× Cookies are disabled! This site requires cookies to be enabled to work properly
VirusTotal
SHA256: 8dc93af42a07b0c42a0d7c01d3f59c157d90987ade09cc6f06030fccb6558026
File name: 8559f6ae1338e1e84f6ee15c843dc8e5
Detection ratio: 48 / 50
Analysis date: 2014-02-08 18:01:26 UTC ( 5 years ago )
Antivirus Result Update
Ad-Aware Trojan.Dropper.UYL 20140208
Yandex Trojan.DR.Agent!LUnqaZHzsOE 20140208
AhnLab-V3 Dropper/Win32.Agent 20140208
AntiVir TR/ATRAPS.Gen 20140208
Antiy-AVL Trojan/Win32.Dorifel.gen 20140208
Avast Win32:Agent-ASTI [Trj] 20140208
AVG SHeur4.ZP 20140208
Baidu-International Trojan.Win32.Dorifel.aSXZ 20140208
BitDefender Trojan.Dropper.UYL 20140208
Bkav W32.OscoleG.Trojan 20140208
CAT-QuickHeal Trojan.Enosch.A5 20140208
ClamAV Trojan.Agent-286790 20140208
CMC Trojan-Dropper.Win32.Agent!O 20140122
Commtouch W32/Trojan.QTFZ-7369 20140208
Comodo TrojWare.Win32.DataStealer.B 20140208
DrWeb Trojan.DownLoader5.50084 20140208
Emsisoft Trojan-Dropper.Win32.Dorifel (A) 20140208
ESET-NOD32 Win32/DataStealer.B 20140208
F-Prot W32/Trojan2.NVGN 20140208
F-Secure Trojan.Dropper.UYL 20140208
Fortinet W32/DataStealer.BA!tr 20140208
GData Trojan.Dropper.UYL 20140208
Ikarus Trojan.Win32.Enosch 20140208
Jiangmin TrojanDropper.Agent.bptb 20140208
K7AntiVirus Trojan ( 0030c2e21 ) 20140207
K7GW Riskware ( 0040eff71 ) 20140207
Kaspersky Trojan-Dropper.Win32.Dorifel.ynb 20140208
Kingsoft Win32.Troj.IAgent.(kcloud) 20140208
Malwarebytes Spyware.Agent 20140208
McAfee Spy-Agent.gg 20140208
McAfee-GW-Edition Spy-Agent.gg 20140208
Microsoft Worm:Win32/Enosch.A 20140208
eScan Trojan.Dropper.UYL 20140208
NANO-Antivirus Trojan.Win32.Dorifel.brmpcy 20140208
Norman Obfuscated.H2!genr 20140208
nProtect Trojan-Dropper/W32.Dorifel.1753088 20140207
Panda Generic Trojan 20140208
Qihoo-360 Malware.QVM10.Gen 20140208
Rising PE:Malware.FakeFolder@CV!1.6AA9 20140208
Sophos AV Troj/Enosch-A 20140208
SUPERAntiSpyware Trojan.Agent/Gen-DataStealer 20140208
Symantec W32.SillyFDC 20140208
TheHacker Trojan/DataStealer.b 20140208
TotalDefense Win32/FakeFLDR_i 20140208
TrendMicro WORM_SILLY.SMRP 20140208
TrendMicro-HouseCall WORM_SILLY.SMRP 20140208
VBA32 TrojanDropper.Agent 20140207
VIPRE Trojan.Win32.Generic.pak!cobra 20140208
ByteHero 20140208
ViRobot 20140208
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2011-05-03 16:57:29
Entry Point 0x000EC8D5
Number of sections 5
PE sections
PE imports
[+] ADVAPI32.dll
CryptDestroyKey
CryptGetUserKey
CryptReleaseContext
RegCloseKey
CryptAcquireContextA
RegSetValueExA
RegQueryValueExA
CryptGenRandom
CryptExportKey
CryptAcquireContextW
GetUserNameA
CryptEnumProvidersA
RegCreateKeyExA
RegOpenKeyExA
CryptGetProvParam
[+] CRYPT32.dll
CertEnumCertificatesInStore
CertFreeCertificateContext
CertCloseStore
CryptMsgControl
CertDuplicateCertificateContext
CryptVerifyMessageSignature
CertSetCertificateContextProperty
CryptEncryptMessage
CertCreateCertificateContext
CryptVerifyDetachedMessageSignature
CertGetSubjectCertificateFromStore
CertNameToStrW
CryptDecryptMessage
CryptMsgOpenToDecode
CryptMsgGetParam
CryptSignMessage
CertOpenStore
CryptMsgUpdate
CertGetCertificateContextProperty
CryptEncodeObject
CryptDecodeObject
CertFindCertificateInStore
CryptMsgClose
[+] KERNEL32.dll
GetStdHandle
GetConsoleOutputCP
GetFileAttributesA
GetDriveTypeA
GetFileAttributesW
GetLocalTime
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
SetErrorMode
FreeEnvironmentStringsW
SetStdHandle
GetFileTime
GetTempPathA
GetCPInfo
GetStringTypeA
GetTempPathW
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
SetFileAttributesA
GetOEMCP
LocalFree
GetLogicalDriveStringsA
InitializeCriticalSection
FindClose
InterlockedDecrement
FormatMessageA
SetFileAttributesW
SetLastError
GetSystemTime
CopyFileA
HeapAlloc
GetVersionExA
GetModuleFileNameA
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
GetModuleHandleA
GetFullPathNameW
CreateThread
SetUnhandledExceptionFilter
ExitThread
SetEnvironmentVariableA
TerminateProcess
WriteConsoleA
SetEndOfFile
GetCurrentThreadId
GetProcAddress
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
FreeLibrary
QueryPerformanceCounter
GetTickCount
TlsAlloc
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetStartupInfoA
GetFileSize
DeleteFileA
DeleteFileW
WaitForMultipleObjects
GetProcessHeap
CompareStringW
FindFirstFileA
InterlockedIncrement
CompareStringA
GetComputerNameA
FindNextFileA
ExpandEnvironmentStringsA
GetTimeZoneInformation
CreateFileW
IsDebuggerPresent
GetFileType
TlsSetValue
CreateFileA
ExitProcess
LeaveCriticalSection
GetLastError
IsValidCodePage
SystemTimeToFileTime
LCMapStringW
GetConsoleCP
LCMapStringA
GetEnvironmentStringsW
FileTimeToLocalFileTime
GetEnvironmentStrings
CompareFileTime
GetCurrentProcessId
GetCurrentDirectoryA
HeapSize
GetCommandLineA
RaiseException
TlsFree
SetFilePointer
ReadFile
CloseHandle
GetACP
GetModuleHandleW
WideCharToMultiByte
GetCurrentDirectoryW
HeapCreate
WriteFile
VirtualFree
Sleep
VirtualAlloc
GetFullPathNameA
[+] SHLWAPI.dll
SHDeleteKeyA
PathCombineA
PathFindExtensionA
[+] USER32.dll
GetMessageA
CreateWindowExA
DispatchMessageA
GetSysColorBrush
TranslateMessage
DefWindowProcA
RegisterClassExA
[+] WININET.dll
InternetOpenUrlA
InternetCloseHandle
InternetOpenA
[+] WS2_32.dll
__WSAFDIsSet
shutdown
gethostname
socket
setsockopt
bind
inet_addr
send
ioctlsocket
WSAStartup
gethostbyname
select
ntohs
connect
getsockname
closesocket
inet_ntoa
htons
recv
WSAGetLastError
Number of PE resources by type
RT_ICON 1
RT_MANIFEST 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 3
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2011:05:03 17:57:29+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
1109504

LinkerVersion
9.0

FileAccessDate
2014:02:08 23:51:36+01:00

EntryPoint
0xec8d5

InitializedDataSize
621056

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

FileCreateDate
2014:02:08 23:51:36+01:00

UninitializedDataSize
0

File identification
MD5 8559f6ae1338e1e84f6ee15c843dc8e5
SHA1 38c3f1c8d51631f3266787fbf958dd6aa52199bb
SHA256 8dc93af42a07b0c42a0d7c01d3f59c157d90987ade09cc6f06030fccb6558026
ssdeep
24576:18h4aPlfTUYDrQOfseBC1+ZnoBzEgY5cfPtQE3WV9UKkjhmKiKSqSWLQPgIze7mB:11U9T8ZDYWntr3WVajE4I3VGiS6

imphash 18aabd61279e6cec11a74a4209289593
File size 1.7 MB ( 1753088 bytes )
File type Win32 EXE
Magic literal
MS-DOS executable, MZ for MS-DOS

TrID Win32 Executable (generic) (52.9%)
Generic Win/DOS Executable (23.5%)
DOS Executable Generic (23.4%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe

VirusTotal metadata
First submission 2014-02-08 18:01:26 UTC ( 5 years ago )
Last submission 2014-02-08 18:01:26 UTC ( 5 years ago )
File names 8559f6ae1338e1e84f6ee15c843dc8e5
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!
More comments

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

Sign in Join the community
No votes. No one has voted on this item yet, be the first one to do so!
More votes
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Copied files
Set keys
Deleted keys
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
HTTP requests
DNS requests
TCP connections
Blog | Twitter | Contact us | ToS | Privacy policy