× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 8e9dcf22388c5479708575d206d9088466c18d37257057b449524b08802bd20f
File name: 007408573
Detection ratio: 49 / 56
Analysis date: 2015-07-27 18:34:18 UTC ( 1 week ago )
Antivirus Result Update
ALYac Trojan.GenericKD.1479711 20150727
AVG Generic10_c.OXA 20150727
AVware Trojan.Win32.Generic!BT 20150727
Ad-Aware Trojan.GenericKD.1479711 20150727
Agnitum Trojan.Injector!Tl4zxULwEcI 20150727
AhnLab-V3 Trojan/Win32.Injector 20150727
Antiy-AVL Trojan[Spy]/Win32.Zbot 20150727
Arcabit Trojan.Generic.D16941F 20150727
Avast Win32:Malware-gen 20150727
Avira TR/Injector.hotr 20150727
Baidu-International Trojan.Win32.Dropper.diua 20150727
BitDefender Trojan.GenericKD.1479711 20150727
CAT-QuickHeal TrojanDownloader.Kuluoz.D.cw3 20150727
Comodo TrojWare.Win32.UMal.~A 20150727
Cyren W32/Trojan.MZKL-9398 20150727
DrWeb BackDoor.Kuluoz.4 20150727
ESET-NOD32 Win32/TrojanDownloader.Zortob.B 20150727
Emsisoft Trojan.GenericKD.1479711 (B) 20150727
F-Prot W32/Trojan3.GZI 20150727
F-Secure Trojan.GenericKD.1479711 20150727
Fortinet W32/Dapato.AFJE!tr 20150727
GData Trojan.GenericKD.1479711 20150727
Ikarus Trojan.Injector 20150727
Jiangmin TrojanDropper.Dapato.xdw 20150726
K7AntiVirus Trojan ( 0001140e1 ) 20150727
K7GW Trojan ( 0001140e1 ) 20150727
Kaspersky Trojan-Dropper.Win32.Dapato.diua 20150727
Kingsoft Win32.Troj.Dapato.di.(kcloud) 20150727
Malwarebytes Trojan.Inject.RRE 20150727
McAfee Generic.rx 20150727
McAfee-GW-Edition Generic.rx 20150727
MicroWorld-eScan Trojan.GenericKD.1479711 20150727
Microsoft Trojan:Win32/Bulta!rfn 20150727
NANO-Antivirus Trojan.Win32.Dapato.csevvj 20150727
Panda Trj/WLT.A 20150727
Qihoo-360 Trojan.Generic 20150727
Rising PE:Trojan.Win32.Generic.16508049!374374473 20150722
Sophos Troj/Agent-AFJE 20150727
Symantec Trojan.Fakeavlock 20150727
Tencent Win32.Trojan-dropper.Dapato.Syhp 20150727
TheHacker Posible_Worm32 20150727
TotalDefense Win32/Kuluoz.KN 20150727
TrendMicro BKDR_ANDROM.SM 20150727
TrendMicro-HouseCall BKDR_ANDROM.SM 20150727
VBA32 SScope.Malware-Cryptor.Hlux 20150727
VIPRE Trojan.Win32.Generic!BT 20150727
Zillya Dropper.Dapato.Win32.22720 20150727
Zoner Trojan.Zortob.B 20150727
nProtect Trojan.GenericKD.1479711 20150727
AegisLab 20150727
Alibaba 20150727
Bkav 20150727
ByteHero 20150727
ClamAV 20150727
SUPERAntiSpyware 20150727
ViRobot 20150727
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Publisher Hfederty
Signature verification A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.
Signers
[+] Hfederty
Status A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.
Valid from 4:30 PM 12/30/2013
Valid to 12:59 AM 1/1/2040
Valid usage Code Signing
Algorithm SHA1
Thumbprint 9DE244117A97F3E3699CB53AFDA4BDAEAA682B25
Serial number 2D 17 EE FF 0D 6B 52 B9 4B AE 88 58 A1 55 A0 93
Packers identified
Command UPX
F-PROT UPX
PEiD UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1992-06-19 22:22:17
Link date 11:22 PM 6/19/1992
Entry Point 0x00036430
Number of sections 3
PE sections
Overlays
MD5 3e76369a7e79340862f886f5c3b7811c
File type data
Offset 113664
Size 3752
Entropy 7.35
PE imports
VirtualFree
ExitProcess
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
RegCloseKey
SetROP2
CoInitialize
VariantCopy
Number of PE resources by type
RT_BITMAP 1
RT_GROUP_ICON 1
DIALOGS 1
RT_DIALOG 1
RT_ICON 1
Number of PE resources by language
NEUTRAL 5
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
1992:06:19 23:22:17+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
106496

LinkerVersion
2.25

EntryPoint
0x36430

InitializedDataSize
12288

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
114688

Compressed bundles
File identification
MD5 c1c56f3ae9f9da47e1c0ebdb2cffa2a3
SHA1 6b325bc2ec9e77751d5cc399c1b10fc6879d9bac
SHA256 8e9dcf22388c5479708575d206d9088466c18d37257057b449524b08802bd20f
ssdeep
1536:pYIiJ/TFRf9/YUmc4dvGkvgpc7cS0CJiU91NAegf3Mv/Rn0DThkfLcpfY3pYVfnP:pwPH3ov5ndiwQf6p0vOL6fY5Y/69cf

authentihash 68cb7d56df079b74e3f79906977b16155d7fa3837b355d85840477604d545ca8
imphash 819fbfb08ee0904954324f86ed923cb8
File size 114.7 KB ( 117416 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID UPX compressed Win32 Executable (41.1%)
Win32 EXE Yoda's Crypter (35.7%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Win16/32 Executable Delphi generic (2.7%)
Tags
peexe signed upx overlay

VirusTotal metadata
First submission 2013-12-30 13:00:31 UTC ( 1 year, 7 months ago )
Last submission 2015-06-12 11:45:10 UTC ( 1 month, 3 weeks ago )
File names c1c56f3ae9f9da47e1c0ebdb2cffa2a3
1.exe
c1c56f3ae9f9da47e1c0ebdb2cffa2a3.exe
file-6414806_exe
aidhkedi.exe.dr
007408573
court_notice_los_angeles_gibson_dunn_and_crutcher.exe
Court_Notice_Los_Angeles_Gibson_Dunn_and_Crutcher.exe
c1c56f3ae9f9da47e1c0ebdb2cffa2a3.bin
c-2c827-1198-1388408402
jrxamvqn.exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: http://www.clamav.net/doc/pua.html .

Symantec reputation Suspicious.Insight
Behaviour characterization
Zemana
dll-injection

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Runtime DLLs