× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 82d8e65a75e3d955d2fd850f4a7a17b31a4dc74660f664d15f1af42e7b3c2a3a
File name: Luk22.exex
Detection ratio: 4 / 57
Analysis date: 2015-04-23 11:32:55 UTC ( 2 years, 4 months ago ) View latest
Antivirus Result Update
McAfee-GW-Edition BehavesLike.Win32.Downloader.nh 20150422
Sophos AV Mal/Dyreza-J 20150423
TrendMicro TROJ_UPATRE.SMNF1 20150423
TrendMicro-HouseCall TROJ_UPATRE.SMNF1 20150423
Ad-Aware 20150423
AegisLab 20150423
Yandex 20150422
AhnLab-V3 20150423
Alibaba 20150423
ALYac 20150423
Antiy-AVL 20150423
Avast 20150423
AVG 20150423
Avira (no cloud) 20150423
AVware 20150423
Baidu-International 20150421
BitDefender 20150423
Bkav 20150422
ByteHero 20150423
CAT-QuickHeal 20150423
ClamAV 20150423
CMC 20150423
Comodo 20150423
Cyren 20150423
DrWeb 20150423
Emsisoft 20150423
ESET-NOD32 20150423
F-Prot 20150423
F-Secure 20150423
Fortinet 20150423
GData 20150423
Ikarus 20150423
Jiangmin 20150422
K7AntiVirus 20150423
K7GW 20150423
Kaspersky 20150423
Kingsoft 20150423
Malwarebytes 20150423
McAfee 20150423
Microsoft 20150423
eScan 20150423
NANO-Antivirus 20150422
Norman 20150423
nProtect 20150423
Panda 20150423
Qihoo-360 20150423
Rising 20150422
SUPERAntiSpyware 20150423
Symantec 20150423
Tencent 20150423
TheHacker 20150422
TotalDefense 20150423
VBA32 20150423
VIPRE 20150423
ViRobot 20150423
Zillya 20150422
Zoner 20150422
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
PEiD InstallShield 2000
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2091-10-14 16:36:49
Entry Point 0x00001400
Number of sections 3
PE sections
PE imports
SetFileAttributesA
GetLastError
GetStartupInfoA
SetCurrentDirectoryW
LoadLibraryW
CreateFileW
GetCommandLineW
CopyFileA
Sleep
CloseHandle
GetModuleHandleA
_except_handler3
__p__fmode
_exit
__p__commode
__setusermatherr
__p__acmdln
exit
_XcptFilter
__getmainargs
_initterm
_controlfp
_adjust_fdiv
__set_app_type
PathMatchSpecW
PathFindFileNameW
PathFileExistsW
PathFindExtensionW
PathIsDirectoryW
PathCompactPathExW
TranslateMessage
SendMessageW
UpdateWindow
RegisterClassExW
PostQuitMessage
SetWindowTextW
GetClientRect
DefWindowProcW
LoadStringW
LoadCursorW
LoadIconW
CreateWindowExW
LoadAcceleratorsW
GetMessageW
ShowWindow
DispatchMessageW
DestroyWindow
Number of PE resources by type
RT_ICON 1
RT_STRING 1
RT_MENU 1
RT_MANIFEST 1
RT_GROUP_ICON 1
Number of PE resources by language
DUTCH 3
DUTCH *unknown* 1
ENGLISH US 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2091:10:14 17:36:49+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
7680

LinkerVersion
5.0

EntryPoint
0x1400

InitializedDataSize
25600

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 0274ed1038224cbbb303bc5e2a24ef43
SHA1 870103897a8c82231cb1bde6251b42dc803b3510
SHA256 82d8e65a75e3d955d2fd850f4a7a17b31a4dc74660f664d15f1af42e7b3c2a3a
ssdeep
768:Lk8l3iEdkO6NNUrArwZTgsDZJaOvgymhP1SHAXWWSMswmNyQ:LkU3ihNg0LsDnaunmhP1SgXWWSMCA

authentihash ae974c9d1da1261fdd1169a85eedf72384e80fcbbb2d7e943f9a9992fdfff68e
imphash fcb816e61b165425738cfdc54b4b53d1
File size 33.5 KB ( 34304 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
Win16/32 Executable Delphi generic (2.7%)
Tags
peexe installshield

VirusTotal metadata
First submission 2015-04-23 11:32:55 UTC ( 2 years, 4 months ago )
Last submission 2017-06-13 18:26:01 UTC ( 2 months, 1 week ago )
File names sevenguard.exe
54.exe
1.exe
82d8e65a75e3d955d2fd850f4a7a17b31a4dc74660f664d15f1af42e7b3c2a3a.exe
Luk22.exe
Luk22.exex
Luk22.exe-2015-04-23.22-10-01.txt
82d8e65a75e3d955d2fd850f4a7a17b31a4dc74660f664d15f1af42e7b3c2a3a.exe.000
82d8e65a75e3d955d2fd850f4a7a17b31a4dc74660f664d15f1af42e7b3c2a3a.exe
Luk22.ex_
Luk22_exe
Luk22.exe1
Luk22.exe
0274ed1038224cbbb303bc5e2a24ef43_Luk22.exe
Luk22.pe
0274ed1038224cbbb303bc5e2a24ef43
Luk22.exe.XXX
0274ed1038224cbbb303bc5e2a24ef43.exe
Luk22.vxe
1.exe
82d8e65a75e3d955d2fd850f4a7a17b31a4dc74660f664d15f1af42e7b3c2a3a.bin
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
HTTP requests
DNS requests
TCP connections
UDP communications