× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 8073a8324b1c42da3e7eec6d0c77cf980497fd260a68358a350fd1f1d058cdbb
File name: bin.exe
Detection ratio: 1 / 56
Analysis date: 2015-03-06 08:56:14 UTC ( 4 years, 2 months ago ) View latest
Antivirus Result Update
Norman Dridex.K 20150306
Ad-Aware 20150306
AegisLab 20150306
Yandex 20150228
AhnLab-V3 20150306
Alibaba 20150306
ALYac 20150306
Avast 20150306
AVG 20150306
Avira (no cloud) 20150306
AVware 20150306
Baidu-International 20150306
BitDefender 20150306
Bkav 20150305
ByteHero 20150306
CAT-QuickHeal 20150306
ClamAV 20150306
CMC 20150304
Comodo 20150306
Cyren 20150306
DrWeb 20150306
Emsisoft 20150306
ESET-NOD32 20150306
F-Prot 20150306
F-Secure 20150306
Fortinet 20150306
GData 20150306
Ikarus 20150306
Jiangmin 20150306
K7AntiVirus 20150306
K7GW 20150306
Kaspersky 20150306
Kingsoft 20150306
Malwarebytes 20150306
McAfee 20150306
McAfee-GW-Edition 20150306
Microsoft 20150306
eScan 20150306
NANO-Antivirus 20150306
nProtect 20150306
Panda 20150306
Qihoo-360 20150306
Rising 20150306
Sophos AV 20150306
SUPERAntiSpyware 20150306
Symantec 20150306
Tencent 20150306
TheHacker 20150306
TotalDefense 20150306
TrendMicro 20150306
TrendMicro-HouseCall 20150306
VBA32 20150306
VIPRE 20150306
ViRobot 20150306
Zillya 20150305
Zoner 20150306
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Корпорация Майкрософт. Все права защищены.

Product Операционная система Microsoft® Windows®
Original name TypePerf.exe
Internal name TypePerf.exe
File version 5.1.2600.0 (XPClient.010817-1148)
Description Системный монитор для запуска из командной строки
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1970-01-01 00:00:01
Entry Point 0x00006020
Number of sections 11
PE sections
PE imports
GetLastError
Sleep
VirtualLock
GetHandleInformation
ExitThread
GetModuleHandleW
ShowOwnedPopups
MessageBoxA
malloc
fabs
Number of PE resources by type
RT_STRING 12
RT_VERSION 1
Number of PE resources by language
RUSSIAN 13
PE resources
ExifTool file metadata
UninitializedDataSize
4608

LinkerVersion
5.23

ImageVersion
1.0

FileSubtype
0

FileVersionNumber
5.1.2600.0

LanguageCode
Russian

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
57344

EntryPoint
0x6020

OriginalFileName
TypePerf.exe

MIMEType
application/octet-stream

LegalCopyright
. .

FileVersion
5.1.2600.0 (XPClient.010817-1148)

TimeStamp
1970:01:01 01:00:01+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
TypePerf.exe

ProductVersion
5.1.2600.0

SubsystemVersion
4.1

OSVersion
4.1

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
21504

ProductName
Microsoft Windows

ProductVersionNumber
5.1.2600.0

Warning
Possibly corrupt Version resource

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 1ad464f62bb5c0a263167fa5ed647ab1
SHA1 a824d251dd45feb7626a9db9b6a835c6379061a6
SHA256 8073a8324b1c42da3e7eec6d0c77cf980497fd260a68358a350fd1f1d058cdbb
ssdeep
1536:YWApnhnBgP1Z2WX31Vym3gBz+aFCX62WyA4mehgeoeXnMl0wA4eVxdU6:YXn7i1ZL1VymOz+aFgu4HgeoYLzLdU6

authentihash 6fd97b43f9d5d9e36bb20cf8c6f653ad57fbb06f82becd02a9c465e5f44ce490
imphash 868a3126e84259966065b45a2893728d
File size 85.0 KB ( 87040 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
VXD Driver (0.2%)
Tags
peexe via-tor

VirusTotal metadata
First submission 2015-03-06 08:56:14 UTC ( 4 years, 2 months ago )
Last submission 2016-08-30 08:25:55 UTC ( 2 years, 8 months ago )
File names bin.exe.malware
bin_exe
54R6.ps1
bin.exe
324235235.exe
1ad464f62bb5c0a263167fa5ed647ab1.exe
bin.exe
TypePerf.exe
A824D251DD45FEB7626A9DB9B6A835C6379061A6
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
HTTP requests
TCP connections