× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 8a066fb2a728990a3bce6de644cff556a5ec9a15c78bdcce44eedcbdc603a54b
File name: pierre6.exe.PD311275-e1141712-09.19.x
Detection ratio: 26 / 55
Analysis date: 2015-04-22 12:09:26 UTC ( 4 years ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.2313656 20150422
Avast Win32:Malware-gen 20150422
AVG Crypt4.RUZ 20150422
AVware Trojan.Win32.Generic!BT 20150422
Baidu-International Worm.Win32.Cridex.qib 20150421
BitDefender Trojan.GenericKD.2313656 20150422
Bkav HW32.Packed.D5DF 20150422
ByteHero Trojan.Malware.Obscu.Gen.004 20150422
Emsisoft Trojan.GenericKD.2313656 (B) 20150422
ESET-NOD32 Win32/Dridex.O 20150422
F-Secure Trojan.GenericKD.2313656 20150422
GData Trojan.GenericKD.2313656 20150422
Ikarus Trojan.Win32.Dridex 20150422
Kaspersky Worm.Win32.Cridex.qib 20150422
Malwarebytes Trojan.InfoStealer.NTI 20150422
McAfee PWS-FBUS!02492B954B48 20150422
eScan Trojan.GenericKD.2313656 20150422
nProtect Trojan.GenericKD.2313656 20150422
Panda Generic Suspicious 20150422
Rising PE:Malware.XPACK-HIE/Heur!1.9C48 20150422
Sophos AV Troj/Agent-AMLS 20150422
Symantec Trojan.Cridex 20150422
Tencent Trojan.Win32.YY.Gen.4 20150422
TrendMicro TROJ_DROPPER.XXTTB 20150422
TrendMicro-HouseCall TROJ_DROPPER.XXTTB 20150422
VIPRE Trojan.Win32.Generic!BT 20150422
AegisLab 20150422
Yandex 20150421
AhnLab-V3 20150421
Alibaba 20150422
ALYac 20150422
Antiy-AVL 20150422
CAT-QuickHeal 20150422
ClamAV 20150422
CMC 20150421
Comodo 20150422
Cyren 20150422
DrWeb 20150422
F-Prot 20150422
Fortinet 20150422
K7AntiVirus 20150422
K7GW 20150422
Kingsoft 20150422
McAfee-GW-Edition 20150422
Microsoft 20150422
NANO-Antivirus 20150422
Norman 20150422
Qihoo-360 20150422
SUPERAntiSpyware 20150422
TheHacker 20150421
TotalDefense 20150422
VBA32 20150422
ViRobot 20150422
Zillya 20150421
Zoner 20150422
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2011-09-30 06:38:53
Entry Point 0x000022AA
Number of sections 5
PE sections
PE imports
DllGetClassObject
GetObjectContext
SafeRef
CoLoadServices
ComSvcsExceptionFilter
ComSvcsLogError
DllCanUnloadNow
MiniDumpW
CosGetCallContext
MTSCreateActivity
GetSystemTimeAdjustment
FileTimeToDosDateTime
DosDateTimeToFileTime
HeapQueryInformation
lstrcpyA
GetMailslotInfo
GetConsoleAliasExesW
VirtualAlloc
GetModuleHandleW
SetConsoleOS2OemFormat
UpdatePerfNameFilesA
SetServiceAsTrustedA
InstallPerfDllW
UnloadPerfCounterTextStringsW
UpdatePerfNameFilesW
RestorePerfRegistryFromFileW
LoadPerfCounterTextStringsA
BackupPerfRegistryToFileW
InstallPerfDllA
UnloadPerfCounterTextStringsA
DllGetClassObject
DllUnregisterServer
DllCanUnloadNow
DllRegisterServer
TestApplyPatchToFileA
ApplyPatchToFileByHandlesEx
ApplyPatchToFileExA
GetFilePatchSignatureA
ApplyPatchToFileW
ApplyPatchToFileExW
ApplyPatchToFileA
ApplyPatchToFileByHandles
TestApplyPatchToFileW
TestApplyPatchToFileByHandles
GetFilePatchSignatureByHandle
GetFilePatchSignatureW
CoUninitialize
CoInitialize
EnableHookObject
CoRegisterClassObject
GetHGlobalFromILockBytes
IsValidIid
RevokeDragDrop
WdtpInterfacePointer_UserSize
UtConvertDvtd16toDvtd32
PropVariantCopy
PathFindExtensionA
PathStripPathW
PathFindExtensionW
PathGetDriveNumberA
StrTrimW
PathRemoveExtensionA
StrCSpnA
PathStripToRootA
PathGetDriveNumberW
StrCmpIW
PathStripToRootW
StrCSpnW
StrTrimA
PathRemoveExtensionW
StrStrA
StrStrIA
PathSkipRootW
StrStrIW
PathStripPathA
PathSkipRootA
StrCmpW
PathFindFileNameW
PathRemoveBlanksA
PathFindFileNameA
StrStrW
PathRemoveBlanksW
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2011:09:30 07:38:53+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
84992

LinkerVersion
2.25

ImageFileCharacteristics
Executable, 32-bit

Warning
Error processing PE data dictionary

EntryPoint
0x22aa

InitializedDataSize
23552

SubsystemVersion
4.0

ImageVersion
5.2

OSVersion
4.0

UninitializedDataSize
0

Compressed bundles
File identification
MD5 02492b954b48f13412a844d689d064f1
SHA1 26ecac9cce058222b9952a676cf5a8e74415fec1
SHA256 8a066fb2a728990a3bce6de644cff556a5ec9a15c78bdcce44eedcbdc603a54b
ssdeep
3072:X6xCi7LTg/I+4IHme9fd9G4XmI/6Mw7uX6ck:X6/7L7OvtXNdSck

authentihash de1ee1487b08730ad77ac4020540eec394cbd374f879869fec7396e784a32c36
imphash 49a681383d8852d252cb0c7b0a2539b2
File size 103.0 KB ( 105472 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (34.2%)
Win32 Executable (generic) (23.4%)
Win16/32 Executable Delphi generic (10.7%)
OS/2 Executable (generic) (10.5%)
Generic Win/DOS Executable (10.4%)
Tags
peexe

VirusTotal metadata
First submission 2015-04-21 07:59:40 UTC ( 4 years ago )
Last submission 2016-01-05 11:22:23 UTC ( 3 years, 4 months ago )
File names 8a066fb2a728990a3bce6de644cff556a5ec9a15c78bdcce44eedcbdc603a54b.bin
8a066fb2a728990a3bce6de644cff556a5ec9a15c78bdcce44eedcbdc603a54b.exe
Malware (1).exe
1002-26ecac9cce058222b9952a676cf5a8e74415fec1
pierre6.exe.PD311275-e1141712-09.19.x
pierre6.exe
144.exe
HpGtNvAn.exe
144.exe
011.exe
02492b954b48f13412a844d689d064f1.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
HTTP requests
DNS requests
TCP connections
UDP communications