× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 8495cedf3b8d2d708cc5157ff6eff1328443359a2793ad42270222ce4e88fb9b
File name: AAE4.tmp
Detection ratio: 9 / 55
Analysis date: 2015-01-21 14:12:29 UTC ( 4 years, 2 months ago ) View latest
Antivirus Result Update
AhnLab-V3 Trojan/Win32.MDA 20150121
AVG Inject2.BLXP 20150121
ESET-NOD32 a variant of Win32/Injector.BTEH 20150121
Kaspersky UDS:DangerousObject.Multi.Generic 20150121
Malwarebytes Trojan.Agent.ED 20150121
Microsoft PWS:Win32/Zbot.gen!VM 20150121
Panda Trj/Chgt.O 20150121
Sophos AV Mal/Generic-S 20150121
SUPERAntiSpyware Trojan.Agent/Gen-Ransom 20150121
Ad-Aware 20150121
Yandex 20150121
Alibaba 20150120
ALYac 20150121
Antiy-AVL 20150121
Avast 20150121
Avira (no cloud) 20150121
AVware 20150121
Baidu-International 20150121
BitDefender 20150121
Bkav 20150121
ByteHero 20150121
CAT-QuickHeal 20150121
ClamAV 20150121
CMC 20150120
Comodo 20150121
Cyren 20150121
DrWeb 20150121
Emsisoft 20150121
F-Prot 20150121
F-Secure 20150121
Fortinet 20150121
GData 20150121
Ikarus 20150121
Jiangmin 20150120
K7AntiVirus 20150121
Kingsoft 20150121
McAfee 20150121
McAfee-GW-Edition 20150121
eScan 20150121
NANO-Antivirus 20150121
Norman 20150121
nProtect 20150121
Qihoo-360 20150121
Rising 20150121
Symantec 20150121
Tencent 20150121
TheHacker 20150121
TotalDefense 20150121
TrendMicro 20150121
TrendMicro-HouseCall 20150121
VBA32 20150121
VIPRE 20150121
ViRobot 20150121
Zillya 20150121
Zoner 20150121
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-01-08 18:03:46
Entry Point 0x00001579
Number of sections 5
PE sections
PE imports
GetDeviceCaps
SelectObject
CreateCompatibleDC
CreateCompatibleBitmap
StretchBlt
GetStartupInfoA
GetFileSize
GetModuleHandleA
ReadFile
GlobalAlloc
MulDiv
CreateFileA
GlobalUnlock
GetModuleFileNameA
GlobalLock
CloseHandle
Ord(1775)
Ord(4080)
Ord(537)
Ord(4710)
Ord(2414)
Ord(3597)
Ord(354)
Ord(1641)
Ord(3136)
Ord(4524)
Ord(554)
Ord(1842)
Ord(5237)
Ord(5577)
Ord(3350)
Ord(1089)
Ord(6375)
Ord(3626)
Ord(4589)
Ord(3798)
Ord(2621)
Ord(3259)
Ord(5290)
Ord(2446)
Ord(5214)
Ord(5301)
Ord(807)
Ord(4163)
Ord(4964)
Ord(6215)
Ord(6625)
Ord(4529)
Ord(815)
Ord(2723)
Ord(366)
Ord(641)
Ord(2494)
Ord(796)
Ord(5277)
Ord(2514)
Ord(4953)
Ord(4425)
Ord(3454)
Ord(4696)
Ord(4441)
Ord(4077)
Ord(1134)
Ord(4465)
Ord(4108)
Ord(5300)
Ord(6175)
Ord(338)
Ord(4627)
Ord(1168)
Ord(3738)
Ord(4853)
Ord(2982)
Ord(617)
Ord(3172)
Ord(4526)
Ord(4234)
Ord(825)
Ord(3081)
Ord(5199)
Ord(5307)
Ord(4242)
Ord(4823)
Ord(2390)
Ord(2542)
Ord(4424)
Ord(4273)
Ord(5260)
Ord(5076)
Ord(4078)
Ord(3059)
Ord(2554)
Ord(4376)
Ord(1945)
Ord(6376)
Ord(5282)
Ord(4614)
Ord(2117)
Ord(1727)
Ord(823)
Ord(813)
Ord(2725)
Ord(640)
Ord(4998)
Ord(5472)
Ord(4436)
Ord(4457)
Ord(800)
Ord(3749)
Ord(4610)
Ord(4899)
Ord(4427)
Ord(4274)
Ord(5261)
Ord(4079)
Ord(4467)
Ord(3058)
Ord(3147)
Ord(2124)
Ord(6052)
Ord(1726)
Ord(560)
Ord(6336)
Ord(4890)
Ord(3262)
Ord(5653)
Ord(674)
Ord(975)
Ord(1576)
Ord(5243)
Ord(5252)
Ord(4353)
Ord(3748)
Ord(5065)
Ord(1665)
Ord(4407)
Ord(4426)
Ord(6117)
Ord(3663)
Ord(3346)
Ord(4303)
Ord(2396)
Ord(4159)
Ord(3831)
Ord(520)
Ord(6374)
Ord(5280)
Ord(986)
Ord(4612)
Ord(3825)
Ord(2976)
Ord(323)
Ord(2535)
Ord(4961)
Ord(3198)
Ord(2985)
Ord(3922)
Ord(5240)
Ord(6080)
Ord(4151)
Ord(2649)
Ord(2510)
Ord(2626)
Ord(1776)
Ord(6000)
Ord(4623)
Ord(324)
Ord(296)
Ord(4238)
Ord(3830)
Ord(5103)
Ord(2385)
Ord(4613)
Ord(4349)
Ord(2878)
Ord(3079)
Ord(2512)
Ord(652)
Ord(4387)
Ord(4420)
Ord(2055)
Ord(2627)
Ord(4837)
Ord(5241)
Ord(5100)
Ord(2399)
Ord(5012)
Ord(2648)
Ord(3065)
Ord(5714)
Ord(5289)
Ord(4545)
Ord(3403)
Ord(4615)
Ord(4622)
Ord(561)
Ord(1746)
Ord(5302)
Ord(1640)
Ord(4543)
Ord(4486)
Ord(2879)
Ord(4723)
Ord(4341)
Ord(529)
Ord(4698)
Ord(5163)
Ord(6055)
Ord(5265)
Ord(5731)
Ord(4858)
Ord(4432)
Ord(5740)
Ord(3571)
Ord(1825)
Ord(4531)
_except_handler3
__p__fmode
_XcptFilter
_acmdln
__CxxFrameHandler
_ftol
__p__commode
__setusermatherr
_setmbcp
__dllonexit
_onexit
exit
_exit
__getmainargs
_initterm
_controlfp
_adjust_fdiv
__set_app_type
Ord(251)
EnableWindow
GetClientRect
InvalidateRect
UpdateWindow
GetOpenFileNameA
CreateStreamOnHGlobal
Number of PE resources by type
RT_STRING 13
RT_DIALOG 1
RT_ICON 1
Struct(241) 1
GIF 1
RT_MENU 1
RT_ACCELERATOR 1
RT_BITMAP 1
RT_GROUP_ICON 1
Number of PE resources by language
SWEDISH 13
NEUTRAL 3
CHINESE SIMPLIFIED 3
GERMAN AUSTRIAN 1
GREEK DEFAULT 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2015:01:08 19:03:46+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
8192

LinkerVersion
6.0

EntryPoint
0x1579

InitializedDataSize
245760

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
12.0

UninitializedDataSize
0

File identification
MD5 21a4b3f517839824c006a7520094bb3d
SHA1 2089b36c7d5cd3c8243bf1e6ee2f4544263899ff
SHA256 8495cedf3b8d2d708cc5157ff6eff1328443359a2793ad42270222ce4e88fb9b
ssdeep
3072:ehcfmw0ObFTsAL3wySZDXLCx3nnb9kueR029j0EDxtvLgNiuce8rsgCpPK:+2xtbFzqDbChnij9dtjgNpP8YgCpPK

authentihash d3736d1a07525b3619e7994e3f884835af63cf7c762eeaaa05d0589ba592fc9b
imphash 633a20b6c2adde5069326367910fd13e
File size 252.5 KB ( 258560 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe

VirusTotal metadata
First submission 2015-01-21 14:12:29 UTC ( 4 years, 2 months ago )
Last submission 2015-03-04 10:25:30 UTC ( 4 years ago )
File names 11_.htm_.exe_
AAE4.tmp
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created processes
Opened mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.