× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 8dd29cf89a00689ce7221f8b4ab7873784c91555773ad90e509bdf90a68c019d
File name: SetupIRS2015.exe
Detection ratio: 5 / 57
Analysis date: 2015-01-23 11:56:06 UTC ( 4 years, 4 months ago ) View latest
Antivirus Result Update
BitDefender Trojan.GenericKD.2106116 20150123
Malwarebytes Trojan.Agent.ED 20150123
eScan Trojan.GenericKD.2106116 20150123
Qihoo-360 Malware.QVM07.Gen 20150123
Sophos AV Troj/Agent-ALHF 20150123
Ad-Aware 20150123
AegisLab 20150123
Yandex 20150131
AhnLab-V3 20150123
Alibaba 20150120
ALYac 20150201
Antiy-AVL 20150123
Avast 20150123
AVG 20150123
Avira (no cloud) 20150123
AVware 20150123
Baidu-International 20150123
Bkav 20150123
ByteHero 20150123
CAT-QuickHeal 20150123
ClamAV 20150123
CMC 20150120
Comodo 20150123
Cyren 20150123
DrWeb 20150201
Emsisoft 20150123
ESET-NOD32 20150123
F-Prot 20150201
F-Secure 20150123
Fortinet 20150121
GData 20150123
Ikarus 20150123
Jiangmin 20150122
K7AntiVirus 20150123
K7GW 20150123
Kaspersky 20150131
Kingsoft 20150123
McAfee 20150131
McAfee-GW-Edition 20150201
Microsoft 20150123
NANO-Antivirus 20150123
Norman 20150123
nProtect 20150123
Panda 20150123
Rising 20150130
SUPERAntiSpyware 20150123
Symantec 20150123
Tencent 20150201
TheHacker 20150123
TotalDefense 20150123
TrendMicro 20150201
TrendMicro-HouseCall 20150201
VBA32 20150129
VIPRE 20150123
ViRobot 20150123
Zillya 20150122
Zoner 20150123
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1990-06-25 02:18:28
Entry Point 0x0001236A
Number of sections 5
PE sections
PE imports
GetStartupInfoA
GetModuleHandleA
_except_handler3
_acmdln
__p__fmode
_exit
_adjust_fdiv
__p__commode
_controlfp
exit
_XcptFilter
__getmainargs
??1type_info@@UAE@XZ
_initterm
__setusermatherr
_purecall
__set_app_type
Number of PE resources by type
RT_ICON 2
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 3
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
1990:06:25 03:18:28+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
71168

LinkerVersion
9.0

FileTypeExtension
exe

InitializedDataSize
34816

SubsystemVersion
5.0

EntryPoint
0x1236a

OSVersion
5.0

ImageVersion
0.0

UninitializedDataSize
0

Compressed bundles
File identification
MD5 15a92cdd276474c65fd7fcf07d099d59
SHA1 1864a6f7b164855cc33f9b925c7c204c8000b3c5
SHA256 8dd29cf89a00689ce7221f8b4ab7873784c91555773ad90e509bdf90a68c019d
ssdeep
1536:eavR95zKlE9ppYbauTUF8++biH3AZaz4aoD5b7M7B6TI6t:eq2lapIauTQ+9DaxsTI6t

authentihash 6b2b59494d91f61b3d7c7dee7142182cc840b838c728acb1b6afe9517f022e19
imphash 2a5bd085f384b83eda03787de6c0faf5
File size 92.0 KB ( 94208 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (64.6%)
Win32 Dynamic Link Library (generic) (15.4%)
Win32 Executable (generic) (10.5%)
Generic Win/DOS Executable (4.6%)
DOS Executable Generic (4.6%)
Tags
peexe via-tor

VirusTotal metadata
First submission 2015-01-22 20:01:11 UTC ( 4 years, 4 months ago )
Last submission 2017-07-20 17:23:18 UTC ( 1 year, 10 months ago )
File names SetupIRS2015.bin
8dd29cf89a00689ce7221f8b4ab7873784c91555773ad90e509bdf90a68c019d.E
SetupIRS2015.exe
8dd29cf89a00689ce7221f8b4ab7873784c91555773ad90e509bdf90a68c019d.bin
JIZ_ON.wbs
4v_6J.scr
commauto.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Shell commands
Created mutexes
Opened mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.