× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 8fe867c6d6bedf504ae93102c469aa92d29f7803c006d05c9811bb2965c605e6
File name: new.exe
Detection ratio: 3 / 55
Analysis date: 2014-08-21 15:43:48 UTC ( 3 years, 3 months ago ) View latest
Antivirus Result Update
ESET-NOD32 a variant of Win32/Injector.BKGX 20140821
Malwarebytes Trojan.Agent.ED 20140821
McAfee Generic-FAUY!09EB0EFBB48E 20140821
Ad-Aware 20140821
AegisLab 20140821
Yandex 20140821
AhnLab-V3 20140821
AntiVir 20140821
Antiy-AVL 20140821
Avast 20140821
AVG 20140821
AVware 20140821
Baidu-International 20140820
BitDefender 20140821
Bkav 20140821
ByteHero 20140821
CAT-QuickHeal 20140821
ClamAV 20140821
CMC 20140820
Commtouch 20140821
Comodo 20140821
DrWeb 20140821
Emsisoft 20140821
F-Prot 20140821
F-Secure 20140821
Fortinet 20140821
GData 20140821
Ikarus 20140821
Jiangmin 20140821
K7AntiVirus 20140821
K7GW 20140821
Kaspersky 20140821
Kingsoft 20140821
McAfee-GW-Edition 20140820
Microsoft 20140821
eScan 20140821
NANO-Antivirus 20140821
Norman 20140821
nProtect 20140821
Panda 20140821
Qihoo-360 20140821
Rising 20140821
Sophos AV 20140821
SUPERAntiSpyware 20140821
Symantec 20140821
Tencent 20140821
TheHacker 20140817
TotalDefense 20140821
TrendMicro 20140821
TrendMicro-HouseCall 20140821
VBA32 20140821
VIPRE 20140821
ViRobot 20140821
Zillya 20140821
Zoner 20140821
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © 1998-2013 VMware, Inc.

Product VMware Workstation
Original name vmware-vmx.exe
Internal name vmware-vmx
File version 10.0.1 build-1379776
Description VMware Workstation VMX
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-07-21 19:55:17
Entry Point 0x00002DBA
Number of sections 6
PE sections
Overlays
MD5 895ba809f45b1663f4d220f91f644ef7
File type data
Offset 249856
Size 2122
Entropy 7.90
PE imports
GetDeviceCaps
SelectObject
CreateCompatibleDC
CreateCompatibleBitmap
StretchBlt
GetStartupInfoA
GetFileSize
GetModuleHandleA
ReadFile
GlobalAlloc
CloseHandle
CreateFileA
GlobalUnlock
LoadLibraryA
GlobalLock
GetModuleHandleW
GetProcAddress
MulDiv
Ord(1775)
Ord(4080)
Ord(537)
Ord(4710)
Ord(2414)
Ord(3597)
Ord(354)
Ord(1641)
Ord(3136)
Ord(4524)
Ord(554)
Ord(1842)
Ord(5237)
Ord(665)
Ord(5577)
Ord(3350)
Ord(1089)
Ord(6375)
Ord(3626)
Ord(4589)
Ord(3798)
Ord(2621)
Ord(3259)
Ord(5290)
Ord(2446)
Ord(5214)
Ord(5301)
Ord(807)
Ord(4163)
Ord(4964)
Ord(6215)
Ord(6625)
Ord(4529)
Ord(815)
Ord(2723)
Ord(366)
Ord(641)
Ord(2494)
Ord(796)
Ord(5277)
Ord(2514)
Ord(4953)
Ord(4425)
Ord(3454)
Ord(4696)
Ord(4441)
Ord(4077)
Ord(1134)
Ord(4465)
Ord(4108)
Ord(5300)
Ord(6175)
Ord(338)
Ord(4627)
Ord(1168)
Ord(3738)
Ord(4853)
Ord(2982)
Ord(617)
Ord(3172)
Ord(4526)
Ord(4234)
Ord(825)
Ord(3081)
Ord(5199)
Ord(5307)
Ord(4242)
Ord(4823)
Ord(2390)
Ord(2542)
Ord(4424)
Ord(4273)
Ord(5260)
Ord(5076)
Ord(4078)
Ord(3059)
Ord(2554)
Ord(4376)
Ord(1945)
Ord(6376)
Ord(5282)
Ord(4614)
Ord(2117)
Ord(1727)
Ord(823)
Ord(5186)
Ord(813)
Ord(2725)
Ord(640)
Ord(4998)
Ord(5472)
Ord(4436)
Ord(4457)
Ord(800)
Ord(3749)
Ord(4610)
Ord(4899)
Ord(4427)
Ord(4274)
Ord(5261)
Ord(4079)
Ord(4467)
Ord(3058)
Ord(3147)
Ord(2124)
Ord(6052)
Ord(1726)
Ord(560)
Ord(6336)
Ord(4890)
Ord(3262)
Ord(5653)
Ord(674)
Ord(975)
Ord(1576)
Ord(5243)
Ord(5252)
Ord(4353)
Ord(3748)
Ord(5065)
Ord(1665)
Ord(4407)
Ord(4426)
Ord(6117)
Ord(3663)
Ord(3346)
Ord(4303)
Ord(2396)
Ord(4159)
Ord(3831)
Ord(520)
Ord(6374)
Ord(5280)
Ord(986)
Ord(4612)
Ord(3825)
Ord(2976)
Ord(323)
Ord(2535)
Ord(4961)
Ord(3198)
Ord(2985)
Ord(3922)
Ord(5240)
Ord(6080)
Ord(4151)
Ord(2649)
Ord(2510)
Ord(2626)
Ord(1776)
Ord(6000)
Ord(4623)
Ord(324)
Ord(296)
Ord(4238)
Ord(3830)
Ord(5103)
Ord(2385)
Ord(4613)
Ord(4349)
Ord(2878)
Ord(3079)
Ord(2512)
Ord(652)
Ord(4387)
Ord(4420)
Ord(2055)
Ord(2627)
Ord(4837)
Ord(5241)
Ord(5100)
Ord(2399)
Ord(5012)
Ord(2648)
Ord(3065)
Ord(5714)
Ord(5289)
Ord(4545)
Ord(3403)
Ord(4615)
Ord(4622)
Ord(561)
Ord(1746)
Ord(5302)
Ord(1640)
Ord(4543)
Ord(4486)
Ord(2879)
Ord(4723)
Ord(4341)
Ord(529)
Ord(4698)
Ord(5163)
Ord(6055)
Ord(5265)
Ord(5731)
Ord(4858)
Ord(4432)
Ord(5740)
Ord(3571)
Ord(1825)
Ord(4531)
_except_handler3
__p__fmode
memset
_acmdln
__CxxFrameHandler
_ftol
__p__commode
__setusermatherr
_setmbcp
__dllonexit
_onexit
_exit
exit
_XcptFilter
__getmainargs
_initterm
_controlfp
_adjust_fdiv
__set_app_type
Ord(251)
EnableWindow
GetClientRect
InvalidateRect
UpdateWindow
GetOpenFileNameA
CreateStreamOnHGlobal
Number of PE resources by type
RT_STRING 3
RT_DIALOG 1
RT_ICON 1
RT_MENU 1
RT_ACCELERATOR 1
RT_BITMAP 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
CHINESE SIMPLIFIED 8
NEUTRAL 2
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
6.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
10.0.1.41495

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
225280

EntryPoint
0x2dba

OriginalFileName
vmware-vmx.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright 1998-2013 VMware, Inc.

FileVersion
10.0.1 build-1379776

TimeStamp
2014:07:21 20:55:17+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
vmware-vmx

ProductVersion
10.0.1 build-1379776

FileDescription
VMware Workstation VMX

OSVersion
4.4

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
VMware, Inc.

CodeSize
20480

ProductName
VMware Workstation

ProductVersionNumber
10.0.1.41495

FileTypeExtension
exe

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 09eb0efbb48e7efe2e19e71edd655f3e
SHA1 26fcbbe3a2164546b2a28fe71ac873ee27aa574e
SHA256 8fe867c6d6bedf504ae93102c469aa92d29f7803c006d05c9811bb2965c605e6
ssdeep
6144:rfdXd/Gcf/F3hP6JjHxdGj9NTYBP7ToqtCuQU7lR:j/R3d613GPE1EG9QU7j

authentihash 40860b284ea8dcd385d43e33544417aef3e8c8bc3299f97dc6013a42d3dc78a6
imphash e00bc4fbbfadbba6dc00894c2d7af9ac
File size 246.1 KB ( 251978 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.4%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe overlay

VirusTotal metadata
First submission 2014-08-21 15:43:48 UTC ( 3 years, 3 months ago )
Last submission 2017-10-19 07:25:11 UTC ( 1 month ago )
File names 09eb0efbb48e7efe2e19e71edd655f3e_ZeuS_binary_09eb0efbb48e7efe2e19e71edd655f3e.exe
2014-09-02-11-00-41-09eb0efbb48e7efe2e19e71edd655f3e
2014-08-24-22-53-14-09eb0efbb48e7efe2e19e71edd655f3e
ZeuS_binary_09eb0efbb48e7efe2e19e71edd655f3e.exe
vti-rescan
2014-09-07-00-42-55-09eb0efbb48e7efe2e19e71edd655f3e
2014-08-25-19-48-41-09eb0efbb48e7efe2e19e71edd655f3e
01.exe
09eb0efbb48e7efe2e19e71edd655f3e.bin
2014-09-06-07-07-35-09eb0efbb48e7efe2e19e71edd655f3e
2014-08-22-22-26-57-09eb0efbb48e7efe2e19e71edd655f3e
2014-09-02-17-15-39-09eb0efbb48e7efe2e19e71edd655f3e
2014-08-26-22-35-42-09eb0efbb48e7efe2e19e71edd655f3e
2014-09-07-23-12-24-09eb0efbb48e7efe2e19e71edd655f3e
vmware-vmx
new.exe
2014-09-01-02-13-51-09eb0efbb48e7efe2e19e71edd655f3e
file-7414934_exe
2014-09-05-07-01-06-09eb0efbb48e7efe2e19e71edd655f3e
2014-09-03-21-06-41-09eb0efbb48e7efe2e19e71edd655f3e
2014-08-31-01-29-58-09eb0efbb48e7efe2e19e71edd655f3e
8fe867c6d6bedf504ae93102c469aa92d29f7803c006d05c9811bb2965c605e6.bin
2014-08-28-21-15-29-09eb0efbb48e7efe2e19e71edd655f3e
2014-08-30-01-16-20-09eb0efbb48e7efe2e19e71edd655f3e
2014-08-23-21-14-09-09eb0efbb48e7efe2e19e71edd655f3e
Advanced heuristic and reputation engines
TrendMicro-HouseCall
TrendMicro's heuristic engine has flagged this file as: TROJ_GEN.R0CBC0CHP14.

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Code injections in the following processes
Opened mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
UDP communications