× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 8da0fcf53ef5f58dfa9ecc956383b3034a0ba9536e0c3b0f07328ccd228a08bb
File name: 2015-04-30-Angler-EK-Payload.exe
Detection ratio: 26 / 56
Analysis date: 2015-05-02 18:52:21 UTC ( 2 years ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Mikey.12491 20150502
Yandex Trojan.Foreign!ewuA6cWpnBw 20150502
ALYac Gen:Variant.Mikey.12491 20150502
Avast Win32:Malware-gen 20150502
AVG Win32/Cryptor 20150502
Avira (no cloud) TR/Crypt.Xpack.192628 20150502
AVware Win32.Malware!Drop 20150502
Baidu-International Trojan.Win32.Ransom.mhkx 20150502
BitDefender Gen:Variant.Mikey.12491 20150502
Emsisoft Gen:Variant.Mikey.12491 (B) 20150502
ESET-NOD32 a variant of Win32/Kryptik.DGXK 20150502
F-Secure Gen:Variant.Mikey.12491 20150502
Fortinet W32/Kryptik.DGXK!tr 20150502
GData Gen:Variant.Mikey.12491 20150502
K7GW Trojan ( 004bf6c71 ) 20150502
Kaspersky Trojan-Ransom.Win32.Foreign.mhkx 20150502
McAfee Artemis!566AB06D67C9 20150502
Microsoft Trojan:Win32/Lethic.B 20150502
eScan Gen:Variant.Mikey.12491 20150502
Panda Trj/Chgt.O 20150502
Qihoo-360 HEUR/QVM10.1.Malware.Gen 20150502
Sophos Mal/Generic-S 20150502
Symantec WS.Reputation.1 20150502
Tencent Trojan.Win32.Qudamah.Gen.30 20150502
TrendMicro-HouseCall Suspicious_GEN.F47V0501 20150502
VIPRE Win32.Malware!Drop 20150502
AegisLab 20150502
AhnLab-V3 20150502
Alibaba 20150502
Antiy-AVL 20150502
Bkav 20150425
ByteHero 20150502
CAT-QuickHeal 20150502
ClamAV 20150502
CMC 20150501
Comodo 20150502
Cyren 20150502
DrWeb 20150502
F-Prot 20150502
Ikarus 20150502
Jiangmin 20150430
K7AntiVirus 20150502
Kingsoft 20150502
McAfee-GW-Edition 20150502
NANO-Antivirus 20150502
Norman 20150502
nProtect 20150430
Rising 20150502
SUPERAntiSpyware 20150502
TheHacker 20150501
TotalDefense 20150430
TrendMicro 20150502
VBA32 20150501
ViRobot 20150502
Zillya 20150501
Zoner 20150430
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (C) Alice 2002-2013

Publisher Elephant combination - www.Alice.com
Product Alice
File version 2.0.0.8
Description Herd bee
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-04-30 15:55:55
Entry Point 0x0000708F
Number of sections 4
PE sections
PE imports
GetTokenInformation
LookupPrivilegeValueA
RegCloseKey
OpenProcessToken
RegSetValueExA
FreeSid
RegQueryValueExA
AllocateAndInitializeSid
AdjustTokenPrivileges
EqualSid
RegCreateKeyExA
RegOpenKeyExA
RegDeleteValueA
RegQueryInfoKeyA
GetDeviceCaps
GetStdHandle
GetConsoleOutputCP
GetFileAttributesA
WaitForSingleObject
GetDriveTypeA
GetPrivateProfileSectionNamesW
SystemTimeToTzSpecificLocalTime
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
LocalAlloc
lstrcatA
_llseek
FreeEnvironmentStringsW
SetStdHandle
GetTempPathA
GetCPInfo
GetStringTypeA
WriteFile
_lopen
GetSystemTimeAsFileTime
GetDiskFreeSpaceA
GetStringTypeW
SetFileAttributesA
SetEvent
LocalFree
GetExitCodeProcess
LoadResource
FindClose
TlsGetValue
FormatMessageA
SetLastError
IsDebuggerPresent
ExitProcess
FlushFileBuffers
RemoveDirectoryA
GetVolumeInformationA
LoadLibraryExA
GetPrivateProfileStringA
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
CreateMutexA
GetModuleHandleA
_lclose
CreateThread
SetUnhandledExceptionFilter
MulDiv
GetSystemDirectoryA
SetEnvironmentVariableA
WaitForMultipleObjectsEx
TerminateProcess
WriteConsoleA
GlobalAlloc
LocalFileTimeToFileTime
GetCurrentThreadId
InterlockedIncrement
SetCurrentDirectoryA
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
TerminateThread
lstrcmpiA
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
GetVersionExA
LoadLibraryA
RtlUnwind
FreeLibrary
GetStartupInfoA
GetPrivateProfileIntA
CreateDirectoryA
DeleteFileA
GetWindowsDirectoryA
GlobalLock
CompareStringW
lstrcmpA
FindFirstFileA
lstrcpyA
CompareStringA
GetTempFileNameA
FindNextFileA
GetProcAddress
GetTimeZoneInformation
CreateEventA
GetFileType
TlsSetValue
CreateFileA
HeapAlloc
PrepareTape
LeaveCriticalSection
GetLastError
DosDateTimeToFileTime
LCMapStringW
GetSystemInfo
lstrlenA
GlobalFree
GetConsoleCP
LCMapStringA
HeapReAlloc
GetEnvironmentStringsW
GlobalUnlock
IsDBCSLeadByte
GetModuleFileNameA
GetShortPathNameA
EnumTimeFormatsW
SizeofResource
GetCurrentProcessId
LockResource
SetFileTime
GetCurrentDirectoryA
HeapSize
GetCommandLineA
RaiseException
TlsFree
SetFilePointer
ReadFile
CloseHandle
lstrcpynA
GetACP
GetModuleHandleW
FreeResource
GetEnvironmentStrings
CreateProcessA
WideCharToMultiByte
IsValidCodePage
HeapCreate
VirtualFree
Sleep
FindResourceA
VirtualAlloc
ResetEvent
CharPrevA
EndDialog
ShowWindow
MessageBeep
SetWindowPos
SendDlgItemMessageA
GetWindowRect
DispatchMessageA
EnableWindow
SetDlgItemTextA
GetDlgItemTextA
MessageBoxA
PeekMessageA
SetWindowLongA
CharUpperA
LoadStringA
ReleaseDC
SetWindowTextA
GetWindowLongA
SendMessageA
GetDlgItem
wsprintfA
CharNextA
GetDesktopWindow
CallWindowProcA
GetDC
MsgWaitForMultipleObjects
SetForegroundWindow
ExitWindowsEx
DialogBoxIndirectParamA
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA
Number of PE resources by type
RT_DIALOG 4
RT_MANIFEST 1
RT_MESSAGETABLE 1
RT_VERSION 1
Number of PE resources by language
NEUTRAL 5
DIVEHI DEFAULT 1
MALAY MALAYSIA 1
PE resources
ExifTool file metadata
LegalTrademarks
Alice

SubsystemVersion
5.0

LinkerVersion
9.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
4.4.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Herd bee

CharacterSet
Windows, Latin1

InitializedDataSize
90624

FileOS
Windows 16-bit

EntryPoint
0x708f

MIMEType
application/octet-stream

LegalCopyright
Copyright (C) Alice 2002-2013

FileVersion
2.0.0.8

TimeStamp
2015:04:30 16:55:55+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Australia.exe

ProductVersion
3.0

UninitializedDataSize
0

OSVersion
5.0

OriginalFilename
Australia.exe

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Elephant combination - www.Alice.com

CodeSize
103936

ProductName
Alice

ProductVersionNumber
2.4.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

PCAP parents
File identification
MD5 566ab06d67c9c5bc0398599a17ddf83e
SHA1 2becc8d4c7af67d67062a1675f1cfc63135f0285
SHA256 8da0fcf53ef5f58dfa9ecc956383b3034a0ba9536e0c3b0f07328ccd228a08bb
ssdeep
3072:+C5fuMh7BTSsXsWTO4fwzAg0FuRrXVERXZ+HEty11U:+/ITTsWC4IzAORDK4cybU

authentihash a6d6dd8b8657a7429bf9f1e0f297fa86d4f1f6b489f3dfbccef065b56b613b16
imphash f18414ffa2921dfa848820a164aebec0
File size 191.0 KB ( 195584 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe

VirusTotal metadata
First submission 2015-04-30 16:58:22 UTC ( 2 years ago )
Last submission 2015-05-12 14:10:38 UTC ( 2 years ago )
File names 2015-04-30-Angler-EK-Payload.exe
85fjr49a.exe
85fjr48.exe
VirusShare_566ab06d67c9c5bc0398599a17ddf83e
85fjr47.exe
85fjr49.exe
Advanced heuristic and reputation engines
TrendMicro-HouseCall
TrendMicro's heuristic engine has flagged this file as: TROJ_GEN.R00GC0CE715.

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created processes
Opened mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
UDP communications