× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 77239513413e26259e249ab1ad8a7b47c24fa51ae12c9459eea43bb795247a31
File name: 42.exe
Detection ratio: 5 / 57
Analysis date: 2015-04-02 12:35:13 UTC ( 2 years, 1 month ago ) View latest
Antivirus Result Update
ESET-NOD32 Win32/Dridex.M 20150402
Kaspersky UDS:DangerousObject.Multi.Generic 20150402
Norman Kryptik.CFBH 20150402
Tencent Trojan.Win32.Qudamah.Gen.24 20150402
TrendMicro-HouseCall Suspicious_GEN.F47V0402 20150402
Ad-Aware 20150402
AegisLab 20150402
Yandex 20150401
AhnLab-V3 20150402
Alibaba 20150402
ALYac 20150402
Antiy-AVL 20150402
Avast 20150402
AVG 20150402
Avira (no cloud) 20150402
AVware 20150402
Baidu-International 20150402
BitDefender 20150402
Bkav 20150402
ByteHero 20150402
CAT-QuickHeal 20150402
ClamAV 20150401
CMC 20150402
Comodo 20150402
Cyren 20150402
DrWeb 20150402
Emsisoft 20150402
F-Prot 20150401
F-Secure 20150402
Fortinet 20150402
GData 20150402
Ikarus 20150402
Jiangmin 20150401
K7AntiVirus 20150402
K7GW 20150402
Kingsoft 20150402
Malwarebytes 20150402
McAfee 20150402
McAfee-GW-Edition 20150401
Microsoft 20150402
eScan 20150402
NANO-Antivirus 20150402
nProtect 20150402
Panda 20150401
Qihoo-360 20150402
Rising 20150402
Sophos 20150402
SUPERAntiSpyware 20150402
Symantec 20150402
TheHacker 20150401
TotalDefense 20150402
TrendMicro 20150402
VBA32 20150402
VIPRE 20150402
ViRobot 20150402
Zillya 20150402
Zoner 20150402
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2006-10-09 13:23:19
Entry Point 0x0000E006
Number of sections 3
PE sections
Overlays
MD5 f7e4ce3d6b9da09cc03722bd7a368ab6
File type data
Offset 77824
Size 53535
Entropy 7.00
PE imports
LsaSetTrustedDomainInformation
ImageList_Create
PlgBlt
ImmGetVirtualKey
DefineDosDeviceW
GetSystemTimeAsFileTime
FlushConsoleInputBuffer
CreateMutexA
GlobalFindAtomA
DefineDosDeviceA
GetVersionExA
GetEnvironmentStringsW
GlobalUnlock
FlushViewOfFile
GetSystemDirectoryA
DisconnectNamedPipe
GetStartupInfoA
FileTimeToDosDateTime
GetCurrentDirectoryW
AddAtomA
GetStartupInfoW
GetFileInformationByHandle
GlobalLock
GetPrivateProfileStringW
GetProcessHeap
GetFileTime
FindResourceExA
GetModuleHandleA
ConvertDefaultLocale
GetTimeFormatA
FreeConsole
GetACP
GetModuleHandleW
FileTimeToLocalFileTime
GetPrivateProfileSectionW
GetLongPathNameW
FreeLibraryAndExitThread
GetNumberFormatA
CreateFileW
AllocConsole
FormatMessageA
GetFullPathNameW
ExitProcess
GetNumberFormatW
_except_handler3
__p__fmode
_acmdln
_exit
_adjust_fdiv
_controlfp
exit
_XcptFilter
__getmainargs
_initterm
__setusermatherr
__p__commode
__set_app_type
Ord(74)
Ord(45)
Ord(60)
Ord(38)
Ord(46)
Ord(55)
Ord(165)
Ord(16)
Ord(64)
Ord(19)
Ord(28)
Ord(511)
Ord(603)
Ord(611)
VarR4FromDisp
VarUI1FromR4
RasSetEntryPropertiesA
RasEnumConnectionsA
RasGetCountryInfoA
RasGetEntryPropertiesA
RasGetConnectStatusW
RasRenameEntryW
RasCreatePhonebookEntryW
RasGetProjectionInfoA
RasGetProjectionInfoW
RasSetEntryDialParamsW
RasGetErrorStringA
RasGetConnectStatusA
RasGetCountryInfoW
RasGetEntryDialParamsW
RasRenameEntryA
RasDeleteEntryA
RpcSsDisableAllocate
SetupDiEnumDeviceInterfaces
SetupDiBuildClassInfoList
SetupOpenAppendInfFileA
SetupDiGetDriverInfoDetailA
SetupGetMultiSzFieldA
SetupDiSetDeviceRegistryPropertyW
SetupGetBinaryField
SetupDiOpenDeviceInfoW
SetupDiDrawMiniIcon
SetupCopyOEMInfA
SetupGetInfFileListA
SetupDiGetClassImageListExW
SetupDeleteErrorW
SetupDiSetDeviceInstallParamsA
SetupDiSetClassInstallParamsW
SetupRemoveFromSourceListW
SetupDiGetHwProfileFriendlyNameA
SetupDiSelectDevice
SetupGetInfInformationA
SetupDiGetHwProfileFriendlyNameExA
SetupPromptForDiskW
SetupAdjustDiskSpaceListW
SetupDiSetSelectedDriverA
SetupSetPlatformPathOverrideW
SetupDiGetClassImageIndex
SetupDiCreateDeviceInterfaceW
SetupQueryFileLogA
SetupDiGetClassDescriptionA
SetupGetFileCompressionInfoA
SetupDiCreateDeviceInfoListExA
SetupDiCreateDevRegKeyA
SetupQueryInfVersionInformationW
SetupLogErrorW
SetupGetSourceFileLocationA
SetupQueueRenameA
SetupFindFirstLineW
SetupIterateCabinetW
SetupInstallFileExW
SetupDiClassNameFromGuidW
SetupGetSourceFileSizeA
SetupDiInstallClassW
SetupQueryDrivesInDiskSpaceListW
SetupGetLineTextA
SetupQuerySpaceRequiredOnDriveW
SetupInstallFileExA
SetupDiGetClassDevPropertySheetsW
SetupDiCreateDeviceInfoList
SetupQueueDeleteW
RegisterWindowMessageW
GetCaretBlinkTime
EnumDesktopsA
GetMessageA
DrawTextExW
HideCaret
OffsetRect
CreateAcceleratorTableW
CreateCaret
DrawAnimatedRects
DestroyMenu
CharPrevW
DefMDIChildProcA
CheckMenuRadioItem
GrayStringW
GetTabbedTextExtentA
PostMessageA
CharUpperW
EnumChildWindows
AppendMenuW
GetWindowDC
DialogBoxParamA
OpenWindowStationA
CopyImage
GetCursorPos
IsCharAlphaNumericA
DrawStateA
IsZoomed
PackDDElParam
BringWindowToTop
CreateIconIndirect
InvertRect
InSendMessage
FillRect
DefDlgProcA
ModifyMenuW
SetDlgItemInt
GetDialogBaseUnits
ReuseDDElParam
GetKeyState
CharToOemA
HttpSendRequestExW
RetrieveUrlCacheEntryFileA
InternetOpenA
InternetHangUp
InternetCanonicalizeUrlA
HttpSendRequestExA
GetUrlCacheEntryInfoA
GopherOpenFileA
InternetReadFileExW
InternetConnectA
FtpSetCurrentDirectoryA
InternetGetCookieA
GopherOpenFileW
GetUrlCacheEntryInfoW
InternetAttemptConnect
InternetGetLastResponseInfoW
InternetCombineUrlW
HttpQueryInfoW
FtpGetFileW
InternetReadFile
CommitUrlCacheEntryW
GopherGetLocatorTypeW
InternetCheckConnectionA
GopherCreateLocatorA
FindFirstUrlCacheEntryExA
GopherGetLocatorTypeA
FtpOpenFileA
FindNextUrlCacheEntryA
DeleteUrlCacheEntry
InternetCrackUrlA
FindNextUrlCacheEntryExA
mmioFlush
mmioSeek
ConnectToPrinterDlg
GetPrinterDataExW
ConfigurePortW
DeletePrinterConnectionA
OpenPrinterA
EnumPortsW
ResetPrinterA
EnumPrinterKeyA
DocumentPropertiesA
AddPortA
WritePrinter
EnumPrinterDriversA
AddMonitorA
DeletePrintProcessorA
OpenPrinterW
GetPrintProcessorDirectoryW
DeletePrintProvidorW
PrinterMessageBoxA
FindTextW
GetSaveFileNameW
GetSaveFileNameA
ReplaceTextA
CoReleaseMarshalData
SetConvertStg
CoRegisterSurrogate
PdhGetDllVersion
PdhOpenLogA
PdhCalculateCounterFromRawValue
PdhValidatePathA
PdhMakeCounterPathW
PdhSelectDataSourceA
PdhEnumMachinesA
PdhBrowseCountersW
PdhExpandCounterPathA
PdhGetCounterTimeBase
PdhOpenLogW
PdhSelectDataSourceW
PdhLookupPerfIndexByNameW
PdhGetDefaultPerfObjectA
PdhParseCounterPathW
PdhValidatePathW
IsAsyncMoniker
CoInternetCreateZoneManager
CoInternetGetSession
HlinkNavigateString
GetClassFileOrMime
IsValidURL
CreateAsyncBindCtxEx
HlinkSimpleNavigateToString
CoInternetParseUrl
URLDownloadToCacheFileW
URLOpenPullStreamA
CoInternetGetProtocolFlags
URLOpenBlockingStreamW
CoInternetCreateSecurityManager
WriteHitLogging
FindMimeFromData
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2006:10:09 14:23:19+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
57344

LinkerVersion
6.0

FileTypeExtension
exe

InitializedDataSize
2977792

SubsystemVersion
4.0

EntryPoint
0xe006

OSVersion
4.0

ImageVersion
0.0

UninitializedDataSize
0

Execution parents
File identification
MD5 dc92858693f62add2eb4696abce11d62
SHA1 9ba2bc49ef5a5f0b4a5378e5e847bd34c132efbc
SHA256 77239513413e26259e249ab1ad8a7b47c24fa51ae12c9459eea43bb795247a31
ssdeep
1536:ka+IXIDRYRQooHNwXr1SuIeUQ9Z7S/eh4tX+tgsq818pSammuZQZi1cDMQsd+5eO:kbIYD+ToGQebSWhysq8kS/ZdKPSB

authentihash 5170c09ab1d8f25f567d7c63a917e6863650463af438f7da3f99e052638420c0
imphash 9f2d1abd20ccae6336e655ecbfe0b9c8
File size 128.3 KB ( 131359 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (35.8%)
Win64 Executable (generic) (31.7%)
Windows screen saver (15.0%)
Win32 Dynamic Link Library (generic) (7.5%)
Win32 Executable (generic) (5.1%)
Tags
peexe overlay

VirusTotal metadata
First submission 2015-04-02 08:09:30 UTC ( 2 years, 1 month ago )
Last submission 2016-01-05 07:54:21 UTC ( 1 year, 4 months ago )
File names kakego8.1.3.exe
42.exe
kilo4kb.exe
42_exe
dc92858693f62add2eb4696abce11d62.exe
42.exe
kilo4kb.exe
VirusShare_dc92858693f62add2eb4696abce11d62
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Opened mutexes
Runtime DLLs
UDP communications