× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 936cd2b2b6f3147eec5864451b75e74dcdd8d8ffe65c756c03ebefd26f828524
File name: 936cd2b2b6f3147eec5864451b75e74dcdd8d8ffe65c756c03ebefd26f828524
Detection ratio: 41 / 54
Analysis date: 2016-02-11 16:05:07 UTC ( 1 year, 5 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.AgentWDCR.FHQ 20160211
AegisLab Uds.Dangerousobject.Multi!c 20160211
AhnLab-V3 Trojan/Win32.Upbot 20160211
Antiy-AVL Worm/Win32.Ngrbot 20160211
Arcabit Trojan.AgentWDCR.FHQ 20160211
Avast Win32:Dorder-S [Trj] 20160211
AVG Crypt5.ZDY 20160211
Avira (no cloud) TR/Crypt.Xpack.371847 20160211
BitDefender Trojan.AgentWDCR.FHQ 20160211
CAT-QuickHeal Worm.Dorkbot.WR4 20160211
Comodo UnclassifiedMalware 20160211
Cyren W32/Agent.XL.gen!Eldorado 20160211
DrWeb Trojan.Inject1.43628 20160211
Emsisoft Trojan.AgentWDCR.FHQ (B) 20160211
ESET-NOD32 Win32/Dorkbot.B 20160211
F-Prot W32/Agent.XL.gen!Eldorado 20160211
F-Secure Trojan.AgentWDCR.FHQ 20160211
Fortinet W32/Dorkbot.B!worm 20160211
GData Trojan.AgentWDCR.FHQ 20160211
Ikarus Worm.Win32.Dorkbot 20160211
Jiangmin 5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5 20160211
K7AntiVirus Trojan ( 0001589d1 ) 20160211
K7GW Trojan ( 0001589d1 ) 20160211
Kaspersky HEUR:Trojan.Win32.Generic 20160211
McAfee RDN/Sdbot.worm 20160211
McAfee-GW-Edition BehavesLike.Win32.Trojan.fh 20160211
Microsoft Worm:Win32/Dorkbot.I 20160211
eScan Trojan.AgentWDCR.FHQ 20160211
NANO-Antivirus Trojan.Win32.Inject1.dznbvm 20160211
nProtect Trojan.AgentWDCR.FHQ 20160205
Panda Trj/WLT.B 20160210
Qihoo-360 Win32/Trojan.Multi.daf 20160211
Rising PE:Trojan.Kryptik!1.A32E [F] 20160211
Sophos AV W32/Dorkbot-KN 20160211
SUPERAntiSpyware Trojan.Agent/Gen-Lethic 20160211
Symantec Trojan.Gen.2 20160211
Tencent Win32.Trojan.Inject.Auto 20160211
TrendMicro TROJ_GEN.R01TC0DAA16 20160211
VBA32 Worm.Ngrbot 20160211
VIPRE Trojan.Win32.Generic!BT 20160211
ViRobot Trojan.Win32.R.Agent.312832[h] 20160211
Yandex 20160210
Alibaba 20160204
Baidu-International 20160211
Bkav 20160204
ByteHero 20160211
ClamAV 20160211
CMC 20160205
Malwarebytes 20160211
TheHacker 20160210
TotalDefense 20160211
TrendMicro-HouseCall 20160211
Zillya 20160210
Zoner 20160211
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-01-05 16:44:35
Entry Point 0x000127BE
Number of sections 6
PE sections
PE imports
RegDeleteKeyA
RegFlushKey
RegCloseKey
RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegCreateKeyExA
RegOpenKeyExA
RegDeleteValueA
RegEnumKeyExA
RegQueryInfoKeyA
GetOpenFileNameA
ChooseColorA
FindTextA
GetSaveFileNameA
ChooseFontA
PolyPolyline
SetMapMode
GetWindowOrgEx
GetTextMetricsA
CombineRgn
GetObjectType
GetTextExtentPointA
SetPixel
EndDoc
DeleteObject
IntersectClipRect
CopyEnhMetaFileA
CreatePalette
CreateDIBitmap
GetDIBits
GetEnhMetaFileBits
GetDCOrgEx
StretchBlt
StretchDIBits
GetPaletteEntries
SetWindowExtEx
ExtCreatePen
SetBkColor
SetWinMetaFileBits
GetDIBColorTable
DeleteEnhMetaFile
GetSystemPaletteEntries
SetStretchBltMode
GetCurrentPositionEx
CreateFontIndirectA
GetPixel
GetBrushOrgEx
ExcludeClipRect
SetBkMode
BitBlt
GetObjectA
SetAbortProc
CreateBrushIndirect
SelectPalette
SetROP2
EndPage
GetNearestPaletteIndex
SetDIBColorTable
SetViewportExtEx
CreatePenIndirect
PatBlt
CreatePen
GetClipBox
Rectangle
GetDeviceCaps
CreateDCA
LineTo
DeleteDC
StartPage
RealizePalette
SetEnhMetaFileBits
CreateBitmap
RectVisible
GetStockObject
PlayEnhMetaFile
ExtTextOutA
UnrealizeObject
GdiFlush
SelectClipRgn
RoundRect
GetTextExtentPoint32A
GetWinMetaFileBits
GetEnhMetaFileHeader
SetWindowOrgEx
CreateICA
Polygon
CreateHalftonePalette
GetRgnBox
SaveDC
MaskBlt
GetEnhMetaFilePaletteEntries
RestoreDC
GetBitmapBits
CreateDIBSection
SetTextColor
MoveToEx
SetViewportOrgEx
CreateRoundRectRgn
CreateCompatibleDC
SetBrushOrgEx
CreateRectRgn
SelectObject
StartDocA
CreateSolidBrush
Polyline
CreateCompatibleBitmap
GetStdHandle
GetConsoleOutputCP
GetFileAttributesA
WaitForSingleObject
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
lstrcatA
SetErrorMode
FreeEnvironmentStringsW
SetStdHandle
GetTempPathA
GetCPInfo
GetStringTypeA
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
GetFullPathNameA
GetOEMCP
MoveFileA
FindClose
InterlockedDecrement
SetLastError
IsDebuggerPresent
HeapAlloc
GetModuleFileNameA
LoadLibraryExA
GetPrivateProfileStringA
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
SetFilePointer
CreateThread
SetFileAttributesA
SetUnhandledExceptionFilter
MulDiv
ExitThread
SetEnvironmentVariableA
TerminateProcess
WriteConsoleA
GetVersion
GlobalAlloc
SearchPathA
SetEndOfFile
GetCurrentThreadId
LeaveCriticalSection
SetCurrentDirectoryA
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
lstrcmpiA
GetExitCodeProcess
QueryPerformanceCounter
GetTickCount
TlsAlloc
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetSystemDirectoryA
FreeLibrary
GetStartupInfoA
GetFileSize
GetWindowsDirectoryA
GetProcAddress
GetProcessHeap
CompareStringW
lstrcmpA
FindFirstFileA
GetDiskFreeSpaceA
CompareStringA
GetTempFileNameA
FindNextFileA
GlobalLock
GetTimeZoneInformation
GetFileType
TlsSetValue
CreateFileA
ExitProcess
InterlockedIncrement
GetLastError
LCMapStringW
lstrlenA
GlobalFree
GetConsoleCP
LCMapStringA
GetEnvironmentStringsW
GlobalUnlock
RemoveDirectoryA
GetShortPathNameA
GetEnvironmentStrings
WritePrivateProfileStringA
GetCurrentProcessId
SetFileTime
WideCharToMultiByte
HeapSize
GetCommandLineA
RaiseException
TlsFree
GetModuleHandleA
ReadFile
CloseHandle
lstrcpynA
GetACP
GetModuleHandleW
IsValidCodePage
HeapCreate
VirtualFree
Sleep
VirtualAlloc
SHGetFileInfoA
ShellExecuteExA
SHBrowseForFolderA
SHChangeNotify
SHGetSpecialFolderLocation
SHGetDataFromIDListA
SHGetDesktopFolder
SHGetPathFromIDListA
SHGetMalloc
ShellExecuteA
SHFileOperationA
CharPrevA
SetDlgItemTextA
GetMessagePos
LoadImageA
SystemParametersInfoA
MessageBoxIndirectA
DdeAccessData
BeginPaint
InvalidateRect
EndDialog
PostQuitMessage
DefWindowProcA
GetClassInfoA
SetClassLongA
FillRect
LoadBitmapA
SetWindowPos
DdeImpersonateClient
DdeDisconnect
DdeCreateStringHandleA
IsWindow
DdeUninitialize
GetWindowRect
DispatchMessageA
EnableWindow
PeekMessageA
GetWindowLongA
DdeSetUserHandle
MessageBoxA
GetDlgItemTextA
ScreenToClient
DdePostAdvise
GetSystemMenu
SetWindowLongA
DialogBoxParamA
SetTimer
GetSysColor
DdeCmpStringHandles
GetDC
DdeUnaccessData
DdeInitializeA
CreatePopupMenu
LoadStringA
ShowWindow
DdeQueryConvInfo
SetClipboardData
GetSystemMetrics
IsWindowVisible
EmptyClipboard
DrawTextA
GetClientRect
DdeNameService
DdeGetLastError
SetForegroundWindow
CreateDialogParamA
SetCursor
SetWindowTextA
LoadCursorA
EnableMenuItem
RegisterClassA
SendMessageTimeoutA
AppendMenuA
DdeFreeDataHandle
wsprintfA
FindWindowExA
CreateWindowExA
DdeClientTransaction
TrackPopupMenu
SendMessageA
DdeFreeStringHandle
IsWindowEnabled
CharNextA
CheckDlgButton
DdeCreateDataHandle
CallWindowProcA
DdeConnect
EndPaint
CloseClipboard
GetDlgItem
OpenClipboard
GetKeyboardType
ExitWindowsEx
DdeQueryStringA
DestroyWindow
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA
EnumPrintersA
OpenPrinterA
DocumentPropertiesA
ClosePrinter
OleUninitialize
CoUninitialize
CoInitialize
OleInitialize
StringFromCLSID
ReleaseStgMedium
CLSIDFromString
RegisterDragDrop
CoCreateInstance
DoDragDrop
RevokeDragDrop
OleGetClipboard
CoTaskMemFree
CoTaskMemAlloc
Number of PE resources by type
RT_BITMAP 9
RT_RCDATA 1
Number of PE resources by language
NEUTRAL 9
ENGLISH NZ 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2016:01:05 17:44:35+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
140800

LinkerVersion
9.0

EntryPoint
0x127be

InitializedDataSize
171008

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
0

File identification
MD5 48d309192092d6be2f4859f0eb29375a
SHA1 c0431e92d78bd19c350c5f19def5b7680c39f45b
SHA256 936cd2b2b6f3147eec5864451b75e74dcdd8d8ffe65c756c03ebefd26f828524
ssdeep
6144:+wYizfnUWS4+3xE88IsPJZvj/hYaQKg+G4:9nUWoA7JZvzBjg+3

authentihash 38098e30b428a28a826498b6c03f87afde0253e8c3cb34e283cdb9a453496621
imphash 7d38a353589fc50f81c2d1ecbcafc8ab
File size 305.5 KB ( 312832 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.4%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2016-01-06 00:57:36 UTC ( 1 year, 6 months ago )
Last submission 2016-04-25 12:05:04 UTC ( 1 year, 2 months ago )
File names dvdplay.exe
48d309192092d6be2f4859f0eb29375a
Advanced heuristic and reputation engines
TrendMicro-HouseCall
TrendMicro's heuristic engine has flagged this file as: TROJ_GEN.R01TC0DAA16.

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Runtime DLLs
UDP communications