× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 93e67fd64af3f603976bcd76d84da3c3913d0c331084342552513dfca417df11
File name: 4379c0be7aa203055837ae373e21e1b1
Detection ratio: 34 / 56
Analysis date: 2015-03-19 21:23:44 UTC ( 4 years ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKDZ.27396 20150319
AhnLab-V3 Trojan/Win32.Zbot 20150319
ALYac Trojan.GenericKDZ.27396 20150319
Antiy-AVL Trojan/Win32.Inject 20150319
Avast Win32:Crypt-RWY [Trj] 20150319
AVG Crypt3.CMFG 20150319
Avira (no cloud) TR/Crypt.Xpack.162783 20150319
AVware Trojan.Win32.Generic!BT 20150319
Baidu-International Trojan.Win32.Zbot.veah 20150319
BitDefender Trojan.GenericKDZ.27396 20150319
Cyren W32/Trojan.XLKN-5446 20150319
DrWeb BackDoor.Andromeda.614 20150319
Emsisoft Trojan.GenericKDZ.27396 (B) 20150319
ESET-NOD32 a variant of Win32/Injector.BWCU 20150319
F-Secure Trojan.GenericKDZ.27396 20150319
Fortinet W32/Emotet.AD!tr 20150319
GData Trojan.GenericKDZ.27396 20150319
Ikarus Trojan.Win32.Emotet 20150319
K7AntiVirus Riskware ( 0040eff71 ) 20150319
K7GW Riskware ( 0040eff71 ) 20150319
Kaspersky Trojan-Spy.Win32.Zbot.veah 20150319
Malwarebytes Trojan.Ransom.ED 20150319
McAfee Artemis!4379C0BE7AA2 20150319
McAfee-GW-Edition Generic-FAWD!4379C0BE7AA2 20150319
Microsoft VirTool:Win32/CeeInject.gen!KK 20150319
eScan Trojan.GenericKDZ.27396 20150319
NANO-Antivirus Trojan.Win32.Andromeda.dpazdi 20150319
Norman Injector.HYGV 20150319
nProtect Trojan.GenericKDZ.27396 20150319
Panda Trj/Genetic.gen 20150318
Sophos AV Troj/Fondu-DW 20150319
TrendMicro TSPY_EMOTET.SMXK 20150319
TrendMicro-HouseCall TSPY_EMOTET.SMXK 20150319
VIPRE Trojan.Win32.Generic!BT 20150319
AegisLab 20150319
Yandex 20150319
Alibaba 20150319
Bkav 20150319
ByteHero 20150319
CAT-QuickHeal 20150319
ClamAV 20150319
CMC 20150317
Comodo 20150319
F-Prot 20150319
Kingsoft 20150319
Qihoo-360 20150319
Rising 20150319
SUPERAntiSpyware 20150319
Symantec 20150319
Tencent 20150319
TheHacker 20150319
TotalDefense 20150319
VBA32 20150319
ViRobot 20150319
Zillya 20150319
Zoner 20150319
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-03-09 18:38:05
Entry Point 0x00004C58
Number of sections 6
PE sections
PE imports
SelectObject
CreateSolidBrush
CreatePen
BitBlt
GetModuleHandleW
GetStartupInfoW
Ord(3820)
Ord(2406)
Ord(6113)
Ord(4621)
Ord(5298)
Ord(1634)
Ord(2980)
Ord(6371)
Ord(967)
Ord(2438)
Ord(523)
Ord(5237)
Ord(4073)
Ord(4128)
Ord(6048)
Ord(5996)
Ord(2362)
Ord(5257)
Ord(3733)
Ord(5736)
Ord(5236)
Ord(4523)
Ord(5727)
Ord(3744)
Ord(4616)
Ord(3167)
Ord(6332)
Ord(2873)
Ord(4717)
Ord(1987)
Ord(4852)
Ord(1569)
Ord(4539)
Ord(6370)
Ord(815)
Ord(4525)
Ord(3257)
Ord(5208)
Ord(641)
Ord(3917)
Ord(861)
Ord(3449)
Ord(2388)
Ord(3566)
Ord(338)
Ord(4343)
Ord(2502)
Ord(3076)
Ord(4414)
Ord(4233)
Ord(5256)
Ord(1739)
Ord(4430)
Ord(3142)
Ord(3060)
Ord(3193)
Ord(5285)
Ord(4617)
Ord(2021)
Ord(5793)
Ord(5233)
Ord(6330)
Ord(2069)
Ord(1165)
Ord(2486)
Ord(617)
Ord(366)
Ord(825)
Ord(4604)
Ord(5710)
Ord(4329)
Ord(5276)
Ord(4146)
Ord(4441)
Ord(4401)
Ord(2874)
Ord(540)
Ord(4606)
Ord(4335)
Ord(4692)
Ord(674)
Ord(1196)
Ord(5807)
Ord(1767)
Ord(2371)
Ord(3568)
Ord(4480)
Ord(4229)
Ord(5478)
Ord(5475)
Ord(823)
Ord(2047)
Ord(4537)
Ord(4405)
Ord(4913)
Ord(4958)
Ord(813)
Ord(5278)
Ord(2504)
Ord(5006)
Ord(4607)
Ord(5157)
Ord(4298)
Ord(541)
Ord(6051)
Ord(5261)
Ord(3074)
Ord(3345)
Ord(2613)
Ord(3592)
Ord(4609)
Ord(4884)
Ord(4459)
Ord(554)
Ord(4381)
Ord(2109)
Ord(2910)
Ord(2619)
Ord(3688)
Ord(2977)
Ord(2116)
Ord(4418)
Ord(5784)
Ord(2641)
Ord(1834)
Ord(4268)
Ord(3053)
Ord(796)
Ord(1937)
Ord(2382)
Ord(4831)
Ord(5070)
Ord(2618)
Ord(4158)
Ord(5573)
Ord(791)
Ord(975)
Ord(6076)
Ord(2715)
Ord(4426)
Ord(3398)
Ord(4269)
Ord(4992)
Ord(5297)
Ord(4608)
Ord(4461)
Ord(520)
Ord(4817)
Ord(3743)
Ord(986)
Ord(2377)
Ord(4893)
Ord(6211)
Ord(4419)
Ord(323)
Ord(4074)
Ord(1719)
Ord(2640)
Ord(1089)
Ord(773)
Ord(4421)
Ord(4773)
Ord(807)
Ord(4520)
Ord(3254)
Ord(2506)
Ord(4947)
Ord(3341)
Ord(4237)
Ord(4451)
Ord(5304)
Ord(5273)
Ord(3712)
Ord(2971)
Ord(2534)
Ord(1817)
Ord(4347)
Ord(5248)
Ord(1658)
Ord(501)
Ord(324)
Ord(560)
Ord(2391)
Ord(5296)
Ord(2527)
Ord(1768)
Ord(4704)
Ord(3793)
Ord(4955)
Ord(3826)
Ord(5193)
Ord(4847)
Ord(5468)
Ord(1720)
Ord(4075)
Ord(2854)
Ord(4857)
Ord(652)
Ord(5094)
Ord(4420)
Ord(5596)
Ord(5097)
Ord(1131)
Ord(1244)
Ord(2546)
Ord(4435)
Ord(5303)
Ord(4518)
Ord(6171)
Ord(2717)
Ord(4583)
Ord(6617)
Ord(561)
Ord(4292)
Ord(1083)
Ord(1143)
Ord(3054)
Ord(3658)
Ord(6372)
Ord(3131)
Ord(4154)
Ord(2024)
Ord(5059)
Ord(3825)
Ord(4072)
Ord(640)
Ord(4103)
Ord(529)
Ord(4370)
Ord(4969)
Ord(800)
Ord(296)
Ord(5649)
Ord(5239)
Ord(5286)
Ord(4690)
Ord(3621)
__wgetmainargs
__p__fmode
strcat
__dllonexit
strncat
strlen
_except_handler3
_itoa
_onexit
abs
exit
_XcptFilter
__setusermatherr
__p__commode
sprintf
__CxxFrameHandler
_adjust_fdiv
atoi
_exit
strcpy
_initterm
_controlfp
_wcmdln
strcmp
__set_app_type
SetTimer
SendMessageW
UpdateWindow
FillRect
LoadBitmapW
LoadCursorW
KillTimer
LoadIconW
EnableWindow
InvalidateRect
GetDC
SetCursor
Number of PE resources by type
RT_STRING 15
RT_DIALOG 4
RT_BITMAP 3
RT_GROUP_CURSOR 2
RT_CURSOR 2
RT_ICON 1
Struct(241) 1
RT_MENU 1
PDF 1
RT_ACCELERATOR 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
CHINESE SIMPLIFIED 29
NEUTRAL 3
ENGLISH US 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2015:03:09 19:38:05+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
28672

LinkerVersion
6.0

EntryPoint
0x4c58

InitializedDataSize
348160

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 4379c0be7aa203055837ae373e21e1b1
SHA1 873002efaba2a78319c8d38ee73c7b2a4d8bb02b
SHA256 93e67fd64af3f603976bcd76d84da3c3913d0c331084342552513dfca417df11
ssdeep
6144:cDs/JsRN/fFxn78yABW29yKYy+7Thw32CHYyHGH6pdI3bem47rBiL7e5QE1:1SNnFe1ZyKI7TafUsI3Sm6FiHe591

authentihash 8fda4e5ec8d36970b18389b172bc5120ad4e952a6adbbffe99213a765cbe09ab
imphash a97a77ce7f15c37a55c880e1886bb7d5
File size 373.1 KB ( 382010 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe

VirusTotal metadata
First submission 2015-03-19 21:23:44 UTC ( 4 years ago )
Last submission 2015-03-19 21:23:44 UTC ( 4 years ago )
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Code injections in the following processes
Opened mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
UDP communications