× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 8402feb2774408499cf35416167bc970d8923ca3f25a06b61b7d1ca0ea5a361b
File name: e507692bd22a2485589df639d1f5a3b7
Detection ratio: 47 / 57
Analysis date: 2016-06-13 01:46:36 UTC ( 2 years, 8 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.Lethic.Gen.9 20160613
AegisLab Backdoor.W32.Androm!c 20160612
AhnLab-V3 Trojan/Win32.Upbot 20160612
Antiy-AVL Trojan/Win32.Bublik 20160612
Arcabit Trojan.Lethic.Gen.9 20160613
Avast Win32:Malware-gen 20160613
AVG Crypt_r.AHB 20160613
Avira (no cloud) TR/Crypt.Xpack.306869 20160612
AVware Trojan.Win32.Generic!BT 20160613
Baidu Win32.Trojan.Kryptik.qo 20160612
Baidu-International Backdoor.Win32.Androm.indf 20160606
BitDefender Trojan.Lethic.Gen.9 20160613
Bkav W32.BistogarLTAK.Trojan 20160611
CAT-QuickHeal Ransom.Crowti.WR7 20160611
Comodo UnclassifiedMalware 20160613
Cyren W32/S-9a3c2942!Eldorado 20160613
DrWeb BackDoor.IRC.NgrBot.42 20160613
Emsisoft Trojan.Lethic.Gen.9 (B) 20160613
ESET-NOD32 Win32/Kasidet.AC 20160612
F-Prot W32/S-9a3c2942!Eldorado 20160613
F-Secure Trojan.Lethic.Gen.9 20160613
Fortinet W32/Kryptik.EHWV!tr 20160613
GData Trojan.Lethic.Gen.9 20160613
Ikarus Trojan.Win32.Crypt 20160612
Jiangmin Trojan.Generic.enjm 20160613
K7AntiVirus Trojan ( 004d42ee1 ) 20160612
K7GW Trojan ( 004d42ee1 ) 20160612
Kaspersky HEUR:Trojan.Win32.Generic 20160613
Malwarebytes Trojan.Bunitu 20160612
McAfee Artemis!E507692BD22A 20160613
McAfee-GW-Edition BehavesLike.Win32.Backdoor.fm 20160613
Microsoft VirTool:Win32/CeeInject.LJ 20160613
eScan Trojan.Lethic.Gen.9 20160613
NANO-Antivirus Trojan.Win32.Farfli.dyejuf 20160613
nProtect Trojan.Lethic.Gen.9 20160610
Panda Trj/Genetic.gen 20160612
Qihoo-360 HEUR/QVM10.1.Malware.Gen 20160613
Rising Trojan.Generic-RqijV0TdqeN (Cloud) 20160613
Sophos AV Mal/Wonton-BP 20160613
SUPERAntiSpyware Trojan.Agent/Gen-Tester 20160612
Symantec Backdoor.Trojan 20160613
Tencent Win32.Worm.Kasidet.Ahed 20160613
VBA32 Backdoor.Androm 20160611
VIPRE Trojan.Win32.Generic!BT 20160613
ViRobot Trojan.Win32.Z.Crypt.326144.D[h] 20160612
Yandex Backdoor.Androm!KdloyxNOhhs 20160612
Zillya Backdoor.Androm.Win32.29765 20160612
Alibaba 20160612
ALYac 20160610
ClamAV 20160612
CMC 20160607
Kingsoft 20160613
TheHacker 20160612
TotalDefense 20160613
TrendMicro 20160613
TrendMicro-HouseCall 20160613
Zoner 20160613
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © 1998-2011 VMware, Inc.

Product VMware Virtual Image Editing Framework
Original name bootrun.exe
Internal name bootrun
File version 7.1.0 build-895003
Description Virtual BootRun Service
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-10-24 22:45:30
Entry Point 0x0002BF98
Number of sections 4
PE sections
PE imports
RegDeleteKeyA
RegCloseKey
CryptAcquireContextA
RegQueryValueExA
RegSetValueExA
RegDeleteValueA
RegCreateKeyExA
RegOpenKeyExA
RegEnumKeyA
RegEnumValueA
CertFreeCertificateContext
CreateFontIndirectW
SetBitmapBits
PatBlt
GetRgnBox
SetICMProfileA
CreateFontIndirectA
GetTextMetricsA
SetDeviceGammaRamp
GetBitmapBits
GetDeviceCaps
RestoreDC
SetBkMode
SetMapperFlags
RemoveFontResourceExA
EnumMetaFile
GdiSetBatchLimit
SetTextColor
CreatePatternBrush
GetMiterLimit
CreateBrushIndirect
SelectObject
GdiGradientFill
CombineTransform
SetBkColor
DeleteObject
DeleteMetaFile
GetStdHandle
GetConsoleOutputCP
GetFileAttributesA
WaitForSingleObject
QueueUserAPC
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
lstrcatA
SetErrorMode
GetLogicalDrives
FreeEnvironmentStringsW
SetStdHandle
GetCommModemStatus
GetTempPathA
WideCharToMultiByte
GetStringTypeA
WriteFile
GetSystemTimeAsFileTime
GetDiskFreeSpaceA
GetStringTypeW
GetFullPathNameA
FreeLibrary
MoveFileA
CreateEventW
GlobalCompact
FindClose
TlsGetValue
SetFileAttributesW
SetLastError
CopyFileA
ExitProcess
RemoveDirectoryA
LoadLibraryExA
GetPrivateProfileStringA
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
GetModuleHandleA
LockFileEx
CreateThread
SetFileAttributesA
GetExitCodeThread
SetUnhandledExceptionFilter
MulDiv
GetSystemDirectoryA
SetEnvironmentVariableA
TerminateProcess
WriteConsoleA
GlobalAlloc
SearchPathA
GetVersion
GetProcAddress
SetCurrentDirectoryA
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
lstrcmpiA
GetExitCodeProcess
QueryPerformanceCounter
GetTickCount
TlsAlloc
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetStartupInfoA
GetFileSize
CreateDirectoryA
DeleteFileA
SetFileValidData
GetWindowsDirectoryA
GlobalLock
CompareStringW
lstrcmpA
FindFirstFileA
GetCurrentThreadId
WTSGetActiveConsoleSessionId
InterlockedIncrement
GetProfileStringA
CompareStringA
GetTempFileNameA
FindNextFileA
DuplicateHandle
ExpandEnvironmentStringsA
GetCurrentDirectoryW
GetTimeZoneInformation
IsDebuggerPresent
GetFileType
TlsSetValue
CreateFileA
HeapAlloc
LeaveCriticalSection
GetLastError
LCMapStringW
CreateNamedPipeW
lstrlenA
GlobalFree
GetConsoleCP
LCMapStringA
LocalFileTimeToFileTime
GetProcessTimes
GetEnvironmentStringsW
GlobalUnlock
LockFile
GetModuleFileNameA
GetShortPathNameA
VirtualFree
GetEnvironmentStrings
CompareFileTime
WritePrivateProfileStringA
GetCurrentProcessId
SetFileTime
GetCPInfo
HeapSize
GetCommandLineA
GetSystemDefaultLangID
TlsFree
SetFilePointer
ReadFile
CloseHandle
lstrcpynA
GetACP
GetModuleHandleW
CreateProcessA
IsValidCodePage
HeapCreate
CreateProcessW
HeapReAlloc
Sleep
SetMailslotInfo
FindResourceA
VirtualAlloc
GetOEMCP
GetMessageA
DrawAnimatedRects
GetScrollPos
IsWindow
RegisterClipboardFormatA
CharUpperW
DialogBoxParamW
CharToOemBuffW
GetDlgItemTextW
SetScrollInfo
GetIconInfo
PrintWindow
GetAltTabInfoA
GetDlgItem
SystemParametersInfoW
SetScrollPos
GetClassLongA
wsprintfA
OemToCharA
DefDlgProcA
InvalidateRgn
DefDlgProcW
OpenClipboard
VerQueryValueA
OleCreateMenuDescriptor
CoLockObjectExternal
Number of PE resources by type
RT_CURSOR 16
RT_GROUP_CURSOR 15
RT_STRING 14
RT_DIALOG 7
RT_BITMAP 3
RT_VERSION 1
Number of PE resources by language
ENGLISH US 55
NEUTRAL 1
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
9.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
7.1.0.1664

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Virtual BootRun Service

CharacterSet
Unicode

InitializedDataSize
93696

EntryPoint
0x2bf98

OriginalFileName
bootrun.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright 1998-2011 VMware, Inc.

FileVersion
7.1.0 build-895003

TimeStamp
2015:10:24 23:45:30+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
bootrun

OLESelfRegister
yes (bootrun -service)

ProductVersion
7.1.0 build-895003

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
VMware, Inc.

CodeSize
231424

ProductName
VMware Virtual Image Editing Framework

ProductVersionNumber
7.1.0.1664

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 e507692bd22a2485589df639d1f5a3b7
SHA1 b9854320046bd539e422f514e3c0bf956b945573
SHA256 8402feb2774408499cf35416167bc970d8923ca3f25a06b61b7d1ca0ea5a361b
ssdeep
6144:I6XtAR85CClRoUgCC4RYNQCCuRIGgCCyRY3wCC49PYWRxsjqZ0dbHsnQ9ALq8evw:T6RnHvdbHsnQ9ALqRaVS/w

authentihash 137b085c5864de1ae403534c7c62d87c780f01b6864e68e8a192e58d40384aa7
imphash 1234a23006d278f01b8866e91223287d
File size 318.5 KB ( 326144 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2015-10-25 01:13:04 UTC ( 3 years, 3 months ago )
Last submission 2018-04-26 10:26:34 UTC ( 9 months, 3 weeks ago )
File names bootrun
bootrun.exe
nut50a405.exe
274_e507692bd22a2485589df639d1f5a3b7_D33E.exe
Advanced heuristic and reputation engines
TrendMicro-HouseCall
TrendMicro's heuristic engine has flagged this file as: TROJ_GEN.R08NC0DJS15.

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Created processes
Created mutexes
Opened mutexes
Searched windows
Runtime DLLs
Additional details
The file uses the IsDebuggerPresent Windows API function in order to see whether it is being debugged.