× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 8fc0791f1835cad5e3905d90c78dd63f7588b5818138a72e436f6eb583246deb
File name: VirusShare_6f6bf4a1452bc7fd095139f6b08571fe.application_x-dosexec
Detection ratio: 30 / 45
Analysis date: 2013-08-13 09:30:08 UTC ( 5 years ago )
Antivirus Result Update
Yandex Backdoor.Simda!4QxBHdsdAW0 20130812
AhnLab-V3 Backdoor/Win32.Simda 20130813
AntiVir BDS/Simda.aoumea 20130813
Antiy-AVL Backdoor/Win32.Simda.gen 20130813
Avast Win32:Malware-gen 20130813
AVG BackDoor.Generic17.AGGW 20130813
BitDefender Gen:Variant.Tdss.27 20130813
Comodo Backdoor.Win32.Simda.AAFX 20130813
DrWeb Trojan.Rodricter.55 20130813
Emsisoft Gen:Variant.Tdss.27 (B) 20130813
ESET-NOD32 a variant of Win32/Kryptik.BGFJ 20130813
F-Secure Gen:Variant.Tdss.27 20130813
Fortinet W32/Simda.BC!tr 20130813
GData Gen:Variant.Tdss.27 20130813
Ikarus Backdoor.Win32.Simda 20130813
Jiangmin Backdoor/Simda.gei 20130813
Kaspersky Backdoor.Win32.Simda.aafx 20130813
Malwarebytes Trojan.Agent.FSA62 20130813
McAfee RDN/Generic.dx!cmv 20130813
McAfee-GW-Edition RDN/Generic.dx!cmv 20130813
Microsoft Backdoor:Win32/Simda.A 20130813
eScan Gen:Variant.Tdss.27 20130813
Norman Simda.TDS 20130813
nProtect Backdoor/W32.Simda.753664.C 20130813
Panda Trj/Genetic.gen 20130812
SUPERAntiSpyware Trojan.Agent/Gen-Kryptik 20130813
TheHacker Trojan/Kryptik.bgfj 20130813
TotalDefense Win32/Simda.RdNQZC 20130812
VBA32 Backdoor.Simda 20130813
VIPRE Backdoor.Win32.Simda.bb (v) 20130813
ByteHero 20130804
CAT-QuickHeal 20130813
ClamAV 20130813
Commtouch 20130813
F-Prot 20130813
K7AntiVirus 20130812
K7GW 20130812
Kingsoft 20130723
NANO-Antivirus 20130813
PCTools 20130813
Rising 20130813
Symantec 20130813
TrendMicro 20130813
TrendMicro-HouseCall 20130813
ViRobot 20130813
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
PEiD Ste@lth PE 1.01 -> BGCorp
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2009-06-15 15:44:25
Entry Point 0x00002084
Number of sections 4
PE sections
PE imports
RegRestoreKeyA
RegCreateKeyExW
RegQueryValueExA
AccessCheckByType
LookupAccountSidA
SetServiceStatus
DeleteService
GetSecurityInfo
CryptDeriveKey
StartTraceW
GetKernelObjectSecurity
SetFileSecurityW
CryptEnumProvidersA
SystemFunction031
SetTokenInformation
DuplicateTokenEx
CryptVerifySignatureW
CommandLineFromMsiDescriptor
AreAllAccessesGranted
ImpersonateSelf
CreateProcessAsUserA
CreateRestrictedToken
SystemFunction012
GetTraceEnableFlags
TraceMessage
SetSecurityInfo
LsaRetrievePrivateData
RevertToSelf
FreeSid
InitializeSecurityDescriptor
GetServiceDisplayNameA
ReportEventA
AbortSystemShutdownA
SetNamedSecurityInfoW
SystemFunction029
ImageList_Write
ImageList_GetImageCount
ImageList_GetIconSize
ImageList_SetOverlayImage
ImageList_Destroy
CreateToolbarEx
ImageList_SetBkColor
ImageList_LoadImageA
ImageList_GetImageInfo
CreatePropertySheetPageW
ImageList_Remove
ImageList_DragShowNolock
ImageList_DrawIndirect
ImageList_DragLeave
ImageList_DrawEx
ImageList_GetBkColor
PropertySheetW
CreatePropertySheetPageA
ImageList_LoadImageW
ImageList_SetDragCursorImage
CryptVerifyCertificateSignature
GetComputerNameExA
ReplaceFileA
GetComputerNameExW
GetSystemTime
AreFileApisANSI
QueryPerformanceCounter
CreateJobObjectW
SignalObjectAndWait
MoveFileWithProgressA
WaitForSingleObjectEx
SetConsoleScreenBufferSize
CopyFileW
WritePrivateProfileStructW
GetStartupInfoA
CommConfigDialogW
GetConsoleCursorInfo
DeleteFileA
BackupRead
GetCompressedFileSizeA
OpenMutexA
GetComputerNameW
EnumResourceNamesW
FindNextFileW
SetUnhandledExceptionFilter
Module32NextW
IsProcessorFeaturePresent
GetComputerNameA
FindFirstFileExW
GetModuleHandleW
SetConsoleCP
FormatMessageW
GetCurrencyFormatA
HeapCreate
CopyFileA
Sleep
GetCurrentThreadId
VirtualAlloc
WriteConsoleW
_i64tow
_winminor
_time64
isdigit
longjmp
_CItanh
_rmdir
ldiv
setlocale
_ecvt
??_V@YAXPAX@Z
_ismbblead
__p__commode
_mktemp
wcscspn
_wgetcwd
_ismbstrail
memmove
fopen
_filelengthi64
??0exception@@QAE@XZ
acos
setvbuf
__set_app_type
EnumPortsW
SetFormW
WritePrinter
AddMonitorA
EnumPortsA
DeletePrinter
DeletePrinterDataExW
GetPrintProcessorDirectoryA
EnumPrinterDataW
ClosePrinter
StartPagePrinter
GetPrinterDriverA
SetPrinterDataExW
DeletePrinterDataW
GetJobW
AddPrintProcessorW
GetJobA
EnumPrintersA
GetPrintProcessorDirectoryW
SetPrinterDataW
GetPrinterDriverDirectoryW
FindClosePrinterChangeNotification
EnumPrintProcessorDatatypesW
EndDocPrinter
AddFormW
Number of PE resources by type
RT_ICON 22
RT_GROUP_ICON 1
Number of PE resources by language
RUSSIAN 23
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2009:06:15 16:44:25+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
425984

LinkerVersion
4.0

EntryPoint
0x2084

InitializedDataSize
727040

SubsystemVersion
5.1

ImageVersion
2.1

OSVersion
5.1

UninitializedDataSize
0

File identification
MD5 6f6bf4a1452bc7fd095139f6b08571fe
SHA1 2b7ef3e45c2ddfe4717eed9fa43f9ff95569b06a
SHA256 8fc0791f1835cad5e3905d90c78dd63f7588b5818138a72e436f6eb583246deb
ssdeep
12288:uLMMVeH8ef1w7Ti/N60glmpSVu/w2LGMc6c1nuMBWW8eS:uLMUy1w7TJB2g//7nT

File size 736.0 KB ( 753664 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable (generic) (52.9%)
Generic Win/DOS Executable (23.5%)
DOS Executable Generic (23.4%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe stealth

VirusTotal metadata
First submission 2013-08-13 09:30:08 UTC ( 5 years ago )
Last submission 2013-08-13 09:30:08 UTC ( 5 years ago )
File names rQdrGq.gif
VirusShare_6f6bf4a1452bc7fd095139f6b08571fe.application_x-dosexec
aa
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!