× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 7c42d0eef7e3d3fee08b327843426d69bd7d15fedd1b7ed5ed77c8c7391448d2
File name: db6779d497cb5e22697106e26eebfaa8.exe
Detection ratio: 45 / 56
Analysis date: 2015-07-02 16:40:19 UTC ( 1 year, 8 months ago )
Antivirus Result Update
Ad-Aware Dropped:Generic.Keylogger.2.CD4EE167 20150702
Yandex Worm.Autorun!DXYRzwHXKfI 20150630
AhnLab-V3 Backdoor/Win32.Herpybot 20150702
ALYac Dropped:Generic.Keylogger.2.CD4EE167 20150702
Antiy-AVL Trojan[:HEUR]/Win32.Unknown 20150702
Arcabit Generic.Keylogger.2.CD4EE167 20150630
Avast Win32:GaoBot-AOZ [Wrm] 20150702
AVG Win32/DH{gRKBEwNiHhMUDyVXfH2BDg} 20150702
Avira (no cloud) WORM/Autorun.adz.28 20150702
AVware Trojan.Win32.Generic!SB.0 20150702
Baidu-International Worm.Win32.Agent.NKH 20150702
BitDefender Dropped:Generic.Keylogger.2.CD4EE167 20150702
Bkav W32.SidleadD.Trojan 20150702
ClamAV Win.Trojan.Autorun-575 20150702
Comodo UnclassifiedMalware 20150702
DrWeb Trojan.DownLoad3.6574 20150702
Emsisoft Dropped:Generic.Keylogger.2.CD4EE167 (B) 20150702
ESET-NOD32 a variant of Win32/Agent.NKH 20150702
F-Secure Dropped:Generic.Keylogger.2.CD4EE167 20150702
Fortinet W32/HerpBot.B 20150702
GData Dropped:Generic.Keylogger.2.CD4EE167 20150702
Ikarus Trojan.Win32.Weelsof 20150702
Jiangmin Trojan/Generic.zklc 20150701
K7AntiVirus Riskware ( 0040eff71 ) 20150702
K7GW Riskware ( 0040eff71 ) 20150702
Kaspersky HEUR:Trojan.Win32.Generic 20150702
Kingsoft Win32.Troj.Undef.(kcloud) 20150702
Malwarebytes Backdoor.Bot 20150702
McAfee Artemis!DB6779D497CB 20150702
McAfee-GW-Edition BehavesLike.Win32.Virus.ch 20150702
Microsoft Worm:Win32/Autorun.ADZ 20150702
eScan Dropped:Generic.Keylogger.2.CD4EE167 20150702
NANO-Antivirus Trojan.Win32.DownLoad3.wyuzx 20150702
nProtect Dropped:Generic.Keylogger.2.CD4EE167 20150702
Panda Generic Malware 20150702
Qihoo-360 HEUR/Malware.QVM10.Gen 20150702
Sophos Mal/HerpBot-B 20150702
SUPERAntiSpyware Trojan.Agent/Gen-Autorun 20150702
Symantec Trojan.Gen.2 20150702
Tencent Win32.Worm.Autorun.Wstr 20150702
TheHacker Trojan/Agent.nkh 20150701
TrendMicro TROJ_AGENT_035820.TOMB 20150702
TrendMicro-HouseCall TROJ_AGENT_035820.TOMB 20150702
VIPRE Trojan.Win32.Generic!SB.0 20150702
ViRobot Worm.Win32.S.Autorun.125952.A[h] 20150702
AegisLab 20150702
Alibaba 20150630
ByteHero 20150702
CAT-QuickHeal 20150701
Cyren 20150702
F-Prot 20150702
Rising 20150702
TotalDefense 20150702
VBA32 20150702
Zillya 20150702
Zoner 20150702
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-03-09 19:55:07
Entry Point 0x000092D2
Number of sections 6
PE sections
PE imports
GetTokenInformation
LookupPrivilegeValueA
CryptReleaseContext
RegCloseKey
CryptAcquireContextA
OpenProcessToken
GetUserNameA
FreeSid
CryptGetHashParam
RegQueryValueExA
AllocateAndInitializeSid
RegSetValueExA
AdjustTokenPrivileges
LookupAccountSidA
RegDeleteValueA
RegCreateKeyExA
RegOpenKeyExA
CryptHashData
CheckTokenMembership
CryptDestroyHash
CryptCreateHash
GetDeviceCaps
DeleteDC
RestoreDC
SelectObject
SaveDC
BitBlt
CreateDIBSection
CreateCompatibleDC
DeleteObject
GetStdHandle
EncodePointer
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
lstrcatA
SetErrorMode
FreeEnvironmentStringsW
SetStdHandle
GetTempPathA
GetCPInfo
LoadLibraryW
WriteFile
GetSystemTimeAsFileTime
GlobalMemoryStatusEx
HeapReAlloc
GetStringTypeW
SetFileAttributesA
GetOEMCP
GetEnvironmentVariableA
TlsGetValue
SetLastError
GetSystemTime
WriteProcessMemory
GetModuleFileNameW
CopyFileA
HeapAlloc
FlushFileBuffers
GetModuleFileNameA
HeapSetInformation
GetVolumeInformationA
SetHandleCount
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
CreateMutexA
SetFilePointer
CreateThread
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
DecodePointer
GetDiskFreeSpaceExA
GetCurrentThreadId
LeaveCriticalSection
WriteConsoleW
CreateToolhelp32Snapshot
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
Process32First
lstrcmpiA
FreeLibrary
QueryPerformanceCounter
GetTickCount
TlsAlloc
GetVersionExA
LoadLibraryA
RtlUnwind
Process32Next
CreateRemoteThread
GetFileSize
OpenProcess
CreateDirectoryA
DeleteFileA
GetStartupInfoW
GetProcAddress
GetProcessHeap
lstrcmpA
lstrcpyA
GetComputerNameA
TerminateProcess
CreateFileW
IsDebuggerPresent
GetFileType
TlsSetValue
CreateFileA
ExitProcess
InterlockedIncrement
GetLastError
LCMapStringW
VirtualAllocEx
GetSystemInfo
lstrlenA
GetConsoleCP
GetEnvironmentStringsW
GetCurrentProcessId
WideCharToMultiByte
HeapSize
GetCommandLineA
OpenMutexA
RaiseException
TlsFree
GetModuleHandleA
ReadFile
CloseHandle
GetACP
GetModuleHandleW
IsValidCodePage
HeapCreate
VirtualFree
Sleep
VirtualAlloc
ShellExecuteA
SHGetSpecialFolderPathA
SHGetFolderPathA
GetMessageA
MapVirtualKeyA
GetForegroundWindow
UpdateWindow
EndDialog
BeginPaint
PostQuitMessage
DefWindowProcA
GetSystemMetrics
DispatchMessageA
EndPaint
MessageBoxA
GetWindowDC
wvsprintfA
TranslateMessage
DialogBoxParamA
SwapMouseButton
GetKeyState
GetAsyncKeyState
LoadStringA
LoadAcceleratorsA
wsprintfA
CreateWindowExA
LoadCursorA
LoadIconA
TranslateAcceleratorA
GetWindowTextA
RegisterClassExA
DestroyWindow
HttpSendRequestA
InternetQueryDataAvailable
InternetSetOptionA
HttpOpenRequestA
HttpAddRequestHeadersA
InternetCloseHandle
InternetOpenA
InternetConnectA
InternetReadFile
WSAStartup
gethostbyname
inet_ntoa
gethostname
Direct3DCreate9
GdiplusShutdown
GdipGetImageEncodersSize
GdipGetImageEncoders
GdipFree
GdipCloneImage
GdipCreateBitmapFromHBITMAP
GdipAlloc
GdipDisposeImage
GdipSaveImageToFile
GdiplusStartup
Number of PE resources by type
RT_ACCELERATOR 1
RT_MANIFEST 1
RT_STRING 1
RT_MENU 1
RT_DIALOG 1
Number of PE resources by language
ITALIAN 4
ENGLISH US 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2012:03:09 20:55:07+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
80896

LinkerVersion
10.0

FileTypeExtension
exe

InitializedDataSize
44032

SubsystemVersion
5.1

EntryPoint
0x92d2

OSVersion
5.1

ImageVersion
0.0

UninitializedDataSize
0

Compressed bundles
File identification
MD5 db6779d497cb5e22697106e26eebfaa8
SHA1 006cd3dcd25cb7f675e27ebcdb983cc9949a0915
SHA256 7c42d0eef7e3d3fee08b327843426d69bd7d15fedd1b7ed5ed77c8c7391448d2
ssdeep
3072:a1OnnZnX3pJmmQpV11X9KReu8vLT2mj0U:a1mZnpJjQv1vKR/ULKY0

authentihash 7c151421d14c77b390e51bcc6c2ef59ff5784a3809022998b6ce771c33116c75
imphash 83f973d8d0ba495a78d06cadcbdccf72
File size 123.0 KB ( 125952 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2012-05-08 11:33:07 UTC ( 4 years, 10 months ago )
Last submission 2015-07-02 16:40:19 UTC ( 1 year, 8 months ago )
File names 7c42d0eef7e3d3fee08b327843426d69bd7d15fedd1b7ed5ed77c8c7391448d2.bin
db6779d497cb5e22697106e26eebfaa8.exe
server.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Deleted files
Created processes
Shell commands
Code injections in the following processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
DNS requests