× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 856eea6c46708690bd2bafe3278f00d203b7bdab6d8f13ee988bd5b51b9b3dd9
File name: 4377dcc591f87cc24e75f8c69a2a7f8f
Detection ratio: 44 / 51
Analysis date: 2014-04-08 01:16:20 UTC ( 1 week, 5 days ago )
Antivirus Result Update
AVG Generic_s.AQR 20140407
Ad-Aware Trojan.Generic.KDV.866875 20140408
Agnitum Trojan.PWS.Tepfer!9y3eGBC4mT8 20140407
AhnLab-V3 Trojan/Win32.Tepfer 20140407
AntiVir TR/Spy.ZBot.EB.201 20140408
Antiy-AVL Trojan[PSW]/Win32.Tepfer 20140407
Avast Win32:LockScreen-SL [Trj] 20140407
BitDefender Trojan.Generic.KDV.866875 20140408
CAT-QuickHeal Trojan.Urausy.C 20140407
CMC Trojan-PSW.Win32.Tepfer!O 20140407
Commtouch W32/FakeAlert.XH.gen!Eldorado 20140408
Comodo TrojWare.Win32.Kryptik.AUOV 20140408
DrWeb Trojan.Packed.24465 20140408
ESET-NOD32 Win32/Kryptik.AUWY.Gen 20140408
Emsisoft Trojan.Generic.KDV.866875 (B) 20140408
F-Prot W32/FakeAlert.XH.gen!Eldorado 20140408
F-Secure Trojan.Generic.KDV.866875 20140407
Fortinet W32/Kryptik.KZ!tr 20140407
GData Trojan.Generic.KDV.866875 20140408
Ikarus Virus.Agent 20140408
Jiangmin Trojan/Tepfer.Gen 20140407
K7AntiVirus Trojan ( 0040f0941 ) 20140407
K7GW Trojan ( 0040f0941 ) 20140407
Kaspersky Trojan-PSW.Win32.Tepfer.gclw 20140408
Kingsoft Win32.PSWTroj.Tepfer.gc.(kcloud) 20140408
Malwarebytes Trojan.LameShield 20140408
McAfee BackDoor-FJW 20140408
McAfee-GW-Edition BackDoor-FANG!4377DCC591F8 20140408
MicroWorld-eScan Trojan.Generic.KDV.866875 20140408
Microsoft PWS:Win32/Zbot.gen!GO 20140408
NANO-Antivirus Trojan.Win32.Tepfer.csmioe 20140408
Norman Kryptik.RMX 20140407
Panda Trj/Tepfer.B 20140407
Qihoo-360 HEUR/Malware.QVM20.Gen 20140408
Rising PE:Trojan.Win32.Generic.141C2953!337389907 20140406
SUPERAntiSpyware Trojan.Agent/Gen-RogueRel 20140408
Sophos Mal/Zbot-KR 20140408
Symantec Trojan.Ransomlock!g39 20140408
TotalDefense Win32/ZBot.AR!generic 20140407
TrendMicro TROJ_FAKEAV.BMC 20140408
TrendMicro-HouseCall TROJ_FAKEAV.SMCC 20140407
VBA32 TrojanPSW.Tepfer 20140407
VIPRE Trojan.Win32.Tepfer.a (v) 20140407
nProtect Trojan-PWS/W32.Tepfer.309760.B 20140408
AegisLab 20140408
Baidu-International 20140407
Bkav 20140407
ByteHero 20140408
ClamAV 20140408
TheHacker 20140407
ViRobot 20140407
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-01-23 18:07:38
Link date 7:07 PM 1/23/2013
Entry Point 0x0000107C
Number of sections 4
PE sections
PE imports
GetStdHandle
GetFileAttributesA
GlobalFree
SetEvent
GetTickCount
VirtualProtect
LoadLibraryA
GetLocalTime
GetStartupInfoA
GetPriorityClass
GetFileSize
HeapSize
CreateDirectoryW
DeleteFileW
GetProcessHeap
CreateSemaphoreA
MapViewOfFile
CreateMutexW
CreateHardLinkW
OpenSemaphoreA
Sleep
ReadConsoleW
CreateFileA
SetLastError
FindServices
SsdpStartup
SsdpCleanup
CleanupCache
DllUnregisterServer
Number of PE resources by type
RT_ICON 2
Number of PE resources by language
FRENCH BELGIAN 2
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2013:01:23 19:07:38+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
1024

LinkerVersion
11.0

FileAccessDate
2014:04:08 02:15:55+01:00

EntryPoint
0x107c

InitializedDataSize
307712

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

FileCreateDate
2014:04:08 02:15:55+01:00

UninitializedDataSize
0

File identification
MD5 4377dcc591f87cc24e75f8c69a2a7f8f
SHA1 18f6db02c0ca4fe7015c1e1aacb9bcb50a8eaf8c
SHA256 856eea6c46708690bd2bafe3278f00d203b7bdab6d8f13ee988bd5b51b9b3dd9
ssdeep
6144:nkPUwiPypEV8yny4EEkjXhAQm5J+3y9WebYUGSsYHGChDw3nB:dwiP8yyCkThA95ky0kYUGSzRm

imphash 994a2660d26724bb1e3ecfbcb39e7bdc
File size 302.5 KB ( 309760 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Generic Win/DOS Executable (49.9%)
DOS Executable Generic (49.8%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)
Tags
peexe

VirusTotal metadata
First submission 2013-02-20 16:54:09 UTC ( 1 year, 1 month ago )
Last submission 2013-02-24 13:06:27 UTC ( 1 year, 1 month ago )
File names 8b5c4f1102a9a6597f2f7e02a4421a50221117aa
wgsdgsdgdsgsd.exe
4377dcc591f87cc24e75f8c69a2a7f8f
holds_edge.php?tf=1g:1g:1n:1h:32&ie=30:33:1h:1h:1j:1j:1h:1m:1o:33&f=1f&vm=g&ba=k
info.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Set keys
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
UDP communications