× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 81c52570940a9995f885be583f1afcf6f1f8afe6ab786f9a9c64a6907f96b9c2
File name: 81c52570940a9995f885be583f1afcf6f1f8afe6ab786f9a9c64a6907f96b9c2
Detection ratio: 10 / 56
Analysis date: 2016-02-25 23:25:16 UTC ( 3 years, 1 month ago )
Antivirus Result Update
ESET-NOD32 Win32/Dridex.AA 20160225
Fortinet PossibleThreat.P0 20160225
Kaspersky Trojan.Win32.Waldek.duq 20160225
McAfee Artemis!5C787A3F0071 20160225
McAfee-GW-Edition BehavesLike.Win32.Dropper.fh 20160225
Microsoft VirTool:Win32/Visky.A 20160225
Qihoo-360 HEUR/QVM07.1.Malware.Gen 20160226
Sophos AV Mal/Generic-S 20160225
TrendMicro TROJ_DYER.BMC 20160225
TrendMicro-HouseCall TROJ_DYER.BMC 20160225
Ad-Aware 20160226
AegisLab 20160225
Yandex 20160226
AhnLab-V3 20160225
Alibaba 20160225
ALYac 20160225
Antiy-AVL 20160225
Arcabit 20160225
Avast 20160225
AVG 20160225
Avira (no cloud) 20160225
AVware 20160225
Baidu-International 20160225
BitDefender 20160225
Bkav 20160225
ByteHero 20160226
CAT-QuickHeal 20160225
ClamAV 20160225
CMC 20160225
Comodo 20160225
Cyren 20160225
DrWeb 20160225
Emsisoft 20160225
F-Prot 20160225
F-Secure 20160225
GData 20160225
Ikarus 20160225
Jiangmin 20160225
K7AntiVirus 20160225
K7GW 20160225
Malwarebytes 20160225
eScan 20160225
NANO-Antivirus 20160225
nProtect 20160225
Panda 20160225
Rising 20160225
SUPERAntiSpyware 20160225
Symantec 20160224
Tencent 20160226
TheHacker 20160225
TotalDefense 20160225
VBA32 20160225
VIPRE 20160225
ViRobot 20160225
Zillya 20160226
Zoner 20160225
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2004-05-19 21:19:48
Entry Point 0x0003FD62
Number of sections 4
PE sections
PE imports
OpenServiceA
OpenSCManagerW
CopySid
GetAce
QueryServiceConfigW
LookupPrivilegeValueW
GetServiceKeyNameA
DeleteService
RegSetValueW
GetAclInformation
DecryptFileW
LsaOpenPolicy
GetSidSubAuthority
MakeAbsoluteSD
RegEnumKeyW
SetServiceObjectSecurity
RegisterEventSourceA
ChangeServiceConfig2A
SetFileSecurityA
CreateServiceW
SetServiceStatus
ImpersonateSelf
LockServiceDatabase
StartServiceCtrlDispatcherW
LsaAddAccountRights
EncryptFileW
DeleteAce
LsaFreeMemory
AdjustTokenPrivileges
ChangeServiceConfigA
RegSetValueExA
QueryServiceLockStatusW
GetServiceDisplayNameA
SetEntriesInAclA
RegUnLoadKeyW
SetKernelObjectSecurity
AddAce
SetNamedSecurityInfoW
ReBaseImage
SymSetOptions
SearchTreeForFile
ImageDirectoryEntryToData
SymGetSearchPath
SymUnloadModule
SymGetLineFromName
GetImageUnusedHeaderBytes
ImageEnumerateCertificates
SymInitialize
UpdateDebugInfoFileEx
ImageUnload
ImageRvaToSection
SymGetModuleBase
GetStartupInfoA
GetStringTypeA
GetModuleHandleA
GlobalFree
GetCommState
GetDiskFreeSpaceExW
GetTickCount
GetFileInformationByHandle
GetVersionExA
GetProcessHeaps
GetSystemPowerStatus
WNetUseConnectionA
WNetConnectionDialog1A
MultinetGetConnectionPerformanceA
WNetConnectionDialog
WNetDisconnectDialog
_acmdln
vprintf
_controlfp
__p__fmode
_adjust_fdiv
_dup
atexit
fgets
__setusermatherr
feof
__p__commode
_mbsspnp
__set_app_type
DragQueryFileW
SHChangeNotify
Shell_NotifyIconW
SHGetDiskFreeSpaceA
SHBrowseForFolderA
DragQueryFileA
SHFileOperationA
SHGetFileInfoA
Ord(180)
ShellExecuteExA
SHEmptyRecycleBinW
DuplicateIcon
SHGetPathFromIDListW
SHInvokePrinterCommandA
SHGetFileInfoW
SHGetDesktopFolder
SHGetPathFromIDListA
Shell_NotifyIconA
SHGetMalloc
SHAppBarMessage
DragAcceptFiles
SHInvokePrinterCommandW
SHGetSpecialFolderPathA
ExtractAssociatedIconW
ExtractAssociatedIconA
SHGetSpecialFolderPathW
DragFinish
SHGetDataFromIDListW
SHAddToRecentDocs
FindExecutableA
DoEnvironmentSubstA
ShellExecuteW
SHGetSettings
DragQueryPoint
ExtractIconExW
SHGetInstanceExplorer
SHGetDataFromIDListA
ShellExecuteA
DoEnvironmentSubstW
CoFileTimeNow
CoRegisterPSClsid
OleCreateLinkFromData
IIDFromString
CoMarshalInterThreadInterfaceInStream
OleNoteObjectVisible
PropStgNameToFmtId
CoGetStdMarshalEx
CreateItemMoniker
CoCreateGuid
HMENU_UserFree
HPALETTE_UserSize
OleSave
CoRegisterMessageFilter
HGLOBAL_UserUnmarshal
HWND_UserMarshal
CoSuspendClassObjects
SNB_UserFree
OleRegEnumFormatEtc
FmtIdToPropStgName
HMENU_UserSize
CoGetCurrentProcess
CoDisconnectObject
OleSetClipboard
STGMEDIUM_UserSize
CLIPFORMAT_UserUnmarshal
CreateFileMoniker
ReadClassStg
CoGetInterfaceAndReleaseStream
HGLOBAL_UserMarshal
CoIsOle1Class
HACCEL_UserSize
CoLockObjectExternal
HBITMAP_UserSize
OleLoadFromStream
OleRegEnumVerbs
OleRun
StgCreatePropStg
CoFreeAllLibraries
CoGetObject
HPALETTE_UserMarshal
CoMarshalInterface
OleCreateFromData
HPALETTE_UserFree
SNB_UserUnmarshal
StgOpenStorageOnILockBytes
GetConvertStg
MonikerRelativePathTo
OleCreateLinkToFile
HACCEL_UserUnmarshal
ReleaseStgMedium
OleRegGetMiscStatus
OleCreateStaticFromData
StgGetIFillLockBytesOnILockBytes
OleDoAutoConvert
HWND_UserUnmarshal
CreateILockBytesOnHGlobal
ProgIDFromCLSID
SNB_UserMarshal
HBITMAP_UserFree
GetClassFile
CoCreateInstance
HACCEL_UserFree
HMENU_UserMarshal
StgOpenAsyncDocfileOnIFillLockBytes
CoFreeUnusedLibraries
GetHGlobalFromStream
OleSetMenuDescriptor
OleCreateFromDataEx
StgCreateDocfile
CoTaskMemFree
OleLockRunning
CLIPFORMAT_UserSize
OleSetAutoConvert
CoMarshalHresult
DoDragDrop
OleCreateLinkToFileEx
CreatePointerMoniker
SNB_UserSize
OleCreateLink
OleSetContainedObject
GetHGlobalFromILockBytes
CLSIDFromProgID
CoGetPSClsid
CreateAntiMoniker
OleGetClipboard
CreateOleAdviseHolder
StgCreateStorageEx
OleRegGetUserType
HACCEL_UserMarshal
OleCreateLinkFromDataEx
CoGetStandardMarshal
PropVariantCopy
CoCreateFreeThreadedMarshaler
StgCreateDocfileOnILockBytes
OleFlushClipboard
OleConvertOLESTREAMToIStorage
CoReleaseMarshalData
MkParseDisplayName
CreateGenericComposite
Number of PE resources by type
RT_MENU 8
RT_ACCELERATOR 2
RT_RCDATA 1
fO722jB2 1
RT_BITMAP 1
RT_VERSION 1
Number of PE resources by language
CHINESE MACAU 14
PE resources
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
176128

ImageVersion
0.0

FileVersionNumber
0.185.149.89

LanguageCode
Neutral

FileFlagsMask
0x003f

FileDescription
Porns

CharacterSet
Unicode

LinkerVersion
7.0

FileTypeExtension
exe

OriginalFileName
Rumpus.exe

MIMEType
application/octet-stream

Subsystem
Windows command line

FileVersion
33, 216, 134, 116

TimeStamp
2004:05:19 22:19:48+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Partition

ProductVersion
27, 67, 114, 159

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Windows NT 32-bit

LegalCopyright
Copyright 2010

MachineType
Intel 386 or later, and compatibles

CompanyName
Webroot Software Inc.

CodeSize
258048

FileSubtype
0

ProductVersionNumber
0.248.106.98

EntryPoint
0x3fd62

ObjectFileType
Executable application

File identification
MD5 5c787a3f00712179b89f6035385ff534
SHA1 a6fe20d95bed52599c34696b6f69090649711e2e
SHA256 81c52570940a9995f885be583f1afcf6f1f8afe6ab786f9a9c64a6907f96b9c2
ssdeep
6144:DxGWN0dtkCDeWOU68UgAABH0FAVmCB/TUMYc+mGFLDcvj0DWXzuO71Sk:dGWGr1e3U62A+fzJ+mGSvTzuOV

authentihash 90e8d3911d3377c0988ff9dcacbe86cbb990480fce4c6209053a1a65de64c028
imphash 527e19c4b88277609101bf8dbb237517
File size 324.0 KB ( 331776 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.4%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2016-02-25 23:25:16 UTC ( 3 years, 1 month ago )
Last submission 2016-02-25 23:25:16 UTC ( 3 years, 1 month ago )
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Code injections in the following processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
DNS requests
TCP connections
UDP communications