× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 8da0b9a8732c2dbd90ce493f652a8d2f8af4b402d0e7317ae0bd1c40975b3df4
File name: vt-upload-Rx6Jw
Detection ratio: 41 / 53
Analysis date: 2014-06-18 00:19:57 UTC ( 4 years, 9 months ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Symmi.41078 20140618
Yandex Trojan.Caphaw!++69q6KEfhI 20140614
AhnLab-V3 Trojan/Win32.Caphaw 20140617
AntiVir TR/Crypt.ZPACK.84053 20140618
Antiy-AVL Trojan/Win32.SGeneric 20140617
Avast Win32:Malware-gen 20140618
AVG Crypt3.JWA 20140618
Baidu-International Trojan.Win32.Kryptik.bCADR 20140617
BitDefender Gen:Variant.Symmi.41078 20140618
CMC Packed.Win32.FakeAV-Crypter.6!O 20140617
Comodo UnclassifiedMalware 20140618
DrWeb BackDoor.Caphaw.77 20140618
ESET-NOD32 a variant of Win32/Kryptik.CADR 20140617
F-Secure Gen:Variant.Symmi.41078 20140618
Fortinet W32/Caphaw.I!tr 20140617
GData Gen:Variant.Symmi.41078 20140617
Ikarus Backdoor.Win32.Caphaw 20140617
K7AntiVirus Trojan ( 00498f161 ) 20140617
K7GW Trojan ( 050000001 ) 20140617
Kaspersky Trojan.Win32.Yakes.eprj 20140617
Kingsoft Win32.Troj.Generic.a.(kcloud) 20140618
Malwarebytes Trojan.Agent 20140618
McAfee RDN/Generic BackDoor!yn 20140617
McAfee-GW-Edition RDN/Generic BackDoor!yn 20140617
Microsoft Backdoor:Win32/Caphaw.A 20140617
eScan Gen:Variant.Symmi.41078 20140618
NANO-Antivirus Trojan.Win32.Caphaw.cwlwjv 20140617
Norman Troj_Generic.UDINH 20140617
nProtect Trojan/W32.Agent.667648.LA 20140617
Panda Generic Malware 20140617
Qihoo-360 Win32/Trojan.622 20140618
Rising PE:Malware.Obscure!1.9C59 20140617
Sophos AV Troj/Caphaw-BX 20140617
Symantec WS.Reputation.1 20140617
Tencent Win32.Trojan.Yakes.Dks 20140618
TotalDefense Win32/Caphaw.YSDTYZC 20140617
TrendMicro TROJ_GEN.R0C1C0DDP14 20140617
TrendMicro-HouseCall TROJ_GEN.R0C1C0DDP14 20140618
VBA32 Trojan.MTA.01011 20140617
VIPRE Backdoor.Win32.Caphaw 20140618
Zillya Trojan.Yakes.Win32.20606 20140617
AegisLab 20140618
Bkav 20140617
ByteHero 20140618
CAT-QuickHeal 20140617
ClamAV 20140618
Commtouch 20140618
F-Prot 20140618
Jiangmin 20140617
SUPERAntiSpyware 20140617
TheHacker 20140617
ViRobot 20140618
Zoner 20140616
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-04-16 13:52:16
Entry Point 0x000017CF
Number of sections 4
PE sections
PE imports
SelectObject
GetLastError
HeapFree
GetStdHandle
LCMapStringW
VirtualAllocEx
TerminateThread
LoadLibraryW
VirtualProtect
GetOEMCP
LCMapStringA
HeapDestroy
ExitProcess
GetVersionExA
GetEnvironmentStringsW
FlushFileBuffers
GetModuleFileNameA
RtlUnwind
LoadLibraryA
FreeEnvironmentStringsA
HeapAlloc
GetStartupInfoA
GetEnvironmentStrings
GetLocaleInfoA
GetCurrentProcessId
SetHandleCount
GetCPInfo
UnhandledExceptionFilter
MultiByteToWideChar
HeapSize
FreeEnvironmentStringsW
DeleteFileW
GetProcAddress
GetSystemInfo
SetStdHandle
SetFilePointer
RaiseException
WideCharToMultiByte
GetStringTypeA
GetModuleHandleA
ReadFile
InterlockedExchange
WriteFile
GetCurrentProcess
CloseHandle
GetSystemTimeAsFileTime
GetCommandLineA
GetACP
HeapReAlloc
GetStringTypeW
TerminateProcess
ResumeThread
QueryPerformanceCounter
HeapCreate
VirtualQuery
VirtualFree
GetFileType
GetTickCount
GetCurrentThreadId
VirtualAlloc
acmStreamSize
DrawDibEnd
DrawDibBegin
VariantClear
EnableWindow
PostMessageA
SCardCancel
Number of PE resources by type
RT_ICON 8
RT_BITMAP 3
RT_DIALOG 1
RT_STRING 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
RUSSIAN 15
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
7.1

ImageVersion
0.0

FileVersionNumber
3.0.2.2

LanguageCode
Russian

FileFlagsMask
0x0017

CharacterSet
Unknown (34B2)

InitializedDataSize
733184

MIMEType
application/octet-stream

TimeStamp
2014:04:16 14:52:16+01:00

FileType
Win32 EXE

PEType
PE32

FileAccessDate
2014:06:18 01:23:10+01:00

SubsystemVersion
4.0

OSVersion
4.0

FileCreateDate
2014:06:18 01:23:10+01:00

FileOS
Unknown (0)

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
40960

FileSubtype
0

ProductVersionNumber
3.0.2.2

EntryPoint
0x17cf

ObjectFileType
Unknown

File identification
MD5 0452be76d557e5ead1f6a350884b9954
SHA1 841aacc92a9e50a777c92bcbc6a922ace6f0f92a
SHA256 8da0b9a8732c2dbd90ce493f652a8d2f8af4b402d0e7317ae0bd1c40975b3df4
ssdeep
3072:sv4L97ilsK/YlQwZd3O+DfoaXXPfZHAXC74DuFXJZDOOdoQpxo91:/YlsK/UdhDJvfZ5k6JZqdQMj

imphash 73e98122001c9645457b47b0e27cb67e
File size 652.0 KB ( 667648 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2014-05-30 05:19:58 UTC ( 4 years, 10 months ago )
Last submission 2014-05-30 05:19:58 UTC ( 4 years, 10 months ago )
File names vt-upload-Rx6Jw
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
HTTP requests
DNS requests
TCP connections
UDP communications