× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 8d155dd7e6c8245a378b58f658037de7880a319e8d91650febbcbc6cf2105230
File name: Auto Hot Key By Palash.exe
Detection ratio: 3 / 51
Analysis date: 2014-03-22 10:01:24 UTC ( 1 month ago )
Antivirus Result Update
DrWeb Trojan.PWS.Siggen1.27395 20140322
Jiangmin Trojan/Writos.df 20140322
VBA32 Trojan.Fsysna 20140321
AVG 20140322
Ad-Aware 20140322
AegisLab 20140322
Agnitum 20140321
AhnLab-V3 20140321
AntiVir 20140322
Antiy-AVL 20140320
Avast 20140322
Baidu-International 20140322
BitDefender 20140322
Bkav 20140322
ByteHero 20140322
CAT-QuickHeal 20140320
CMC 20140319
ClamAV 20140322
Commtouch 20140322
Comodo 20140322
ESET-NOD32 20140322
Emsisoft 20140322
F-Prot 20140322
F-Secure 20140322
Fortinet 20140322
GData 20140322
Ikarus 20140322
K7AntiVirus 20140321
K7GW 20140321
Kaspersky 20140322
Kingsoft 20140322
Malwarebytes 20140322
McAfee 20140322
McAfee-GW-Edition 20140322
MicroWorld-eScan 20140322
Microsoft 20140322
NANO-Antivirus 20140322
Norman 20140322
Panda 20140321
Qihoo-360 20140322
Rising 20140321
SUPERAntiSpyware 20140322
Sophos 20140322
Symantec 20140322
TheHacker 20140321
TotalDefense 20140321
TrendMicro 20140322
TrendMicro-HouseCall 20140322
VIPRE 20140322
ViRobot 20140322
nProtect 20140321
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block
Copyright
Copyright (c) 2012 Steve Gray

Product AutoHotkey_L
File version 1.1.09.04
Description AutoHotkey_L Setup
Packers identified
F-PROT 7Z, Unicode, 7Z, appended, Unicode, 7Z, appended, 7Z, 7Z, Unicode, 7Z, 7Z, 7Z, appended, 7Z, 7Z, appended, 7Z, 7Z, appended, 7Z, 7Z, appended, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, appended, 7Z, 7Z, 7Z, 7Z, appended, 7Z, 7Z, appended, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, appended, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, 7Z, UTF-8, 7Z, 7Z
PEiD Armadillo v1.71
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2010-11-18 18:41:55
Link date 7:41 PM 11/18/2010
Entry Point 0x0000643F
Number of sections 4
PE sections
PE imports
GetLastError
GetModuleFileNameW
WaitForSingleObject
GetTickCount
GetStartupInfoA
GetCurrentProcessId
SetFileTime
GetCommandLineW
CreateDirectoryW
DeleteFileW
GetModuleHandleA
RemoveDirectoryW
SetFilePointer
FindNextFileW
GetTempPathW
ReadFile
FindFirstFileW
WriteFile
CreateFileW
CreateProcessW
FindClose
SetFileAttributesW
GetCurrentThreadId
CloseHandle
__p__fmode
malloc
memset
strlen
_except_handler3
wcslen
wcscmp
exit
_XcptFilter
memcmp
__setusermatherr
_controlfp
_adjust_fdiv
_acmdln
__p__commode
free
wcscat
__getmainargs
memcpy
memmove
wcscpy
_initterm
_exit
__set_app_type
ShellExecuteExW
MessageBoxA
Number of PE resources by type
RT_ICON 7
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 10
ExifTool file metadata
SubsystemVersion
4.0

InitializedDataSize
32768

ImageVersion
0.0

ProductName
AutoHotkey_L

FileVersionNumber
1.1.9.4

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

CharacterSet
Unicode

LinkerVersion
6.0

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
1.1.09.04

TimeStamp
2010:11:18 19:41:55+01:00

FileType
Win32 EXE

PEType
PE32

FileAccessDate
2014:03:22 10:56:05+01:00

ProductVersion
1.1.09.04

FileDescription
AutoHotkey_L Setup

OSVersion
4.0

FileCreateDate
2014:03:22 10:56:05+01:00

FileOS
Windows NT 32-bit

LegalCopyright
Copyright (c) 2012 Steve Gray

MachineType
Intel 386 or later, and compatibles

CodeSize
22016

FileSubtype
0

ProductVersionNumber
1.1.9.4

EntryPoint
0x643f

ObjectFileType
Executable application

CarbonBlack CarbonBlack acts as a surveillance camera for computers
While monitoring an end-user machine in-the-wild, CarbonBlack noticed the following files in execution wrote this sample to disk.
Compressed bundles
File identification
MD5 9917f2351bacfcc698082f52e4ce4bfc
SHA1 baf135c988dbd3f19cca92638c1b3e335455d8c5
SHA256 8d155dd7e6c8245a378b58f658037de7880a319e8d91650febbcbc6cf2105230
ssdeep
49152:2p6num0tjZN2RzhovbtYFMlusF7El8bAlHry7ozVbx8rGAFdmruk:2p6wj5uFJsF7ERHrIMKrFdK

imphash fa4d5c869351014d1ce952f2833a7558
File size 2.5 MB ( 2623134 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe armadillo

VirusTotal metadata
First submission 2013-03-14 13:07:12 UTC ( 1 year, 1 month ago )
Last submission 2014-03-22 10:01:24 UTC ( 1 month ago )
File names file-5259364_exe
AutoHotkey_L_Install_2.exe
Auto Hot Key By Palash.exe
AUTOHO~1.EXE
AutoHotkey_L_Install.exe
Auto Hot Key By Mr-Cracker.exe
output.2844926.txt
AutoHotkey_L_Install.exe
AutoHotkey_L_Install old.exe
autohotkey_l_install.exe
AutoHotkey_L_Install(1).exe
AutoHotkey110904_Install.exe
2844926
AutoHotkey_L_Install (4).exe
AutoHotkey_L_Install (1).exe
2AutoHotkey_L_Install.exe
test.exe
autohotkey.exe
AutoHotkey_L_Install110904.exe
AutoHotkey.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!