× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 92686d5d112bc904aa2db9332a5a006a5d37f009ba07a7d4200043bb8450b7b9
File name: gdp32.exe
Detection ratio: 40 / 58
Analysis date: 2016-09-07 02:04:27 UTC ( 2 years, 7 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.3499484 20160907
AegisLab Troj.W32.Inject!c 20160906
AhnLab-V3 Trojan/Win32.Inject.N2094750987 20160906
ALYac Trojan.GenericKD.3499484 20160906
Antiy-AVL Trojan/Win32.SGeneric 20160907
Arcabit Trojan.Generic.D3565DC 20160907
Avast Win32:Malware-gen 20160907
AVG Downloader.VB.AJGT 20160907
Avira (no cloud) TR/Injector.cxg 20160907
AVware Trojan.Win32.Generic!BT 20160907
BitDefender Trojan.GenericKD.3499484 20160907
CrowdStrike Falcon (ML) malicious_confidence_65% (W) 20160725
Cyren W32/Trojan.KHLA-7013 20160907
DrWeb BackDoor.Bifrost.20608 20160907
Emsisoft Trojan.GenericKD.3499484 (B) 20160907
ESET-NOD32 a variant of Win32/Injector.DEIT 20160907
F-Secure Trojan.GenericKD.3499484 20160907
Fortinet W32/Inject.AAWRV!tr 20160907
GData Trojan.GenericKD.3499484 20160907
Ikarus Trojan.Win32.Injector 20160906
Sophos ML virus.win32.virut.br 20160830
Jiangmin Trojan.Inject.phb 20160907
K7AntiVirus Trojan-Downloader ( 004edccf1 ) 20160906
K7GW Trojan-Downloader ( 004edccf1 ) 20160907
Kaspersky Trojan.Win32.Inject.aawrv 20160907
McAfee Artemis!0CE8DDB729BC 20160907
McAfee-GW-Edition BehavesLike.Win32.PWSZbot.dh 20160907
Microsoft Trojan:Win32/Dynamer!ac 20160906
eScan Trojan.GenericKD.3499484 20160907
Panda Trj/CI.A 20160906
Rising Malware.Generic!mtXmw3Bb4HK@5 (thunder) 20160907
Sophos AV Mal/Generic-S 20160907
Symantec Trojan.Gen 20160907
Tencent Win32.Trojan.Inject.Auto 20160907
TrendMicro TROJ_GEN.R0C1C0DHU16 20160907
TrendMicro-HouseCall TROJ_GEN.R0C1C0DHU16 20160907
VBA32 Malware-Cryptor.Inject.gen 20160905
VIPRE Trojan.Win32.Generic!BT 20160907
Yandex Trojan.Inject!ca3fU0gIUpY 20160906
Zillya Trojan.Injector.Win32.404794 20160907
Alibaba 20160905
Baidu 20160906
Bkav 20160905
CAT-QuickHeal 20160906
ClamAV 20160907
CMC 20160905
Comodo 20160906
F-Prot 20160907
Kingsoft 20160907
Malwarebytes 20160907
NANO-Antivirus 20160907
nProtect 20160907
Qihoo-360 20160907
SUPERAntiSpyware 20160907
TheHacker 20160905
TotalDefense 20160907
ViRobot 20160906
Zoner 20160907
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-08-20 22:22:07
Entry Point 0x000151E7
Number of sections 4
PE sections
PE imports
RegDeleteKeyA
RegOpenKeyA
RegCloseKey
RegQueryValueA
RegQueryValueExA
RegSetValueExA
RegDeleteValueA
RegCreateKeyExA
RegOpenKeyExA
RegEnumKeyA
InitCommonControlsEx
SetMapMode
SaveDC
TextOutA
GetClipBox
GetDeviceCaps
OffsetViewportOrgEx
DeleteDC
RestoreDC
SetTextColor
GetObjectA
CreateBitmap
RectVisible
GetStockObject
SetViewportOrgEx
ScaleWindowExtEx
ExtTextOutA
PtVisible
Escape
ScaleViewportExtEx
SetViewportExtEx
SetWindowExtEx
SelectObject
SetBkColor
DeleteObject
GetStdHandle
GetConsoleOutputCP
HeapDestroy
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
LocalAlloc
SetErrorMode
FreeEnvironmentStringsW
GetLocaleInfoW
SetStdHandle
GetCPInfo
GetProcAddress
GetStringTypeA
InterlockedExchange
WriteFile
GetSystemTimeAsFileTime
EnumResourceLanguagesA
HeapReAlloc
GetStringTypeW
GetFullPathNameA
FreeLibrary
LocalFree
InitializeCriticalSection
LoadResource
GlobalHandle
FindClose
InterlockedDecrement
FormatMessageA
GetStringTypeExA
SetLastError
GetModuleFileNameW
IsDebuggerPresent
HeapAlloc
GetVersionExA
GetModuleFileNameA
GetVolumeInformationA
GetPrivateProfileStringA
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
GetModuleHandleA
GlobalAddAtomA
SetUnhandledExceptionFilter
ConvertDefaultLocale
MulDiv
TerminateProcess
WriteConsoleA
GlobalAlloc
GetCurrentThreadId
InterlockedIncrement
WriteConsoleW
HeapFree
EnterCriticalSection
SetHandleCount
lstrcmpiA
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetStartupInfoA
GlobalDeleteAtom
GetPrivateProfileIntA
GetUserDefaultLCID
GetProcessHeap
GlobalReAlloc
lstrcmpA
FindFirstFileA
lstrcpyA
CompareStringA
IsValidLocale
lstrcmpW
GlobalLock
GlobalFindAtomA
GetFileType
TlsSetValue
CreateFileA
ExitProcess
LeaveCriticalSection
GetLastError
LocalReAlloc
LCMapStringW
lstrlenA
GlobalFree
GetConsoleCP
LCMapStringA
GlobalGetAtomNameA
GetThreadLocale
GetEnvironmentStringsW
GlobalUnlock
GetEnvironmentStrings
WritePrivateProfileStringA
GetCurrentProcessId
LockResource
GetCurrentDirectoryA
HeapSize
GetCommandLineA
GetCurrentThread
RaiseException
TlsFree
SetFilePointer
ReadFile
GlobalFlags
CloseHandle
EnumSystemLocalesA
GetACP
GetVersion
FreeResource
SizeofResource
WideCharToMultiByte
IsValidCodePage
HeapCreate
VirtualFree
Sleep
FindResourceA
VirtualAlloc
VariantChangeType
VariantClear
VariantInit
PathFindFileNameA
PathFindExtensionA
PathIsUNCA
PathStripToRootA
SetFocus
GetForegroundWindow
SetMenuItemBitmaps
DestroyMenu
PostQuitMessage
GetMessagePos
LoadBitmapA
SetWindowPos
IsWindow
DispatchMessageA
EndPaint
GrayStringA
GetMessageTime
SetActiveWindow
GetMenuItemID
GetCursorPos
ReleaseDC
GetDlgCtrlID
GetClassInfoA
GetMenu
UnregisterClassA
SendMessageA
GetClientRect
GetNextDlgTabItem
CallNextHookEx
GetTopWindow
GetActiveWindow
GetWindowTextA
PtInRect
GetMessageA
GetParent
UpdateWindow
SetPropA
GetClassInfoExA
ShowWindow
GetPropA
GetMenuState
EnableWindow
PeekMessageA
TranslateMessage
IsWindowEnabled
GetWindow
CharUpperA
GetWindowPlacement
IsIconic
RegisterClassA
TabbedTextOutA
GetWindowLongA
CreateWindowExA
CopyRect
GetSysColorBrush
DestroyWindow
IsDialogMessageA
MapWindowPoints
BeginPaint
RegisterWindowMessageA
DefWindowProcA
SendDlgItemMessageA
GetSystemMetrics
EnableMenuItem
GetWindowRect
PostMessageA
SetWindowLongA
RemovePropA
SetWindowTextA
CheckMenuItem
GetSubMenu
GetLastActivePopup
GetDlgItem
GetMenuCheckMarkDimensions
ClientToScreen
GetClassLongA
InsertMenuA
CreateDialogIndirectParamA
LoadCursorA
LoadIconA
SetWindowsHookExA
GetMenuItemCount
GetDesktopWindow
GetDC
SetForegroundWindow
PostThreadMessageA
DrawTextA
EndDialog
GetCapture
DrawTextExA
GetWindowThreadProcessId
UnhookWindowsHookEx
RegisterClipboardFormatA
GetMenuStringA
MessageBoxA
AdjustWindowRectEx
GetSysColor
GetKeyState
SystemParametersInfoA
IsWindowVisible
WinHelpA
DeleteMenu
ValidateRect
CallWindowProcA
GetClassNameA
GetFocus
ModifyMenuA
SetCursor
OpenPrinterA
DocumentPropertiesA
ClosePrinter
GetFileTitleA
OleUninitialize
OleInitialize
CoRevokeClassObject
OleFlushClipboard
CoFreeUnusedLibraries
CoRegisterMessageFilter
OleIsCurrentClipboard
Number of PE resources by type
DB 1
Number of PE resources by language
NEUTRAL 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2016:08:20 23:22:07+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
184320

LinkerVersion
8.0

EntryPoint
0x151e7

InitializedDataSize
73728

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 0ce8ddb729bc379876311810a2300dcf
SHA1 bc65655254470b46c1fa103a5f1254f562d221cb
SHA256 92686d5d112bc904aa2db9332a5a006a5d37f009ba07a7d4200043bb8450b7b9
ssdeep
6144:0ZgVXXcj9Z0Q9ZBGID2JoHhjWkyCC3xgdbTBoAfM:0ZgVnPQ9ZEJojyhAbTa

authentihash cf6dca2df0dfd82cfaee64f2930f990390b21721c5476220729db616168bb4f8
imphash 3dd22ee67828b140431dc88981b4a123
File size 256.0 KB ( 262144 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (35.8%)
Win64 Executable (generic) (31.7%)
Windows screen saver (15.0%)
Win32 Dynamic Link Library (generic) (7.5%)
Win32 Executable (generic) (5.1%)
Tags
peexe

VirusTotal metadata
First submission 2016-09-06 22:27:39 UTC ( 2 years, 7 months ago )
Last submission 2016-09-06 22:27:39 UTC ( 2 years, 7 months ago )
File names gdp32.exe
gdp32.exe
gdp32.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Created processes
Opened mutexes
Hooking activity
Runtime DLLs
Additional details
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.
UDP communications