× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 8980c4b9847f835577ae3e3b30d039599f5df286ad00debf8e25ad6a36ef8bc2
File name: ex_mss3.exe
Detection ratio: 9 / 56
Analysis date: 2015-06-01 11:37:03 UTC ( 3 years, 6 months ago ) View latest
Antivirus Result Update
Avast Win32:Malware-gen 20150601
Bkav HW32.Packed.E595 20150601
ESET-NOD32 a variant of Win32/Kryptik.DKEB 20150601
Kaspersky HEUR:Trojan.Win32.Generic 20150601
Malwarebytes Trojan.Agent 20150601
Panda Trj/Chgt.O 20150531
Qihoo-360 HEUR/QVM10.1.Malware.Gen 20150601
Symantec Trojan.Zbot 20150601
TrendMicro-HouseCall TROJ_GEN.R0C1H07F115 20150601
Ad-Aware 20150601
AegisLab 20150601
Yandex 20150601
AhnLab-V3 20150601
Alibaba 20150601
ALYac 20150601
Antiy-AVL 20150601
AVG 20150601
Avira (no cloud) 20150601
AVware 20150601
Baidu-International 20150601
BitDefender 20150601
ByteHero 20150601
CAT-QuickHeal 20150601
ClamAV 20150601
CMC 20150530
Comodo 20150601
Cyren 20150601
DrWeb 20150601
Emsisoft 20150601
F-Prot 20150601
F-Secure 20150601
Fortinet 20150601
GData 20150601
Ikarus 20150601
Jiangmin 20150529
K7AntiVirus 20150601
K7GW 20150601
Kingsoft 20150601
McAfee 20150601
McAfee-GW-Edition 20150601
Microsoft 20150601
eScan 20150601
NANO-Antivirus 20150601
nProtect 20150529
Rising 20150531
Sophos AV 20150601
SUPERAntiSpyware 20150530
Tencent 20150601
TheHacker 20150601
TotalDefense 20150601
TrendMicro 20150601
VBA32 20150529
VIPRE 20150601
ViRobot 20150601
Zillya 20150601
Zoner 20150601
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
WinRAR

Publisher Builded by wolkow70
File version 5.0.0.0
Description WinRAR Archiver v5.0.0.0
Comments Built on 11:04 06 Sep, 2013
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-06-01 05:05:14
Entry Point 0x0001AD21
Number of sections 3
PE sections
PE imports
GetStdHandle
GetConsoleOutputCP
GetPrivateProfileStructA
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
FreeEnvironmentStringsW
SetStdHandle
WideCharToMultiByte
GetStringTypeA
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
MoveFileA
TlsGetValue
SetLastError
TlsAlloc
IsDebuggerPresent
HeapAlloc
GetModuleFileNameA
EnumResourceLanguagesW
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
GetModuleHandleA
SetUnhandledExceptionFilter
SetEnvironmentVariableA
TerminateProcess
WriteConsoleA
SetEndOfFile
GetCurrentThreadId
LeaveCriticalSection
GetNumberFormatW
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
GetLastError
GetOEMCP
QueryPerformanceCounter
GetTickCount
CallNamedPipeA
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetStartupInfoA
CreateDirectoryA
DeleteFileA
CreateDirectoryW
DeleteFileW
GetProcAddress
GetComputerNameExA
CompareStringW
CompareStringA
GetTimeZoneInformation
CreateFileW
GetFileType
TlsSetValue
CreateFileA
ExitProcess
InterlockedIncrement
GlobalGetAtomNameW
DosDateTimeToFileTime
LCMapStringW
GetConsoleCP
LCMapStringA
GetEnvironmentStringsW
GetEnvironmentStrings
GetCurrentProcessId
SetFileTime
GetCPInfo
HeapSize
GetCommandLineA
RaiseException
TlsFree
SetFilePointer
ReadFile
CloseHandle
GetACP
GetModuleHandleW
IsValidCodePage
HeapCreate
VirtualFree
Sleep
VirtualAlloc
glTexCoord3f
wglSwapLayerBuffers
glTexCoord3d
glMultMatrixf
glIndexMask
glEvalMesh2
glLightModelfv
MapWindowPoints
GetMessageA
GetParent
UpdateWindow
DefWindowProcA
ShowWindow
LoadBitmapA
SetWindowPos
CharToOemBuffA
IsWindow
GetWindowRect
DispatchMessageA
EnableWindow
MessageBoxA
PeekMessageA
SetWindowLongA
wvsprintfA
TranslateMessage
GetWindow
CharUpperA
RegisterClassExA
SetWindowTextA
LoadStringA
GetSystemMetrics
GetClientRect
GetDlgItem
OemToCharBuffA
LoadIconA
GetWindowLongA
FindWindowExA
CreateWindowExA
LoadCursorA
OemToCharA
CopyRect
GetClassNameA
GetWindowTextA
DestroyWindow
CharToOemA
Number of PE resources by type
RT_MANIFEST 1
RT_MENU 1
RT_VERSION 1
RT_HTML 1
Number of PE resources by language
RUSSIAN 1
LITHUANIAN 1
ENGLISH US 1
CHINESE HONGKONG 1
PE resources
ExifTool file metadata
SubsystemVersion
5.0

Comments
Built on 11:04 06 Sep, 2013

InitializedDataSize
549888

ImageVersion
0.0

FileVersionNumber
5.0.0.0

UninitializedDataSize
0

LanguageCode
Russian

FileFlagsMask
0x0000

CharacterSet
Windows, Cyrillic

LinkerVersion
9.0

FileTypeExtension
exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
5.0.0.0

TimeStamp
2015:06:01 06:05:14+01:00

FileType
Win32 EXE

PEType
PE32

FileDescription
WinRAR Archiver v5.0.0.0

OSVersion
5.0

FileOS
Win32

LegalCopyright
WinRAR

MachineType
Intel 386 or later, and compatibles

CompanyName
Builded by wolkow70

CodeSize
175616

FileSubtype
0

ProductVersionNumber
5.0.0.0

EntryPoint
0x1ad21

ObjectFileType
Executable application

File identification
MD5 f861d53eccc24d35c2cff25d2b451f53
SHA1 54ccae60cca03ae4ce83eec96f377b96712a6fb4
SHA256 8980c4b9847f835577ae3e3b30d039599f5df286ad00debf8e25ad6a36ef8bc2
ssdeep
12288:jhqTAiqecu5xFZx4og+hpncGDf9IP9lKpsLsc0k69lr34fXUU6SlVsg3eBlMVnF7:lqsEck94oh7jpc0k69J4fkvEVfKlMVF7

authentihash 6546f581710164f66c48bb8daaf96c2dead4cd10a26a09a289c818d78ae9b17d
imphash 8201d24a5b2d205d2c0d3130e35a9625
File size 709.5 KB ( 726528 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable (generic) (52.9%)
Generic Win/DOS Executable (23.5%)
DOS Executable Generic (23.4%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe

VirusTotal metadata
First submission 2015-06-01 11:02:49 UTC ( 3 years, 6 months ago )
Last submission 2015-06-03 10:19:11 UTC ( 3 years, 6 months ago )
File names B632~.exe
_aUKPtiEL.html
ex_mss3.exe
file
f861d53eccc24d35c2cff25d2b451f53.virus
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
HTTP requests
DNS requests
TCP connections