× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 7a20b03a5158f46530ec864f573bc1f2c6cdc930a5c52c0d8730c685e163f760
File name: bin.exe
Detection ratio: 2 / 57
Analysis date: 2015-03-19 10:00:22 UTC ( 4 years, 2 months ago ) View latest
Antivirus Result Update
Kaspersky UDS:DangerousObject.Multi.Generic 20150319
Norman Dridex.K 20150319
Ad-Aware 20150319
AegisLab 20150319
Yandex 20150318
AhnLab-V3 20150318
Alibaba 20150319
ALYac 20150319
Antiy-AVL 20150319
Avast 20150319
AVG 20150319
Avira (no cloud) 20150319
AVware 20150319
Baidu-International 20150319
BitDefender 20150319
Bkav 20150318
ByteHero 20150319
CAT-QuickHeal 20150318
ClamAV 20150319
CMC 20150317
Comodo 20150319
Cyren 20150319
DrWeb 20150319
Emsisoft 20150319
ESET-NOD32 20150319
F-Prot 20150319
F-Secure 20150319
Fortinet 20150319
GData 20150319
Ikarus 20150319
Jiangmin 20150318
K7AntiVirus 20150319
K7GW 20150319
Kingsoft 20150319
Malwarebytes 20150319
McAfee 20150319
McAfee-GW-Edition 20150319
Microsoft 20150319
eScan 20150319
NANO-Antivirus 20150319
nProtect 20150319
Panda 20150318
Qihoo-360 20150319
Rising 20150318
Sophos AV 20150319
SUPERAntiSpyware 20150319
Symantec 20150319
Tencent 20150319
TheHacker 20150319
TotalDefense 20150318
TrendMicro 20150319
TrendMicro-HouseCall 20150319
VBA32 20150318
VIPRE 20150319
ViRobot 20150319
Zillya 20150318
Zoner 20150319
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Корпорация Майкрософт. Все права защищены.

Product Операционная система Microsoft® Windows®
Original name twext.dll
Internal name twext
File version 6.00.3800.5512 (xpsp.080413-2105)
Description Свойства: Предыдущие версии
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1970-01-01 00:00:01
Entry Point 0x00006410
Number of sections 9
PE sections
PE imports
CreateDIBPatternBrushPt
GetPrivateProfileSectionNamesA
GetComputerNameA
ScrollConsoleScreenBufferA
SetInformationJobObject
VerifyVersionInfoW
GetTapeParameters
DebugActiveProcessStop
GetConsoleProcessList
GetTapePosition
GetLocaleInfoW
EnumResourceLanguagesW
lstrcmpiA
SetTimerQueueTimer
FindResourceExW
GetThreadTimes
Thread32First
FindActCtxSectionStringW
GetFullPathNameA
MoveFileA
SetWaitableTimer
GetEnvironmentVariableA
SetLocaleInfoA
GetLogicalDriveStringsW
TlsGetValue
DeleteTimerQueue
EnumDateFormatsA
InitializeCriticalSection
OpenEventW
GlobalFindAtomA
SetConsoleOutputCP
WriteProfileStringA
ActivateActCtx
FatalAppExitA
MoveFileW
GetModuleHandleA
CreateSemaphoreA
VirtualLock
GetProcessPriorityBoost
GetSystemDirectoryA
LocalFileTimeToFileTime
GetCurrentThreadId
AddRefActCtx
SetCurrentDirectoryA
LocalCompact
SetHandleCount
LoadLibraryW
SetTapeParameters
GetExitCodeProcess
GetCommMask
ExitThread
GetProcessIoCounters
GetWindowsDirectoryW
Process32First
GetWindowsDirectoryA
GetSystemRegistryQuota
WriteFileGather
ReadProcessMemory
FindActCtxSectionGuid
GetProcAddress
SetSystemTimeAdjustment
GetTempFileNameW
CreateFileMappingW
GetTimeFormatW
GlobalWire
GetFileSizeEx
GetFileInformationByHandle
FindFirstFileExA
lstrcpyA
GetComputerNameExW
GetProcessWorkingSetSize
FindNextFileA
FindFirstFileExW
GlobalLock
EscapeCommFunction
GetPrivateProfileSectionW
SetThreadIdealProcessor
GetCurrencyFormatA
IsDebuggerPresent
GetPrivateProfileSectionA
CreateFileA
GetLastError
FlushConsoleInputBuffer
lstrlenA
GetConsoleCP
GetTapeStatus
LockFile
CreateNamedPipeA
WinExec
Process32NextW
GetQueuedCompletionStatus
WaitForSingleObjectEx
Module32FirstW
GetCurrentDirectoryW
GetCPInfoExA
QueryActCtxW
BackupRead
SetConsoleTitleW
QueryPerformanceFrequency
GetGeoInfoA
lstrcpynA
UnlockFileEx
SetLocalTime
CreateConsoleScreenBuffer
GetModuleHandleW
IsBadHugeWritePtr
OpenSemaphoreA
VirtualFree
Sleep
LocalShrink
DnsHostnameToComputerNameA
VarCyRound
VarUI4FromBool
SHInvokePrinterCommandW
SHQueryRecycleBinW
wvsprintfW
DrawFocusRect
IsCharAlphaW
MessageBoxW
CreateMDIWindowW
InSendMessageEx
EnableWindow
MoveWindow
ShowOwnedPopups
GetClassLongA
malloc
clearerr
tolower
isalnum
fscanf
wcsspn
strcat
fgetwc
wcscmp
atol
tmpfile
ungetc
feof
CoInternetParseUrl
Number of PE resources by type
REGINST 1
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
RUSSIAN 3
PE resources
ExifTool file metadata
UninitializedDataSize
4608

InitializedDataSize
57856

ImageVersion
1.0

ProductName
Microsoft Windows

FileVersionNumber
6.0.3800.5512

LanguageCode
Russian

FileFlagsMask
0x003f

FileDescription
:

CharacterSet
Unicode

LinkerVersion
5.23

FileTypeExtension
exe

OriginalFileName
twext.dll

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
6.00.3800.5512 (xpsp.080413-2105)

TimeStamp
1970:01:01 01:00:01+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
twext

ProductVersion
6.00.2900.5512

SubsystemVersion
4.2

OSVersion
4.1

FileOS
Windows NT 32-bit

LegalCopyright
. .

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
24064

FileSubtype
0

ProductVersionNumber
6.0.2900.5512

EntryPoint
0x6410

ObjectFileType
Dynamic link library

File identification
MD5 dcc7f58bff80b337e5e7723b2ac9dad7
SHA1 5f7509d78aca1c4f3145f1b025f344581d9e3992
SHA256 7a20b03a5158f46530ec864f573bc1f2c6cdc930a5c52c0d8730c685e163f760
ssdeep
1536:kGS0+GZ4AB5UEr2Ck1wjUDq3RNXp3k7Z/5jPqlC5cKa9HmDBX+M:kGz+GZ4AB572dKXpU7Zhjqc5cKa9HmZ+

authentihash b4c26b8867283b2966810bcbf3d2bfcadea9c0216d8f8de992efcb2fc0baf1a0
imphash 0953f66292446655e9ace7a8ade82af0
File size 85.0 KB ( 87040 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2015-03-19 09:35:31 UTC ( 4 years, 2 months ago )
Last submission 2018-05-18 16:06:56 UTC ( 1 year ago )
File names Trekaldo51.exe
59df15e0a1808164a7c81362f1f96cf66ce599b6
bin.exe
5f7509d78aca1c4f3145f1b025f344581d9e3992.exe
bin.exe
36383.bin
tikapom64.exe
7a20b03a5158f46530ec864f573bc1f2c6cdc930a5c52c0d8730c685e163f760.exe
twext
bin.exe
dcc7f58bff80b337e5e7723b2ac9dad7.exe
bin.exe
7a20b03a5158f46530ec864f573bc1f2c6cdc930a5c52c0d8730c685e163f760.bin
1ForMt.rtf
twext.dll
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
HTTP requests
TCP connections