× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 8e15219d9f2146a4fa849c0d5de154ec075625f76aefbf3c99893491e6b0b7e5
File name: Explorer.exe
Detection ratio: 51 / 57
Analysis date: 2017-01-24 14:22:27 UTC ( 2 years ago )
Antivirus Result Update
Ad-Aware Gen:Trojan.Mresmon.Gen.1 20170124
AegisLab W32.W.Ngrbot.amuh!c 20170124
AhnLab-V3 Trojan/Win32.Agent.R136806 20170124
ALYac Gen:Trojan.Mresmon.Gen.1 20170124
Antiy-AVL Worm/Win32.Ngrbot 20170124
Arcabit Trojan.Mresmon.Gen.1 20170124
Avast Win32:Emotet-AB [Trj] 20170124
AVG Crypt5.BSMC 20170124
Avira (no cloud) TR/Crypt.Xpack.157458 20170124
AVware Trojan.Win32.Generic!BT 20170124
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9935 20170124
BitDefender Gen:Trojan.Mresmon.Gen.1 20170124
Bkav W32.KryptikDadbN.Trojan 20170123
CAT-QuickHeal Ransom.Crowti.B4 20170124
Comodo TrojWare.Win32.Neurevt.DH 20170124
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20161024
Cyren W32/Agent.XL.gen!Eldorado 20170124
DrWeb BackDoor.IRC.NgrBot.11 20170124
Emsisoft Gen:Trojan.Mresmon.Gen.1 (B) 20170124
ESET-NOD32 a variant of Win32/Kryptik.DBAC 20170124
F-Prot W32/Agent.XL.gen!Eldorado 20170124
F-Secure Gen:Trojan.Mresmon.Gen.1 20170124
Fortinet W32/Kryptic.CZTH!tr 20170124
GData Gen:Trojan.Mresmon.Gen.1 20170124
Ikarus Trojan.Win32.Crypt 20170124
Sophos ML ransom.win32.crowti.a 20170111
Jiangmin Worm/Ngrbot.brc 20170124
K7AntiVirus Trojan ( 004c21261 ) 20170124
K7GW Trojan ( 004c21261 ) 20170124
Kaspersky HEUR:Trojan.Win32.Generic 20170124
Malwarebytes Trojan.Agent.DED 20170124
McAfee RDN/Sdbot.worm!cd 20170124
McAfee-GW-Edition BehavesLike.Win32.PWSZbot.dc 20170124
Microsoft Worm:Win32/Dorkbot.I 20170124
eScan Gen:Trojan.Mresmon.Gen.1 20170124
NANO-Antivirus Trojan.Win32.Foreign.dorqha 20170124
Panda Trj/Chgt.O 20170123
Qihoo-360 HEUR/QVM10.1.Malware.Gen 20170124
Sophos AV Mal/Wonton-BB 20170124
SUPERAntiSpyware Trojan.Agent/Gen-Dropper 20170124
Symantec ML.Relationship.HighConfidence [Trojan.Gen.2] 20170124
Tencent Win32.Trojan.Kryptik.Lmuq 20170124
TheHacker Trojan/Kryptik.dafj 20170123
TotalDefense Win32/SillyPWS.IIPIBNC 20170124
TrendMicro TROJ_GEN.R026C0CLM16 20170124
TrendMicro-HouseCall TROJ_GEN.R026C0CLM16 20170124
VBA32 Hoax.Foreign 20170124
VIPRE Trojan.Win32.Generic!BT 20170124
ViRobot Trojan.Win32.Agent.237568.Q[h] 20170124
Yandex Worm.Ngrbot!biTTmNUenco 20170123
Zillya Worm.Ngrbot.Win32.6553 20170124
Alibaba 20170122
ClamAV 20170124
CMC 20170124
Kingsoft 20170124
nProtect 20170124
Rising 20170124
Trustlook 20170124
WhiteArmor 20170123
Zoner 20170124
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (C) Poet 2006-2013

Product Poet
File version 7.0.0.5
Description Research atomic colony fallen needle
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-03-02 07:22:34
Entry Point 0x00006932
Number of sections 4
PE sections
PE imports
GetStdHandle
GetConsoleOutputCP
WaitForSingleObject
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
FreeEnvironmentStringsW
GetLocaleInfoW
SetStdHandle
GetCPInfo
GetStringTypeA
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
LocalFree
FormatMessageW
TlsGetValue
FormatMessageA
SetLastError
GetModuleFileNameW
IsDebuggerPresent
HeapAlloc
FlushFileBuffers
GetModuleFileNameA
EnumSystemLocalesA
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
GetModuleHandleA
SetUnhandledExceptionFilter
SetEnvironmentVariableA
TerminateProcess
WriteConsoleA
GetCurrentThreadId
LeaveCriticalSection
SetCurrentDirectoryA
WriteConsoleW
AreFileApisANSI
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
GetVersionExA
LoadLibraryA
RtlUnwind
GetStartupInfoA
GetWindowsDirectoryA
GetUserDefaultLCID
CompareStringW
CompareStringA
IsValidLocale
GetProcAddress
GetTimeZoneInformation
CreateFileW
GetFileType
TlsSetValue
CreateFileA
ExitProcess
InterlockedIncrement
GetLastError
LCMapStringW
GetConsoleCP
LCMapStringA
GetEnvironmentStringsW
GetEnvironmentStrings
GetCurrentProcessId
SetFileTime
WideCharToMultiByte
HeapSize
GetCommandLineA
RaiseException
TlsFree
SetFilePointer
ReadFile
CloseHandle
GetACP
GetModuleHandleW
CreateProcessA
IsValidCodePage
HeapCreate
VirtualFree
Sleep
VirtualAlloc
ShellExecuteExA
SetFocus
CreateWindowExA
UpdateWindow
SetLayeredWindowAttributes
EndDialog
BeginPaint
KillTimer
ChangeDisplaySettingsA
PostQuitMessage
DefWindowProcA
SetWindowTextA
LoadBitmapA
SetWindowPos
SendDlgItemMessageA
GetSystemMetrics
MessageBoxW
AppendMenuA
GetWindowRect
EnableWindow
SetDlgItemTextA
PostMessageA
CharUpperW
DialogBoxParamW
GetDlgItemTextA
MessageBoxA
SetWindowLongA
DialogBoxParamA
CharUpperA
SetActiveWindow
GetDC
GetKeyState
GetCursorPos
ReleaseDC
GetDlgCtrlID
CreatePopupMenu
LoadStringA
ShowWindow
wsprintfA
GetWindowPlacement
SendMessageA
LoadStringW
SetWindowTextW
SetTimer
GetDlgItem
CreateDialogParamA
SetScrollRange
SetScrollPos
SetRect
GetWindowLongA
GetSysColor
LoadIconA
TrackPopupMenu
FillRect
GetClientRect
GetDesktopWindow
CloseWindow
EndPaint
SetForegroundWindow
RegisterClassExA
SetMenuItemBitmaps
DestroyWindow
Number of PE resources by type
RT_DIALOG 6
RT_MANIFEST 1
RT_MESSAGETABLE 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 6
NEUTRAL 2
LITHUANIAN 1
PE resources
ExifTool file metadata
LegalTrademarks
Poet

SubsystemVersion
5.0

LinkerVersion
9.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
5.8.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Research atomic colony fallen needle

CharacterSet
Windows, Latin1

InitializedDataSize
127488

FileOS
Windows 16-bit

EntryPoint
0x6932

MIMEType
application/octet-stream

LegalCopyright
Copyright (C) Poet 2006-2013

FileVersion
7.0.0.5

TimeStamp
2015:03:02 08:22:34+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Jones.exe

ProductVersion
6.0

UninitializedDataSize
0

OSVersion
5.0

OriginalFilename
Jones.exe

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Hell characteristic - www.Poet.com

CodeSize
109056

ProductName
Poet

ProductVersionNumber
7.2.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 3e70db4e5f5f60f2fde7aec38f4b30cd
SHA1 8b6d1f9cef3f1ebb7e7ae51a56b69f463b3ea1b9
SHA256 8e15219d9f2146a4fa849c0d5de154ec075625f76aefbf3c99893491e6b0b7e5
ssdeep
3072:BoRNeJzhz3JT7F7wOxOAg0FuVukj+1oR1Lk7dpM1mE6FdRJBAP6ZxLwKar:BoRAJT7F7NxOAOAkQoXLC6Osyx4

authentihash ca29cbe6d40b06aef2b257b02f5e123347cfd2e4fbadf29c6ee1ea1af6066120
imphash 81d29ac5e7deaaa35290594494acbba7
File size 232.0 KB ( 237568 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.4%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe usb-autorun

VirusTotal metadata
First submission 2015-03-02 12:06:09 UTC ( 3 years, 11 months ago )
Last submission 2017-01-24 14:22:27 UTC ( 2 years ago )
File names DdGttCV.exe
8e15219d9f2146a4fa849c0d5de154ec075625f76aefbf3c99893491e6b0b7e5
Explorer.exe
Ymcmck.exe
icieXiW.exe
aeaa65ee9a5ff2e9c90bc07e6431d8bc_api1[1].gif.safe
Explorer.exe1
RfgxQfe.exe
JGLbWhl.exe
Advanced heuristic and reputation engines
TrendMicro-HouseCall
TrendMicro's heuristic engine has flagged this file as: TROJ_GEN.F0C2C00CD15.

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Runtime DLLs