× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 83b3e94974676bfce7cbd762a5d98ca1bbc05af5ec28dcb9d92f79942cc3694a
File name: f96579f5aa306e51ebd4a5da73fb76d1_8be7f544ea3369167b2e5488f060f673...
Detection ratio: 15 / 52
Analysis date: 2014-05-10 16:05:24 UTC ( 5 years ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.Agent.BCXT 20140510
AntiVir BDS/Simda.B.3 20140510
BitDefender Trojan.Agent.BCXT 20140510
Bkav HW32.CDB.B0f5 20140509
CMC Packed.Win32.Obfuscated.10!O 20140506
Emsisoft Trojan.Agent.BCXT (B) 20140510
ESET-NOD32 Win32/Simda.B 20140510
F-Secure Trojan.Agent.BCXT 20140510
GData Trojan.Agent.BCXT 20140510
Malwarebytes Trojan.Agent.FSAVXGen 20140510
eScan Trojan.Agent.BCXT 20140510
Qihoo-360 Malware.QVM20.Gen 20140510
Rising PE:Malware.Obscure/Heur!1.9E03 20140507
SUPERAntiSpyware Trojan.Agent/Gen-Simda 20140510
VIPRE Trojan.Win32.Generic!BT 20140510
AegisLab 20140510
Yandex 20140510
AhnLab-V3 20140510
Antiy-AVL 20140510
Avast 20140510
AVG 20140510
Baidu-International 20140510
ByteHero 20140510
CAT-QuickHeal 20140510
ClamAV 20140510
Commtouch 20140510
Comodo 20140510
DrWeb 20140510
F-Prot 20140510
Fortinet 20140510
Ikarus 20140510
Jiangmin 20140510
K7AntiVirus 20140509
K7GW 20140509
Kaspersky 20140510
Kingsoft 20140510
McAfee 20140510
McAfee-GW-Edition 20140510
Microsoft 20140510
NANO-Antivirus 20140510
Norman 20140510
nProtect 20140509
Panda 20140510
Sophos AV 20140510
Symantec 20140510
TheHacker 20140510
TotalDefense 20140510
TrendMicro 20140510
TrendMicro-HouseCall 20140510
VBA32 20140510
ViRobot 20140510
Zillya 20140510
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2011-06-01 04:27:03
Entry Point 0x0001D469
Number of sections 4
PE sections
PE imports
ImageList_Create
ImageList_Destroy
CreateStatusWindowW
ImageList_AddMasked
GetPrivateProfileStringA
FreeEnvironmentStringsW
RtlDeleteResource
_wcsicmp
NtDuplicateToken
wcstoul
RtlInitializeResource
RtlOpenCurrentUser
RtlAcquireResourceExclusive
RtlReleaseResource
NtClose
RtlAcquireResourceShared
RtlUnwind
NtQueryVirtualMemory
CoUninitialize
CLSIDFromString
CoCreateInstance
CoInitialize
RpcBindingSetAuthInfoExW
RpcRevertToSelf
RpcServerRegisterIfEx
NdrClientCall2
RpcStringBindingParseW
RpcServerInqBindings
RpcBindingFree
RpcBindingToStringBindingW
RpcImpersonateClient
RpcBindingFromStringBindingW
I_RpcBindingInqTransportType
RpcBindingVectorFree
RpcStringFreeW
RpcServerUnregisterIf
NdrServerCall2
SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInterfaceDetailW
SetupDiOpenDevRegKey
SetupDiOpenDeviceInterfaceRegKey
SetupDiGetDeviceInterfaceAlias
SetupDiOpenDeviceInterfaceW
SetupDiDestroyDeviceInfoList
SetupDiCreateDeviceInfoList
SetupDiGetClassDevsW
SetupDiGetDeviceInstanceIdW
SetupDiOpenDeviceInfoW
DragQueryFileA
RegisterWindowMessageW
GetMonitorInfoW
wsprintfW
EndDialog
LoadBitmapW
GetMessageW
DefWindowProcW
FindWindowW
KillTimer
PostQuitMessage
ShowWindow
SetWindowPos
GetSystemMetrics
SetWindowLongW
MessageBoxW
RegisterDeviceNotificationW
SendDlgItemMessageW
PostMessageW
SetDlgItemTextW
DispatchMessageW
SendMessageW
TranslateMessage
LoadStringW
GetClientRect
SystemParametersInfoW
LoadImageW
CloseWindowStation
MonitorFromRect
SetTimer
CallWindowProcW
DefDlgProcA
SetWindowTextW
GetSysColorBrush
UnregisterDeviceNotification
CreateWindowExW
GetWindowLongW
SetForegroundWindow
CharNextW
DestroyWindow
WritePrinter
WinStationQueryInformationW
Number of PE resources by type
RT_CURSOR 51
Struct(13) 1
RT_VERSION 1
Number of PE resources by language
SPANISH 53
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2011:06:01 05:27:03+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
131072

LinkerVersion
6.0

EntryPoint
0x1d469

InitializedDataSize
287232

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
6.1

UninitializedDataSize
0

Compressed bundles
File identification
MD5 f96579f5aa306e51ebd4a5da73fb76d1
SHA1 2e398b39e039da3c6af1785f706741e21186e257
SHA256 83b3e94974676bfce7cbd762a5d98ca1bbc05af5ec28dcb9d92f79942cc3694a
ssdeep
6144:NC9gdRXsbRoI1/Mw+LHqV/ujF8bmasvEyMcFt4JT6QugjNFG/ReU8c:Rd1+6IJM5+V/uKbmhvWJGQuiGwM

authentihash 638662f05552990598fed5a210af5cf9ba3eced3388e5e1b7ea604c5ae48fb0c
imphash 8be7f544ea3369167b2e5488f060f673
File size 409.5 KB ( 419328 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable (generic) (52.9%)
Generic Win/DOS Executable (23.5%)
DOS Executable Generic (23.4%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe via-tor

VirusTotal metadata
First submission 2014-05-10 16:05:24 UTC ( 5 years ago )
Last submission 2015-12-18 22:44:31 UTC ( 3 years, 5 months ago )
File names vti-rescan
f96579f5aa306e51ebd4a5da73fb76d1_8be7f544ea3369167b2e5488f060f673_mod1_keybex1_task_Kelihos_http.kaf
83b3e94974676bfce7cbd762a5d98ca1bbc05af5ec28dcb9d92f79942cc3694a.vir
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.