7
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
137216

ImageVersion
25688.20368

FileVersionNumber
2.2.0.0

FileFlagsMask
0x0017

LinkerVersion
8.0

MIMEType
application/octet-stream

TimeStamp
2001:05:24 18:15:12+01:00

FileType
Win32 EXE

PEType
PE32

FileAccessDate
2013:05:13 17:46:23+01:00

SubsystemVersion
5.0

OSVersion
2.2

FileCreateDate
2013:05:13 17:46:23+01:00

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
1101312

FileSubtype
0

ProductVersionNumber
2.2.0.0

EntryPoint
0x9535d

ObjectFileType
Unknown

File identification
MD5 dc35b211b5eb5bd8af02c412e411d40e
SHA1 be2e5d975614b968e33c3f93973c775955d8aea9
SHA256 76f5cc93794620c1808077fef71b1a1d43b6b63a5d2b2e62c2f4af60f57f7bbb
ssdeep
24576:iVCuAinEtdfgrp6rQ7PdLKJ2uns08v1IE1cLnvjsqImGhCwle:iVSIkI4s0NjImG8wl

File size 1.2 MB ( 1240064 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (74.7%)
Win32 Executable (generic) (15.6%)
Generic Win/DOS Executable (4.7%)
DOS Executable Generic (4.7%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe

VirusTotal metadata
First submission 2013-05-13 16:38:40 UTC ( 2 years, 3 months ago )
Last submission 2013-05-13 16:38:40 UTC ( 2 years, 3 months ago )
File names dc35b211b5eb5bd8af02c412e411d40e.be2e5d975614b968e33c3f93973c775955d8aea9
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Set keys
Created processes
Shell commands
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
HTTP requests
TCP connections
UDP communications