× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 8f6e9184714cdbc3848f1659485f8573ec5b5f156e047eb12c1f843d945a343e
File name: Dtxxkmz0WhArJ.exe
Detection ratio: 22 / 68
Analysis date: 2017-12-18 04:46:12 UTC ( 10 months, 1 week ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Mikey.76399 20171218
Avast FileRepMalware 20171218
AVG FileRepMalware 20171218
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20171216
BitDefender Gen:Variant.Mikey.76399 20171218
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20171016
Cybereason malicious.22b0f5 20171103
Cylance Unsafe 20171218
Emsisoft Gen:Variant.Mikey.76399 (B) 20171218
Endgame malicious (high confidence) 20171130
ESET-NOD32 a variant of Win32/GenKryptik.BJEF 20171217
F-Secure Gen:Variant.Mikey.76399 20171218
Fortinet W32/Kryptik.FZTF!tr 20171218
GData Gen:Variant.Mikey.76399 20171218
Sophos ML heuristic 20170914
MAX malware (ai score=81) 20171218
eScan Gen:Variant.Mikey.76399 20171218
Palo Alto Networks (Known Signatures) generic.ml 20171218
SentinelOne (Static ML) static engine - malicious 20171207
Sophos AV Mal/EncPk-ANR 20171218
Webroot W32.Trojan.Emotet 20171218
WhiteArmor Malware.HighConfidence 20171204
AegisLab 20171218
AhnLab-V3 20171217
Alibaba 20171218
ALYac 20171218
Antiy-AVL 20171218
Arcabit 20171218
Avast-Mobile 20171217
Avira (no cloud) 20171217
AVware 20171218
Bkav 20171216
CAT-QuickHeal 20171218
ClamAV 20171217
CMC 20171217
Comodo 20171218
Cyren 20171218
DrWeb 20171218
eGambit 20171218
F-Prot 20171218
Ikarus 20171217
Jiangmin 20171218
K7AntiVirus 20171217
K7GW 20171214
Kaspersky 20171218
Kingsoft 20171218
Malwarebytes 20171218
McAfee 20171218
McAfee-GW-Edition 20171218
Microsoft 20171218
NANO-Antivirus 20171218
nProtect 20171218
Panda 20171217
Qihoo-360 20171218
Rising 20171218
SUPERAntiSpyware 20171218
Symantec 20171218
Symantec Mobile Insight 20171215
Tencent 20171218
TheHacker 20171210
TotalDefense 20171217
TrendMicro 20171218
TrendMicro-HouseCall 20171218
Trustlook 20171218
VBA32 20171215
VIPRE 20171218
ViRobot 20171218
Yandex 20171216
Zillya 20171217
ZoneAlarm by Check Point 20171218
Zoner 20171218
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright© Bucanier Rom Comp 1999-2010

Product Custom Sata Collectors Doorin
Original name pircdse
Internal name pircds
File version 2.0.7
Description Custom Sata Collect Doors
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-12-18 04:30:34
Entry Point 0x00001BC0
Number of sections 7
PE sections
PE imports
GetCharWidthA
DeleteObject
CreateRectRgn
SetTextColor
GetLastError
IsWow64Process
CreateFileW
CreateThread
lstrlenA
lstrcatA
WriteFile
WaitForSingleObject
lstrcpyA
Sleep
CloseHandle
GetUserDefaultLCID
FindNextChangeNotification
SetupGetTargetPathW
SetupGetSourceFileLocationW
GetCursorPos
GetWindowRgn
IsClipboardFormatAvailable
GetCaretBlinkTime
GetIconInfo
LoadIconA
SetClipboardData
LoadMenuA
EnumWindows
DialogBoxParamA
FindWindowA
timeGetSystemTime
Number of PE resources by type
RT_DIALOG 14
RT_GROUP_ICON 2
RT_VERSION 1
Number of PE resources by language
ITALIAN 17
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
12.14

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
2.1.0.17

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Custom Sata Collect Doors

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Windows, Latin1

InitializedDataSize
114688

EntryPoint
0x1bc0

OriginalFileName
pircdse

MIMEType
application/octet-stream

LegalCopyright
Copyright Bucanier Rom Comp 1999-2010

FileVersion
2.0.7

TimeStamp
2017:12:18 05:30:34+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
pircds

ProductVersion
4.30.6

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Bucanier Rom

CodeSize
0

ProductName
Custom Sata Collectors Doorin

ProductVersionNumber
2.1.0.17

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 6ed465d0fabdb10b9fd7ed5650c3cc0f
SHA1 3f73a4c22b0f56a5ca333a96a4bf3fd1e751af67
SHA256 8f6e9184714cdbc3848f1659485f8573ec5b5f156e047eb12c1f843d945a343e
ssdeep
3072:v/rAG5kgNA9vK5d72MtUZ2q0d3vEmzLoT:3oYAjZ3Wv9

authentihash 56f3df43c454271491b1b0f75e9ef0cca37b9636429731d77bc77c427c9f5c8d
imphash 153add9054a219240c78acf57fe8e76d
File size 128.0 KB ( 131072 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2017-12-18 04:46:12 UTC ( 10 months, 1 week ago )
Last submission 2018-05-26 18:06:04 UTC ( 4 months, 4 weeks ago )
File names pircds
Dtxxkmz0WhArJ.exe
pircdse
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Searched windows
UDP communications