× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 85faa61e2d4a7ea05191b858fdd51762bf2f738f2a5a81ff2f46931514baa977
File name: Kopie von suka.exe
Detection ratio: 8 / 55
Analysis date: 2015-12-08 19:15:37 UTC ( 3 years, 3 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.Cripack.Gen.1 20151208
Arcabit Trojan.Cripack.Gen.1 20151208
BitDefender Trojan.Cripack.Gen.1 20151208
Emsisoft Trojan.Cripack.Gen.1 (B) 20151208
GData Trojan.Cripack.Gen.1 20151208
Kaspersky UDS:DangerousObject.Multi.Generic 20151208
eScan Trojan.Cripack.Gen.1 20151208
Qihoo-360 HEUR/QVM07.1.Malware.Gen 20151208
AegisLab 20151208
Yandex 20151208
AhnLab-V3 20151208
Alibaba 20151208
ALYac 20151208
Antiy-AVL 20151208
Avast 20151208
AVG 20151208
Avira (no cloud) 20151208
AVware 20151208
Baidu-International 20151208
Bkav 20151208
ByteHero 20151208
CAT-QuickHeal 20151208
ClamAV 20151208
CMC 20151201
Comodo 20151202
Cyren 20151208
DrWeb 20151208
ESET-NOD32 20151208
F-Prot 20151208
F-Secure 20151208
Fortinet 20151208
Ikarus 20151208
Jiangmin 20151207
K7AntiVirus 20151208
K7GW 20151208
Malwarebytes 20151208
McAfee 20151208
McAfee-GW-Edition 20151208
Microsoft 20151208
NANO-Antivirus 20151208
nProtect 20151208
Panda 20151208
Rising 20151208
Sophos AV 20151208
SUPERAntiSpyware 20151208
Symantec 20151208
Tencent 20151208
TheHacker 20151205
TrendMicro 20151208
TrendMicro-HouseCall 20151208
VBA32 20151208
VIPRE 20151208
ViRobot 20151208
Zillya 20151208
Zoner 20151208
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2008-10-01 11:23:01
Entry Point 0x00046860
Number of sections 4
PE sections
PE imports
RegCreateKeyW
RegRestoreKeyW
SetPrivateObjectSecurity
RegFlushKey
ObjectDeleteAuditAlarmA
GetSecurityDescriptorGroup
RegOpenKeyExW
LookupAccountNameW
RegOpenKeyExA
GetSecurityDescriptorOwner
GetTrusteeFormA
SetSecurityDescriptorSacl
GetTokenInformation
CloseEventLog
LsaQueryTrustedDomainInfo
ImpersonateSelf
SetEntriesInAclW
GetSecurityDescriptorSacl
LsaRetrievePrivateData
LsaQueryInformationPolicy
GetMultipleTrusteeW
SetKernelObjectSecurity
RegCreateKeyExW
LookupPrivilegeValueA
SetNamedSecurityInfoA
DuplicateTokenEx
RegOverridePredefKey
RegCreateKeyExA
GetAclInformation
RegQueryValueExW
GetSidSubAuthority
AddAccessAllowedAce
ClearEventLogW
RegQueryMultipleValuesA
NotifyBootConfigStatus
BuildExplicitAccessWithNameA
CreateProcessAsUserA
BuildExplicitAccessWithNameW
DeleteAce
ReadEventLogA
GetEffectiveRightsFromAclA
SetNamedSecurityInfoW
GetEffectiveRightsFromAclW
GetServiceKeyNameW
DecryptFileA
GetServiceKeyNameA
DeleteService
GetSecurityDescriptorLength
QueryServiceConfig2A
ChangeServiceConfig2W
GetTrusteeTypeW
LsaClose
QueryServiceConfig2W
LsaLookupNames
IsValidSid
GetSidIdentifierAuthority
RegisterServiceCtrlHandlerW
LockServiceDatabase
LsaAddAccountRights
BuildImpersonateTrusteeW
BuildTrusteeWithNameA
RegEnumKeyExA
MapGenericMask
LsaFreeMemory
RevertToSelf
StartServiceW
MakeSelfRelativeSD
GetOldestEventLogRecord
EnumDependentServicesW
ObjectOpenAuditAlarmW
IsValidSecurityDescriptor
RegDeleteKeyA
GetExplicitEntriesFromAclW
GetSecurityDescriptorControl
IsTokenRestricted
GetAce
AdjustTokenPrivileges
RegDeleteKeyW
EqualPrefixSid
AbortSystemShutdownW
RegQueryValueA
GetKernelObjectSecurity
LookupPrivilegeDisplayNameA
SetTokenInformation
RegOpenKeyW
LsaEnumerateAccountRights
RegConnectRegistryA
LookupPrivilegeNameW
EncryptFileA
EncryptFileW
GetLengthSid
ObjectCloseAuditAlarmA
InitializeSid
RegQueryInfoKeyA
BuildTrusteeWithSidA
QueryServiceObjectSecurity
BackupEventLogA
PrivilegeCheck
ChangeServiceConfigW
OpenSCManagerW
EnumDependentServicesA
FlatSB_SetScrollProp
ImageList_GetImageInfo
FlatSB_GetScrollProp
Ord(17)
Ord(5)
ImageList_SetDragCursorImage
FlatSB_SetScrollRange
ImageList_AddMasked
ImageList_DrawIndirect
ImageList_GetDragImage
ImageList_DrawEx
ImageList_SetIconSize
Ord(15)
UninitializeFlatSB
ImageList_GetImageCount
ImageList_SetOverlayImage
ImageList_Destroy
_TrackMouseEvent
ImageList_Draw
ImageList_GetIconSize
Ord(6)
ImageList_GetBkColor
ImageList_Duplicate
CreateStatusWindowW
Ord(8)
FlatSB_GetScrollPos
ImageList_DragLeave
ImageList_DragShowNolock
Ord(16)
CreatePropertySheetPageA
Ord(13)
ImageList_LoadImageW
GetLogColorSpaceA
CreateICA
AnimatePalette
GdiGetBatchLimit
CreateMetaFileA
CreateColorSpaceA
CreateEllipticRgnIndirect
CreateRectRgnIndirect
SetWinMetaFileBits
CreateDIBSection
Beep
DeviceIoControl
GetCommConfig
GetModuleHandleA
CreateIoCompletionPort
CreateProcessW
GetStartupInfoA
EnumResourceNamesA
FlushViewOfFile
_acmdln
fputs
__p__fmode
_adjust_fdiv
__p__commode
_controlfp
vswprintf
__getmainargs
_initterm
div
__set_app_type
__setusermatherr
__threadid
VarDecFromDisp
VarDecFromUI2
VarMul
VarCyNeg
LHashValOfNameSysA
SafeArrayCreate
VarCyFromI4
VarDecMul
VarI1FromUI2
VarUI4FromBool
SafeArrayLock
VARIANT_UserFree
VarI1FromI4
SafeArraySetRecordInfo
VarDecRound
VarDecAdd
OleLoadPictureEx
SysAllocString
SystemTimeToVariantTime
VarUI1FromI2
SysReAllocString
VarCat
VarDecFromI2
VarFormatFromTokens
VarDecFromI4
VarCyFix
VarBoolFromDisp
SafeArraySetIID
VarI1FromDec
SafeArrayCreateVector
SafeArrayGetUBound
VarCyFromDec
SysAllocStringByteLen
OleLoadPicturePath
VarInt
CreateDispTypeInfo
VarUI4FromI1
VARIANT_UserMarshal
SafeArrayGetLBound
DispGetIDsOfNames
VarI1FromR4
VarR4FromBool
VarDecAbs
VarCyFromDisp
VarUI2FromDisp
SafeArrayCreateEx
VarUI2FromStr
VarCyFromR4
VarR4FromI1
VarCyFromR8
VarI2FromStr
VarCyRound
VarBoolFromI1
SafeArrayAllocData
VarBstrFromI2
SafeArrayDestroyDescriptor
VarBstrFromI1
VarUI2FromBool
VarBoolFromStr
VarDecFromBool
VarSub
LoadRegTypeLib
VarR8FromStr
VarCyFromStr
RegisterTypeLib
VarBstrFromR4
VARIANT_UserUnmarshal
RevokeActiveObject
VarI2FromI4
VarBstrFromUI1
LPSAFEARRAY_UserFree
VarBstrFromUI4
VarDecFromCy
VarUI2FromR8
VarUI1FromUI4
VarR8FromDec
VariantInit
VarR8FromUI1
VarI1FromDate
VarBstrCat
VarUI4FromDisp
VarMonthName
VectorFromBstr
VarI1FromDisp
VarDecDiv
VarOr
VariantClear
VarI1FromStr
VarDateFromUI4
VarDateFromUI2
DragQueryFileW
SHQueryRecycleBinW
SHBrowseForFolderW
SHChangeNotify
SHFileOperationW
SHGetDiskFreeSpaceA
SHBrowseForFolderA
SHQueryRecycleBinA
SHGetFileInfoA
Ord(180)
ShellExecuteExA
SHGetPathFromIDListW
SHInvokePrinterCommandA
SHEmptyRecycleBinA
SHGetFileInfoW
SHGetDesktopFolder
SHGetPathFromIDListA
SHGetMalloc
SHLoadInProc
ShellAboutA
DragAcceptFiles
ShellAboutW
Ord(179)
SHGetSpecialFolderPathA
SHFreeNameMappings
SHGetSpecialFolderPathW
SHGetDataFromIDListW
FindExecutableA
ShellExecuteW
ExtractIconExW
SHGetInstanceExplorer
SHGetSpecialFolderLocation
ShellExecuteA
DoEnvironmentSubstW
CreateIconFromResourceEx
CreateIconFromResource
ChooseColorA
CommDlgExtendedError
Number of PE resources by type
t44R6 1
RT_MENU 1
RT_BITMAP 1
Number of PE resources by language
ENGLISH UK 3
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
7.0

ImageVersion
0.0

FileVersionNumber
0.234.206.102

UninitializedDataSize
0

LanguageCode
Neutral

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
167936

EntryPoint
0x46860

OriginalFileName
Rivalled.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright 2017

FileVersion
139, 144, 170, 10

TimeStamp
2008:10:01 12:23:01+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Snored

ProductVersion
181, 205, 111, 192

FileDescription
Politicking

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

CompanyName
Bits Per Second Ltd

CodeSize
286720

FileSubtype
0

ProductVersionNumber
0.141.224.53

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 be87ca35e01dba973d7f95caef9a29c5
SHA1 af659fd4534a05e712e3c4f33e4c67db10d6f481
SHA256 85faa61e2d4a7ea05191b858fdd51762bf2f738f2a5a81ff2f46931514baa977
ssdeep
6144:ar1C4rR2HrAPXuygECSdt3v85xpgmxINtdwyGNhiP7H543ufWdwFGaGjFcM/DQ3u:a53RMAHhpyprotdwv+4BCkaCFcMc9NOo

authentihash aae7a5c2478c02f205f0501c7f2bef316407bffcf9a3db58362cf56d5f5d15be
imphash 98f7b1a6277b48e917b656b770d07b6b
File size 348.0 KB ( 356352 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Tags
peexe

VirusTotal metadata
First submission 2015-12-08 15:37:58 UTC ( 3 years, 3 months ago )
Last submission 2016-04-06 14:07:50 UTC ( 2 years, 11 months ago )
File names Kopie von suka.exe
be87ca35e01dba973d7f95caef9a29c5.exe
guf.exe
binary_be87ca35e01dba973d7f95caef9a29c5_20151213.bin
Advanced heuristic and reputation engines
TrendMicro-HouseCall
TrendMicro's heuristic engine has flagged this file as: TROJ_GEN.R021C0CLB15.

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Code injections in the following processes
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Runtime DLLs
HTTP requests
DNS requests
TCP connections