× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 85018e5c238a7e9acdbf9d04617dc1863a8429ea169e39e5abbb6fc387be1baf
File name: bin.exe
Detection ratio: 2 / 52
Analysis date: 2015-01-12 09:02:21 UTC ( 3 years, 11 months ago ) View latest
Antivirus Result Update
Norman Dridex.K 20150111
Qihoo-360 HEUR/QVM20.1.Malware.Gen 20150112
Ad-Aware 20150111
AegisLab 20150112
Yandex 20150111
AhnLab-V3 20150111
ALYac 20150112
Avast 20150114
AVG 20150111
Avira (no cloud) 20150110
AVware 20150114
Baidu-International 20150112
BitDefender 20150112
Bkav 20150109
ByteHero 20150112
CAT-QuickHeal 20150110
ClamAV 20150112
Comodo 20150112
Cyren 20150111
DrWeb 20150112
ESET-NOD32 20150112
F-Prot 20150111
F-Secure 20150114
Fortinet 20150111
GData 20150112
Ikarus 20150112
Jiangmin 20150112
K7AntiVirus 20150111
K7GW 20150110
Kaspersky 20150112
Kingsoft 20150114
Malwarebytes 20150112
McAfee 20150112
McAfee-GW-Edition 20150112
Microsoft 20150112
eScan 20150111
NANO-Antivirus 20150111
nProtect 20150109
Panda 20150111
Rising 20150111
Sophos AV 20150112
SUPERAntiSpyware 20150111
Symantec 20150112
TheHacker 20150106
TotalDefense 20150111
TrendMicro 20150112
TrendMicro-HouseCall 20150112
VBA32 20150112
VIPRE 20150114
ViRobot 20150109
Zillya 20150111
Zoner 20150107
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Microsoft® Windows® Operating System
Original name HZ.EXE
Internal name Console
File version 5.4.2600.5512 (xpsp.080413-2105)
Description HZ Compiller
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1970-01-01 18:12:16
Entry Point 0x000060D0
Number of sections 8
PE sections
PE imports
GetLastError
Module32FirstW
VerifyVersionInfoA
FindNextVolumeA
GetModuleHandleW
SearchPathA
GetProcessPriorityBoost
GetSystemWindowsDirectoryW
Sleep
GetCurrentThreadId
ExitThread
ShowOwnedPopups
MessageBoxA
isdigit
malloc
abs
Number of PE resources by type
RT_ICON 2
RT_STRING 1
RT_MENU 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 6
PE resources
ExifTool file metadata
UninitializedDataSize
4608

LinkerVersion
2.24

ImageVersion
1.0

FileSubtype
0

FileVersionNumber
5.4.2600.5512

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
HZ Compiller

ImageFileCharacteristics
Executable, No line numbers, 32-bit, No debug

CharacterSet
Unicode

InitializedDataSize
45568

EntryPoint
0x60d0

OriginalFileName
HZ.EXE

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights reserved.

FileVersion
5.4.2600.5512 (xpsp.080413-2105)

TimeStamp
1970:01:01 19:12:16+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Console

ProductVersion
5.4.2600.5512

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
25088

ProductName
Microsoft Windows Operating System

ProductVersionNumber
5.4.2600.5512

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 373c9e5461c2b234f70e4d6102198eff
SHA1 a59e72936cbd4de1cbb8fce53de4c72d1fd9a1b8
SHA256 85018e5c238a7e9acdbf9d04617dc1863a8429ea169e39e5abbb6fc387be1baf
ssdeep
1536:p3YNL53kCxWOKNWuTsluI0hq4q8CQgYGp51KUn:p3YNd3kYWO2Whsqt4QJn

authentihash ea415e9d016fb52e92c820c8d6a669ee45a6b10146d05ca2b230df15e2c8c213
imphash 8b139d5fbade7094b6de2b0d2baedf21
File size 73.0 KB ( 74752 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (61.7%)
Win32 Dynamic Link Library (generic) (14.6%)
Win32 Executable (generic) (10.0%)
OS/2 Executable (generic) (4.5%)
Generic Win/DOS Executable (4.4%)
Tags
peexe

VirusTotal metadata
First submission 2015-01-12 07:29:15 UTC ( 3 years, 11 months ago )
Last submission 2018-10-04 14:58:53 UTC ( 2 months, 1 week ago )
File names bin.exe.malware
0001_83.20.73.100_10.exe
10.exe
Console
TYUhfdtUUUdsf.exe
10.exe
bin-3.exe
373c9e5461c2b234f70e4d6102198eff.exe
HZ.EXE
bin_exe
vti-rescan
bin.exe
373c9e5461c2b234f70e4d6102198eff.vir
bin (1).exe
85018E5C238A7E9ACDBF9D04617DC1863A8429EA169E39E5ABBB6FC387BE1BAF.exe
bin.exe
output.53405860.txt
373c9e5461c2b234f70e4d6102198eff
10.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
HTTP requests
TCP connections