× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 808b46ee5cf568190b6075e39194b4442c0c3c36525d145ea546c2a3199265d8
File name: blogsort.exe
Detection ratio: 10 / 48
Analysis date: 2013-11-29 17:13:40 UTC ( 4 years ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Trojan.Heur.GM.0444140020 20131129
AntiVir TR/Crypt.XPACK.Gen3 20131129
BitDefender Gen:Trojan.Heur.GM.0444140020 20131129
Comodo UnclassifiedMalware 20131129
Emsisoft Gen:Trojan.Heur.GM.0444140020 (B) 20131129
F-Secure Gen:Trojan.Heur.GM.0444140020 20131129
GData Gen:Trojan.Heur.GM.0444140020 20131129
eScan Gen:Trojan.Heur.GM.0444140020 20131129
Symantec WS.Reputation.1 20131129
TrendMicro-HouseCall TROJ_GEN.F47V1108 20131129
Yandex 20131127
AhnLab-V3 20131129
Antiy-AVL 20131129
Avast 20131129
AVG 20131129
Baidu-International 20131129
Bkav 20131129
ByteHero 20131127
CAT-QuickHeal 20131129
ClamAV 20131129
Commtouch 20131129
DrWeb 20131129
ESET-NOD32 20131129
F-Prot 20131129
Fortinet 20131129
Ikarus 20131129
Jiangmin 20131129
K7AntiVirus 20131129
K7GW 20131129
Kaspersky 20131129
Kingsoft 20130829
Malwarebytes 20131129
McAfee 20131129
McAfee-GW-Edition 20131129
Microsoft 20131129
NANO-Antivirus 20131129
Norman 20131129
nProtect 20131129
Panda 20131129
Rising 20131129
Sophos AV 20131129
SUPERAntiSpyware 20131129
TheHacker 20131128
TotalDefense 20131128
TrendMicro 20131129
VBA32 20131128
VIPRE 20131129
ViRobot 20131129
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Entry Point 0x0007DA34
Number of sections 6
PE sections
PE imports
RegCreateKeyExW
RegDeleteKeyA
RegDeleteValueW
RegOpenKeyA
RegCloseKey
RegCreateKeyExA
RegSetValueExW
RegQueryInfoKeyW
RegQueryValueExA
RegEnumValueW
RegOpenKeyExW
RegEnumKeyExW
RegSetValueExA
RegFlushKey
RegOpenKeyW
RegDeleteKeyW
RegOpenKeyExA
RegEnumKeyExA
RegQueryInfoKeyA
RegQueryValueExW
SetBitmapBits
PatBlt
CreatePen
CreateRectRgnIndirect
CombineRgn
SetStretchBltMode
GetBitmapBits
Rectangle
GetDeviceCaps
LineTo
DeleteDC
SetBkMode
BitBlt
SetTextColor
CreatePatternBrush
GetObjectA
CreateBitmap
MoveToEx
GetStockObject
ExtTextOutA
SelectClipRgn
CreateCompatibleDC
StretchBlt
SetBrushOrgEx
CreateRectRgn
SelectObject
CreateSolidBrush
SetBkColor
DeleteObject
CreateCompatibleBitmap
GetStdHandle
FileTimeToDosDateTime
WaitForSingleObject
FindNextFileA
GetFileAttributesW
SystemTimeToTzSpecificLocalTime
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
MapViewOfFileEx
FreeEnvironmentStringsW
GetThreadContext
GetCPInfo
GetStringTypeA
WriteFile
GetSystemTimeAsFileTime
FreeLibrary
LocalFree
ResumeThread
InitializeCriticalSection
FindClose
TlsGetValue
FormatMessageA
GetEnvironmentVariableA
TryEnterCriticalSection
IsDebuggerPresent
ExitProcess
GetModuleFileNameA
FlushViewOfFile
RaiseException
SetConsoleCtrlHandler
UnhandledExceptionFilter
MultiByteToWideChar
GetModuleHandleA
CreateSemaphoreA
CreateThread
GetExitCodeThread
SetUnhandledExceptionFilter
MulDiv
ExitThread
TzSpecificLocalTimeToSystemTime
WriteConsoleA
GlobalAlloc
RtlCaptureContext
GetVersion
EnterCriticalSection
SetHandleCount
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
GetVersionExA
LoadLibraryA
RtlUnwind
GlobalSize
GetFileSize
DeleteFileA
DeleteFileW
GlobalLock
ExpandEnvironmentStringsW
FindNextFileW
CreateFileMappingA
FindFirstFileW
DuplicateHandle
GetProcAddress
GetTimeZoneInformation
CreateFileW
GetFileType
TlsSetValue
CreateFileA
LeaveCriticalSection
GetLastError
GetSystemInfo
GlobalFree
LCMapStringA
GetEnvironmentStringsW
GlobalUnlock
lstrlenW
SwitchToThread
GetEnvironmentStrings
GetCommandLineW
WideCharToMultiByte
GetCommandLineA
GetCurrentThread
SuspendThread
QueryPerformanceFrequency
ReleaseSemaphore
SetFilePointer
ReadFile
FindFirstFileA
CloseHandle
GetACP
GetCurrentThreadId
UnmapViewOfFile
VirtualFree
Sleep
VirtualAlloc
OleLoadPicture
ShellExecuteA
SHGetMalloc
SHAppBarMessage
CommandLineToArgvW
Shell_NotifyIconA
SetFocus
SetWindowRgn
RedrawWindow
UnregisterHotKey
GetAsyncKeyState
DestroyMenu
SetWindowPos
ScreenToClient
SetMenuItemInfoA
WindowFromPoint
VkKeyScanW
SetActiveWindow
DispatchMessageW
GetCursorPos
ReleaseDC
GetKeyState
SendMessageW
SendMessageA
GetClientRect
DefWindowProcW
SetScrollPos
GetActiveWindow
ScrollWindow
RegisterClassExA
DestroyWindow
GetParent
SetPropA
EnumWindows
DefMDIChildProcA
ShowWindow
SetClassLongA
GetPropA
PeekMessageW
EnableWindow
PeekMessageA
TranslateMessage
IsWindowEnabled
GetWindow
InsertMenuItemA
GetIconInfo
SetParent
DrawMenuBar
DrawFocusRect
SetTimer
ShowOwnedPopups
FillRect
GetSysColorBrush
IsWindowUnicode
CreateMenu
GetUpdateRect
IsChild
MapWindowPoints
DrawAnimatedRects
PostMessageA
BeginPaint
DefMDIChildProcW
KillTimer
RegisterWindowMessageA
DefWindowProcA
GetClipboardData
GetSystemMetrics
GetWindowRect
SetCapture
ReleaseCapture
EnumChildWindows
SetWindowLongA
WaitMessage
CreatePopupMenu
GetWindowLongA
DrawIconEx
CreateWindowExA
ClientToScreen
GetClassLongA
FindWindowExA
LoadCursorA
LoadIconA
TrackPopupMenu
GetDesktopWindow
GetSystemMenu
GetMenuItemID
SetForegroundWindow
OpenClipboard
EmptyClipboard
EndPaint
GetScrollInfo
RemoveMenu
GetWindowThreadProcessId
MessageBoxW
DefFrameProcW
MessageBoxA
GetWindowDC
DestroyCursor
AdjustWindowRectEx
GetSysColor
SetScrollInfo
CopyImage
SystemParametersInfoA
DestroyIcon
IsWindowVisible
GetDCEx
GetDC
InvalidateRect
CallWindowProcW
DefDlgProcA
CallWindowProcA
GetFocus
CloseClipboard
DefDlgProcW
htonl
shutdown
accept
ioctlsocket
WSAStartup
connect
getsockname
getpeername
WSAGetLastError
WSACancelAsyncRequest
getsockopt
closesocket
ntohl
inet_addr
send
getservbyport
ntohs
gethostbyaddr
listen
WSACleanup
gethostbyname
inet_ntoa
WSAAsyncSelect
recv
WSAIoctl
setsockopt
socket
bind
getprotobyname
recvfrom
sendto
getprotobynumber
getservbyname
ChooseColorA
CommDlgExtendedError
CreateStreamOnHGlobal
RegisterDragDrop
OleInitialize
RevokeDragDrop
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
0000:00:00 00:00:00

FileType
Win32 EXE

PEType
PE32

CodeSize
647680

LinkerVersion
8.0

EntryPoint
0x7da34

InitializedDataSize
1024

SubsystemVersion
3.1

ImageVersion
0.0

OSVersion
1.0

UninitializedDataSize
0

Compressed bundles
File identification
MD5 eaf95e42411277182d5da4c670c11ae9
SHA1 3571af76787c1e7d5c112af9ad7c0a884e7fa375
SHA256 808b46ee5cf568190b6075e39194b4442c0c3c36525d145ea546c2a3199265d8
ssdeep
12288:pXGfReBV+wbqAhoTMUOlNdWUHY5NKp8zCexHmf7Bvp4i0n5c+mneVuU9+J8vOFE:p2fRizqAhoTtOl+lNnzDxHm/4LbCE

imphash b135b5e896e1e8354a298ad8bfa13139
File size 1.1 MB ( 1101852 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Generic Win/DOS Executable (50.0%)
DOS Executable Generic (49.9%)
Tags
peexe

VirusTotal metadata
First submission 2013-11-08 04:31:28 UTC ( 4 years, 1 month ago )
Last submission 2013-11-29 17:13:40 UTC ( 4 years ago )
File names blogsort.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Written files
Deleted files
Runtime DLLs
Additional details
The file uses the IsDebuggerPresent Windows API function in order to see whether it is being debugged.
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.