× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 7a678b720ed4a5510027f6602539264514cad88bde6c06dc3493af4e5d3e3a16
File name: 12ce4f313502149b1b097ef6577619a71859c646
Detection ratio: 8 / 57
Analysis date: 2015-04-03 04:01:18 UTC ( 3 years, 11 months ago )
Antivirus Result Update
ESET-NOD32 a variant of Win32/Kryptik.DDVX 20150403
Fortinet W32/Kryptik.CAHR!tr 20150403
Kaspersky Trojan-Spy.Win32.Zbot.vhdp 20150403
Malwarebytes Trojan.Agent.ED 20150403
McAfee Artemis!F56CCC8F4615 20150403
McAfee-GW-Edition BehavesLike.Win32.Sdbot.hz 20150403
NANO-Antivirus Virus.Win32.Gen-Crypt.ccnc 20150403
Tencent Trojan.Win32.Qudamah.Gen.1 20150403
Ad-Aware 20150403
AegisLab 20150403
Yandex 20150402
AhnLab-V3 20150402
Alibaba 20150403
ALYac 20150403
Antiy-AVL 20150402
Avast 20150403
AVG 20150403
Avira (no cloud) 20150402
AVware 20150403
Baidu-International 20150402
BitDefender 20150403
Bkav 20150402
ByteHero 20150403
CAT-QuickHeal 20150402
ClamAV 20150402
CMC 20150402
Comodo 20150403
Cyren 20150403
DrWeb 20150403
Emsisoft 20150403
F-Prot 20150401
F-Secure 20150403
GData 20150403
Ikarus 20150403
Jiangmin 20150402
K7AntiVirus 20150402
K7GW 20150403
Kingsoft 20150403
Microsoft 20150403
eScan 20150403
Norman 20150402
nProtect 20150402
Panda 20150401
Qihoo-360 20150403
Rising 20150402
Sophos AV 20150403
SUPERAntiSpyware 20150403
Symantec 20150403
TheHacker 20150401
TotalDefense 20150402
TrendMicro 20150403
TrendMicro-HouseCall 20150403
VBA32 20150402
VIPRE 20150403
ViRobot 20150403
Zillya 20150403
Zoner 20150402
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2005-02-18 15:06:19
Entry Point 0x00001000
Number of sections 13
PE sections
PE imports
QueryPerformanceFrequency
OpenFileMappingW
GetLocaleInfoA
FileTimeToSystemTime
WriteConsoleOutputA
MapViewOfFileEx
CreateIoCompletionPort
CreateDirectoryA
GetProcessHeaps
Module32Next
SearchPathA
CreateFileMappingA
GetNumberOfConsoleInputEvents
GetProcessTimes
FindNextChangeNotification
ReadFileEx
Number of PE resources by type
RT_BITMAP 1
RT_VERSION 1
Number of PE resources by language
NEUTRAL 1
ENGLISH US 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2005:02:18 16:06:19+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
422912

LinkerVersion
0.0

EntryPoint
0x1000

InitializedDataSize
123904

SubsystemVersion
4.1

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 f56ccc8f4615eb63f3e7a5b702454534
SHA1 50ddab4c0c550f02eff0542aa96f617c36a630b3
SHA256 7a678b720ed4a5510027f6602539264514cad88bde6c06dc3493af4e5d3e3a16
ssdeep
3072:5Sgp4S5a0KPSFUDtGZQIcuHKJYsk4EW4U4Y2NgN:5SgpffKKFUDQS3H+sk24JYs

authentihash 3a8c0f59b8f908e0648d21131e4dc05f8a45e4d28b14cf17f11b64dfcaa152d9
imphash c257cb1c027d41c2f6ccf21112ecd014
File size 558.5 KB ( 571904 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable (generic) (52.7%)
Generic Win/DOS Executable (23.4%)
DOS Executable Generic (23.4%)
VXD Driver (0.3%)
Tags
peexe

VirusTotal metadata
First submission 2015-04-03 04:01:18 UTC ( 3 years, 11 months ago )
Last submission 2015-04-03 04:01:18 UTC ( 3 years, 11 months ago )
File names 12ce4f313502149b1b097ef6577619a71859c646
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Created mutexes
Opened mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
UDP communications