× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 88f7756fec1a6cb5ee148f4c22453d552f67e689c9404e743bcaae12257abb20
File name: eab85a5420932b2b11687988b099ef7a.exe
Detection ratio: 2 / 50
Analysis date: 2014-08-11 15:01:57 UTC ( 4 years, 7 months ago ) View latest
Antivirus Result Update
Malwarebytes Trojan.Agent.ED 20140811
Qihoo-360 Malware.QVM07.Gen 20140811
Ad-Aware 20140811
AegisLab 20140811
Yandex 20140810
AhnLab-V3 20140811
AntiVir 20140811
Antiy-AVL 20140811
Avast 20140811
Baidu-International 20140811
BitDefender 20140811
Bkav 20140811
CAT-QuickHeal 20140811
ClamAV 20140811
CMC 20140809
Commtouch 20140811
Comodo 20140811
DrWeb 20140811
Emsisoft 20140811
ESET-NOD32 20140811
F-Prot 20140811
F-Secure 20140811
Fortinet 20140811
GData 20140811
Ikarus 20140811
Jiangmin 20140811
K7AntiVirus 20140811
K7GW 20140811
Kaspersky 20140811
Kingsoft 20140811
McAfee 20140811
McAfee-GW-Edition 20140810
Microsoft 20140811
eScan 20140811
NANO-Antivirus 20140811
Norman 20140811
nProtect 20140811
Panda 20140811
Rising 20140811
Sophos AV 20140811
SUPERAntiSpyware 20140804
Tencent 20140811
TheHacker 20140808
TotalDefense 20140811
TrendMicro 20140811
TrendMicro-HouseCall 20140811
VBA32 20140811
VIPRE 20140811
ViRobot 20140811
Zoner 20140811
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-07-25 10:13:43
Entry Point 0x0005CF6C
Number of sections 3
PE sections
PE imports
RegDeleteKeyA
GetSidSubAuthorityCount
RegCloseKey
OpenProcessToken
CloseServiceHandle
RegQueryValueExA
RegOpenKeyExW
AdjustTokenPrivileges
RegSetValueExA
RegOpenKeyW
GetLengthSid
RegQueryValueExW
CryptCreateHash
GetDeviceCaps
GetDIBColorTable
SetROP2
CombineRgn
RestoreDC
GetTextFaceW
SelectObject
GetStockObject
PatBlt
SetBkColor
CreateSolidBrush
GetObjectW
BitBlt
ExtSelectClipRgn
EnumFontsA
DeleteObject
StretchBlt
SetTextColor
GetStartupInfoA
GetModuleHandleA
ExitProcess
GetHandleInformation
LoadLibraryA
VirtualAlloc
_amsg_exit
_except_handler3
_acmdln
_adjust_fdiv
_initterm
__p__fmode
_exit
__p__commode
memmove
__setusermatherr
__dllonexit
_onexit
ftell
atoi
fprintf
free
__getmainargs
exit
_controlfp
_XcptFilter
__set_app_type
SysStringLen
SysAllocStringLen
RegisterTypeLib
VariantCopyInd
VariantClear
GetActiveObject
SafeArrayCreate
LoadTypeLib
SafeArrayPutElement
VariantChangeTypeEx
DragQueryFileW
ShellExecuteExA
SHChangeNotify
ShellExecuteW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
ShellExecuteExW
SHGetSpecialFolderPathW
SHGetMalloc
CommandLineToArgvW
ReleaseDC
GetSystemMetrics
GetSysColor
IsWindow
SendMessageW
GetWindowRect
EnableWindow
EndDialog
DestroyWindow
GetDesktopWindow
GetClientRect
MessageBoxW
GetDlgItem
TranslateMessage
SetForegroundWindow
ShowWindow
InvalidateRect
GetDC
SetCursor
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoA
GetFileVersionInfoSizeW
ConnectionFlushCache
GenClientContext
ConnectionOption
ConnectionError
ConnectionMode
ConnectionOpenW
InitSSPIPackage
ConnectionRead
ConnectionClose
InitEnumServers
ConnectionStatus
ConnectionCheckForData
ConnectionServerEnumW
ConnectionWriteOOB
GetNextEnumeration
ConnectionTransact
ConnectionErrorW
ConnectionObjectSize
TermSSPIPackage
ConnectionOpen
CloseEnumServers
CoTaskMemAlloc
HMENU_UserSize
CoCreateInstance
CoDisconnectObject
HBITMAP_UserUnmarshal
CoTaskMemFree
StringFromGUID2
CoSetProxyBlanket
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2014:07:25 11:13:43+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
380928

LinkerVersion
6.0

FileAccessDate
2014:08:18 16:03:56+01:00

EntryPoint
0x5cf6c

InitializedDataSize
90112

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

FileCreateDate
2014:08:18 16:03:56+01:00

UninitializedDataSize
0

File identification
MD5 eab85a5420932b2b11687988b099ef7a
SHA1 87228ab671461bdfd577710e00ea1917e9eb3638
SHA256 88f7756fec1a6cb5ee148f4c22453d552f67e689c9404e743bcaae12257abb20
ssdeep
12288:SmcJKfyGfVHxSTDDwmbhlxqcEOBQOE73vS:SmhBHBmpfevS

imphash a28fa7d35e53a3670219b45325f6646c
File size 400.5 KB ( 410112 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ 5.0 (55.6%)
Win32 Executable MS Visual C++ (generic) (28.6%)
Win32 Dynamic Link Library (generic) (6.0%)
Win32 Executable (generic) (4.1%)
Win16/32 Executable Delphi generic (1.8%)
Tags
peexe

VirusTotal metadata
First submission 2014-08-11 15:01:57 UTC ( 4 years, 7 months ago )
Last submission 2014-08-11 15:01:57 UTC ( 4 years, 7 months ago )
File names eab85a5420932b2b11687988b099ef7a.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Created processes
Code injections in the following processes
Opened mutexes
Runtime DLLs