× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 79a4e1b1de14bb8e7ffb5b542408765736c1f41e2f50512d62ef650fd35c80f8
File name: 2015-07-09-Nuclear-EK-Payload.exe
Detection ratio: 12 / 55
Analysis date: 2015-07-10 14:48:42 UTC ( 2 years ago ) View latest
Antivirus Result Update
AhnLab-V3 Trojan/Win32.Miuref 20150709
Avast Win32:Dropper-OJP [Drp] 20150710
AVG SHeur4.CKRY 20150710
Fortinet W32/Injector.CEMA!tr 20150710
Jiangmin Trojan/Cryptodef.ig 20150709
K7AntiVirus Trojan ( 004c7e371 ) 20150710
K7GW Trojan ( 004c7e371 ) 20150710
McAfee Generic-FAWK!6C112740EE16 20150710
McAfee-GW-Edition Artemis 20150710
NANO-Antivirus Trojan.Win32.Inject.dtqjky 20150710
Panda Trj/Genetic.gen 20150710
Sophos AV Mal/Zbot-TY 20150710
Ad-Aware 20150710
AegisLab 20150710
Yandex 20150710
Alibaba 20150710
ALYac 20150710
Antiy-AVL 20150710
Arcabit 20150710
Avira (no cloud) 20150710
AVware 20150710
Baidu-International 20150710
BitDefender 20150710
Bkav 20150708
ByteHero 20150710
CAT-QuickHeal 20150710
ClamAV 20150710
Comodo 20150710
Cyren 20150710
DrWeb 20150710
Emsisoft 20150710
ESET-NOD32 20150710
F-Prot 20150710
F-Secure 20150710
GData 20150710
Ikarus 20150710
Kaspersky 20150710
Kingsoft 20150710
Malwarebytes 20150710
Microsoft 20150710
eScan 20150710
nProtect 20150710
Qihoo-360 20150710
Rising 20150709
SUPERAntiSpyware 20150710
Symantec 20150710
Tencent 20150710
TheHacker 20150709
TrendMicro 20150710
TrendMicro-HouseCall 20150710
VBA32 20150710
VIPRE 20150710
ViRobot 20150710
Zillya 20150710
Zoner 20150710
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-07-01 19:02:51
Entry Point 0x00003236
Number of sections 6
PE sections
Overlays
MD5 8c8388f5d7429f89ffacbfb1abb6477d
File type data
Offset 44800
Size 832502
Entropy 7.99
PE imports
RegEnumKeyW
RegCreateKeyW
SetPixel
GetTextExtentExPointA
GetStockObject
GetACP
GetLastError
GetTimeFormatW
GetDateFormatA
CreateFileW
GetTimeZoneInformation
SetCommBreak
CreateEventW
GetModuleFileNameW
GlobalFree
ReadFile
GetCommState
GetCurrentDirectoryA
GetTickCount
GetStartupInfoW
GetSystemTimeAsFileTime
GetThreadTimes
GetModuleFileNameA
GlobalAlloc
GetModuleHandleW
Ord(3820)
Ord(2438)
Ord(4621)
Ord(5298)
Ord(2980)
Ord(6371)
Ord(5237)
Ord(4073)
Ord(6048)
Ord(5257)
Ord(4435)
Ord(755)
Ord(3577)
Ord(5727)
Ord(3744)
Ord(4616)
Ord(795)
Ord(616)
Ord(815)
Ord(3257)
Ord(2717)
Ord(641)
Ord(3917)
Ord(2570)
Ord(2506)
Ord(2388)
Ord(3716)
Ord(567)
Ord(3076)
Ord(3142)
Ord(5285)
Ord(4667)
Ord(825)
Ord(5710)
Ord(5276)
Ord(4401)
Ord(540)
Ord(4692)
Ord(2403)
Ord(1767)
Ord(2371)
Ord(4480)
Ord(4229)
Ord(2294)
Ord(823)
Ord(3087)
Ord(4269)
Ord(2504)
Ord(4213)
Ord(4392)
Ord(800)
Ord(5157)
Ord(1569)
Ord(470)
Ord(6051)
Ord(5261)
Ord(3074)
Ord(2613)
Ord(3592)
Ord(2047)
Ord(2977)
Ord(2116)
Ord(4418)
Ord(4831)
Ord(2746)
Ord(5977)
Ord(4992)
Ord(4459)
Ord(2377)
Ord(3825)
Ord(4419)
Ord(4074)
Ord(2640)
Ord(1089)
Ord(3254)
Ord(1165)
Ord(3341)
Ord(5273)
Ord(2971)
Ord(4347)
Ord(324)
Ord(5296)
Ord(2015)
Ord(1768)
Ord(4704)
Ord(3793)
Ord(3826)
Ord(5193)
Ord(4847)
Ord(1720)
Ord(4075)
Ord(2854)
Ord(1131)
Ord(3733)
Ord(5303)
Ord(2546)
Ord(561)
Ord(1143)
Ord(6372)
Ord(3131)
Ord(5059)
Ord(3397)
Ord(4370)
Ord(4270)
Ord(2634)
Ord(5286)
Ord(6370)
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
??_D?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXXZ
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??1?$basic_ofstream@DU?$char_traits@D@std@@@std@@UAE@XZ
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PADH@Z
??0?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAE@PBDH@Z
??0?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAE@PBDH@Z
??_D?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXXZ
_except_handler3
__p__fmode
__CxxFrameHandler
_exit
_adjust_fdiv
__setusermatherr
__dllonexit
_onexit
__wgetmainargs
exit
_XcptFilter
_initterm
_controlfp
_wcmdln
__p__commode
__set_app_type
RegisterWindowMessageW
DrawEdge
DefWindowProcW
KillTimer
SetClassLongA
CheckMenuItem
GetSystemMetrics
DispatchMessageA
EnableWindow
SetDlgItemTextA
DrawIcon
DialogBoxParamW
LoadIconW
DestroyCaret
CheckDlgButton
GetDC
ReleaseDC
ShowCaret
SendMessageW
GetClientRect
IsIconic
DeleteMenu
InvalidateRect
ShowCursor
GetSystemMenu
CreateWindowExW
MsgWaitForMultipleObjects
Number of PE resources by type
27 1
RT_DIALOG 1
RT_ICON 1
RT_BITMAP 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 3
CHINESE SIMPLIFIED 2
KOREAN 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2015:07:01 20:02:51+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
20480

LinkerVersion
6.3

Warning
Error processing PE data dictionary

EntryPoint
0x3236

InitializedDataSize
884736

SubsystemVersion
4.2

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 6c112740ee16f64e3885e3ca53cb2965
SHA1 bfc48aa9dfd0277467610165f1f26004f4575153
SHA256 79a4e1b1de14bb8e7ffb5b542408765736c1f41e2f50512d62ef650fd35c80f8
ssdeep
24576:n88fMJokb3dyeSBAzCljELewyYtOFz6NRGpXoxa:8X3dTSBAeBELLBHGBG

authentihash cf08ab539624f4b0eefdc410dfacd483684b2bddd65619df7e2d2dfbb6d77509
imphash 019912f2e9799e0bd2aec9745655c618
File size 856.7 KB ( 877302 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
corrupt peexe overlay

VirusTotal metadata
First submission 2015-07-09 23:14:42 UTC ( 2 years ago )
Last submission 2015-12-07 01:34:42 UTC ( 1 year, 7 months ago )
File names 2015-07-09-Nuclear-EK-Payload.exe
decoded.exe
Advanced heuristic and reputation engines
TrendMicro-HouseCall
TrendMicro's heuristic engine has flagged this file as: TROJ_GEN.R000C0DGE15.

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!