× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 88230508b9e0309bc876a400378fd56147c0281058f18d41d5412101b0ae20ac
File name: 2015-04-30-Angler-EK-Payload6.exe
Detection ratio: 30 / 56
Analysis date: 2015-05-02 18:54:14 UTC ( 1 year, 11 months ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Mikey.12462 20150502
Yandex Trojan.PR.Lethic!dIgUiEuFZbM 20150502
ALYac Gen:Variant.Mikey.12462 20150502
Avast Win32:Malware-gen 20150502
AVG Crypt4.YEC 20150502
Avira (no cloud) TR/Crypt.Xpack.192323 20150502
AVware Win32.Malware!Drop 20150502
Baidu-International Trojan.Win32.Lethic.daz 20150502
BitDefender Gen:Variant.Mikey.12462 20150502
Cyren W32/S-0b92b060!Eldorado 20150502
Emsisoft Gen:Variant.Mikey.12462 (B) 20150502
ESET-NOD32 a variant of Win32/Kryptik.DGWM 20150502
F-Prot W32/S-0b92b060!Eldorado 20150502
F-Secure Gen:Variant.Mikey.12462 20150502
Fortinet W32/Kryptik.DGWM!tr 20150502
GData Gen:Variant.Mikey.12462 20150502
Ikarus Trojan.Win32.Crypt 20150502
K7GW Trojan ( 004bf3f31 ) 20150502
Kaspersky Trojan-Proxy.Win32.Lethic.daz 20150502
McAfee Artemis!EF5F9CEFFCD0 20150502
Microsoft Trojan:Win32/Lethic.B 20150502
eScan Gen:Variant.Mikey.12462 20150502
NANO-Antivirus Trojan.Win32.Lethic.drdauc 20150502
Panda Trj/Chgt.O 20150502
Qihoo-360 HEUR/QVM10.1.Malware.Gen 20150502
Sophos Mal/Generic-S 20150502
Symantec WS.Reputation.1 20150502
Tencent Trojan.Win32.YY.Gen.30 20150502
TrendMicro-HouseCall Suspicious_GEN.F47V0430 20150502
VIPRE Win32.Malware!Drop 20150502
AegisLab 20150502
AhnLab-V3 20150502
Alibaba 20150502
Antiy-AVL 20150502
Bkav 20150425
ByteHero 20150502
CAT-QuickHeal 20150502
ClamAV 20150502
CMC 20150501
Comodo 20150502
DrWeb 20150502
Jiangmin 20150430
K7AntiVirus 20150502
Kingsoft 20150502
McAfee-GW-Edition 20150502
Norman 20150502
nProtect 20150430
Rising 20150502
SUPERAntiSpyware 20150502
TheHacker 20150501
TotalDefense 20150430
TrendMicro 20150502
VBA32 20150501
ViRobot 20150502
Zillya 20150501
Zoner 20150430
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (C) Lack 2006-2013

Publisher Principal etc mighty - www.Lack.com
Product Lack
File version 2.0.0.1
Description Gain hollow nails reader thou burst
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-04-30 08:58:30
Entry Point 0x00004692
Number of sections 4
PE sections
PE imports
SetThreadLocale
GetStdHandle
GetConsoleOutputCP
WaitForSingleObject
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
LocalAlloc
SetErrorMode
FreeEnvironmentStringsW
SetStdHandle
GetTempPathA
GetCPInfo
GetStringTypeA
WriteFile
GetSystemTimeAsFileTime
GetDiskFreeSpaceA
GetStringTypeW
SetEvent
LocalFree
SetWaitableTimer
InitializeCriticalSection
LoadResource
GlobalHandle
FindClose
TlsGetValue
FormatMessageA
GetStringTypeExA
SetLastError
GlobalFindAtomA
ExitProcess
FlushFileBuffers
GetModuleFileNameA
EnumCalendarInfoA
LoadLibraryExA
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
SetFilePointer
CreateThread
GlobalAddAtomA
SetUnhandledExceptionFilter
MulDiv
TerminateProcess
WriteConsoleA
VirtualQuery
ChangeTimerQueueTimer
SetEndOfFile
GetVersion
InterlockedIncrement
SetCurrentDirectoryA
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
FreeLibrary
QueryPerformanceCounter
GetTickCount
TlsAlloc
GetVersionExA
LoadLibraryA
RtlUnwind
GetStartupInfoA
GetFileSize
LCMapStringW
GetModuleHandleW
GetProcAddress
GetConsoleScreenBufferInfo
GlobalReAlloc
FindFirstFileA
lstrcpyA
CompareStringA
GlobalLock
CreateEventA
CopyFileA
GetFileType
TlsSetValue
CreateFileA
HeapAlloc
LeaveCriticalSection
GetLastError
GlobalDeleteAtom
GetSystemInfo
lstrlenA
GlobalFree
GetConsoleCP
LCMapStringA
HeapReAlloc
IsDebuggerPresent
GetThreadLocale
GetEnvironmentStringsW
GlobalUnlock
GlobalAlloc
SizeofResource
GetCurrentProcessId
LockResource
WideCharToMultiByte
HeapSize
GetCommandLineA
CopyFileExW
RegisterWaitForSingleObjectEx
RaiseException
TlsFree
GetModuleHandleA
ReadFile
CloseHandle
lstrcpynA
GetACP
GetCurrentThreadId
FreeResource
GetEnvironmentStrings
CreateProcessA
IsValidCodePage
HeapCreate
SleepEx
VirtualFree
Sleep
FindResourceA
VirtualAlloc
GetOEMCP
ResetEvent
Number of PE resources by type
RT_STRING 12
RT_GROUP_CURSOR 6
RT_CURSOR 6
RT_BITMAP 2
RT_MESSAGETABLE 1
RT_MANIFEST 1
RT_ACCELERATOR 1
RT_VERSION 1
Number of PE resources by language
NEUTRAL 13
URDU PAKISTAN 12
KOREAN 2
BENGALI SYS DEFAULT 1
LITHUANIAN 1
NEUTRAL SYS DEFAULT 1
PE resources
ExifTool file metadata
CodeSize
62976

FileDescription
Gain hollow nails reader thou burst

InitializedDataSize
80896

ImageVersion
0.0

ProductName
Lack

FileVersionNumber
4.5.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Windows, Latin1

LinkerVersion
9.0

OriginalFilename
Principal.exe

FileTypeExtension
exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
2.0.0.1

TimeStamp
2015:04:30 09:58:30+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Principal.exe

SubsystemVersion
5.0

ProductVersion
4.0

UninitializedDataSize
0

OSVersion
5.0

FileOS
Windows 16-bit

LegalCopyright
Copyright (C) Lack 2006-2013

MachineType
Intel 386 or later, and compatibles

CompanyName
Principal etc mighty - www.Lack.com

LegalTrademarks
Lack

FileSubtype
0

ProductVersionNumber
3.8.0.0

EntryPoint
0x4692

ObjectFileType
Executable application

PCAP parents
File identification
MD5 ef5f9ceffcd0d5296424ac8eaccf81de
SHA1 04e86208f5234aabccc5a199e6c90bfa9a36860b
SHA256 88230508b9e0309bc876a400378fd56147c0281058f18d41d5412101b0ae20ac
ssdeep
3072:v5ZCoXVhcyMbkmUV+8kfDDffffNfffLffffnWz2kXqp:xZ3XcyMoY

authentihash 513aa741e0e43710ccd2aa1aa97f102d668007abec962e5bf3f9d014f22e7af4
imphash 4aa07cac258032ba284a1ec37ea15b36
File size 141.5 KB ( 144896 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe

VirusTotal metadata
First submission 2015-04-30 10:34:54 UTC ( 1 year, 12 months ago )
Last submission 2015-05-02 18:54:14 UTC ( 1 year, 11 months ago )
File names dq110fjr48.exe
2015-04-30-Angler-EK-Payload6.exe
dq110fjr46.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created processes
Opened mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.