× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 94a579df80023539c6e81b5498c8a8bceed830e5b2b7a9eae67daf871e2d8582
File name: 01431234066505.exe
Detection ratio: 11 / 57
Analysis date: 2015-05-10 22:31:59 UTC ( 4 years ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Mikey.13023 20150510
Avast Win32:Malware-gen 20150510
Avira (no cloud) TR/Dropper.Gen 20150510
BitDefender Gen:Variant.Mikey.13023 20150510
Bkav HW32.Packed.2969 20150509
Emsisoft Gen:Variant.Mikey.13023 (B) 20150510
ESET-NOD32 Win32/Kovter.B 20150510
F-Secure Gen:Variant.Mikey.13023 20150510
GData Gen:Variant.Mikey.13023 20150510
Malwarebytes Trojan.Agent.ED 20150510
eScan Gen:Variant.Mikey.13023 20150510
AegisLab 20150510
Yandex 20150510
AhnLab-V3 20150510
Alibaba 20150510
ALYac 20150510
Antiy-AVL 20150508
AVG 20150510
AVware 20150510
Baidu-International 20150510
ByteHero 20150510
CAT-QuickHeal 20150509
ClamAV 20150510
CMC 20150508
Comodo 20150510
Cyren 20150510
DrWeb 20150510
F-Prot 20150510
Fortinet 20150510
Ikarus 20150510
Jiangmin 20150506
K7AntiVirus 20150510
K7GW 20150510
Kaspersky 20150510
Kingsoft 20150510
McAfee 20150510
McAfee-GW-Edition 20150510
Microsoft 20150510
NANO-Antivirus 20150510
Norman 20150510
nProtect 20150508
Panda 20150510
Qihoo-360 20150510
Rising 20150510
Sophos AV 20150510
SUPERAntiSpyware 20150509
Symantec 20150510
Tencent 20150510
TheHacker 20150508
TotalDefense 20150510
TrendMicro 20150510
TrendMicro-HouseCall 20150510
VBA32 20150508
VIPRE 20150510
ViRobot 20150510
Zillya 20150510
Zoner 20150507
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-05-09 18:56:40
Entry Point 0x00003E90
Number of sections 4
PE sections
Overlays
MD5 08b515fed75cd5534e9200de2e11f825
File type data
Offset 380928
Size 43
Entropy 5.29
PE imports
GetTokenInformation
IsValidAcl
IsValidSid
FreeSid
AddAccessAllowedAce
AllocateAndInitializeSid
InitializeAcl
LookupAccountSidA
GetLengthSid
CreateToolbarEx
InitCommonControlsEx
ImageList_Destroy
ImageList_AddMasked
ImageList_Create
ImageList_Add
PrintDlgA
ChooseFontA
PatBlt
GetNearestColor
TextOutA
CreateFontIndirectA
GetTextMetricsA
Rectangle
GetDeviceCaps
LineTo
DeleteDC
SetDCPenColor
EndDoc
StartPage
GetObjectW
BitBlt
SetTextColor
GetObjectA
CreateBitmap
MoveToEx
GetStockObject
CreateCompatibleDC
StretchBlt
EndPage
CreatePen
SelectObject
StartDocA
CreateSolidBrush
SetBkColor
DeleteObject
ImmGetDefaultIMEWnd
LoadResource
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
SetHandleCount
GetSystemInfo
lstrlenA
GetModuleFileNameW
GetConsoleCP
GetOEMCP
QueryPerformanceCounter
MulDiv
IsDebuggerPresent
ExitProcess
TlsAlloc
GetEnvironmentStringsW
FlushFileBuffers
GetModuleFileNameA
RtlUnwind
IsProcessorFeaturePresent
HeapAlloc
DeleteCriticalSection
GetCurrentProcess
SizeofResource
GetConsoleMode
DecodePointer
GetCurrentProcessId
LockResource
WriteConsoleW
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
HeapSize
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
EncodePointer
GetStartupInfoW
SetStdHandle
FindResourceExA
lstrcmpiA
GetCPInfo
LoadLibraryW
TlsFree
SetFilePointer
HeapSetInformation
SetUnhandledExceptionFilter
WriteFile
CloseHandle
GetSystemTimeAsFileTime
GetACP
HeapReAlloc
GetStringTypeW
GetModuleHandleW
GetProcessHeap
TerminateProcess
WideCharToMultiByte
GetVersion
IsValidCodePage
HeapCreate
CreateFileW
TlsGetValue
Sleep
GetFileType
TlsSetValue
GetTickCount
GetCurrentThreadId
InterlockedIncrement
SetLastError
LeaveCriticalSection
SysFreeString
SysAllocStringLen
GetUserNameExA
GetMessageA
RegisterClassA
LoadImageA
UpdateWindow
BeginPaint
OffsetRect
PostQuitMessage
DefWindowProcA
GetIconInfo
LoadBitmapA
SetWindowPos
GetSystemMetrics
GetMenu
GetWindowRect
DispatchMessageA
EndPaint
MoveWindow
RegisterWindowMessageA
MessageBoxA
GetSystemMenu
GetWindowDC
TranslateMessage
IsWindowEnabled
GetDC
CopyImage
ReleaseDC
SetWindowTextA
CheckMenuItem
DestroyIcon
UnregisterClassA
ShowWindow
DrawIconEx
AppendMenuA
SendMessageA
GetClientRect
GetDlgItem
LoadImageW
EnableMenuItem
ClientToScreen
InvalidateRect
GetSubMenu
CreateWindowExA
LoadCursorA
LoadIconA
CreatePopupMenu
CallWindowProcA
GetClassNameA
GetFocus
IsDialogMessageA
DestroyWindow
InternetQueryOptionA
WTSEnumerateSessionsA
CoInitializeEx
CoCreateInstance
CoUninitialize
CoInitialize
Number of PE resources by type
RT_STRING 19
RT_BITMAP 12
RT_GROUP_CURSOR 9
RT_RCDATA 5
RT_ICON 4
PNG 3
ZSTRINGTABLE 1
RT_MANIFEST 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 55
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2015:05:09 19:56:40+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
60416

LinkerVersion
10.0

EntryPoint
0x3e90

InitializedDataSize
319488

SubsystemVersion
5.1

ImageVersion
0.0

OSVersion
5.1

UninitializedDataSize
0

File identification
MD5 82e3c4e7dbfde102e84b7ac0a34d573e
SHA1 50060b94b376cfb328f48b7a1757dc207e813207
SHA256 94a579df80023539c6e81b5498c8a8bceed830e5b2b7a9eae67daf871e2d8582
ssdeep
6144:p/NVMG9OnhmjGK4aVnvPGqPox7J7vGYE21Wqh:XVMG9ghmjGKTVnjPy7J7uah

authentihash b98b36b3843530ca56093c243365e4edd8e27044cc421856be4c484a6d9f322b
imphash c0c4073c48bbbdf71d3b5f7a7bda4df8
File size 372.0 KB ( 380971 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID InstallShield setup (48.1%)
Win32 Executable MS Visual C++ (generic) (34.9%)
Win32 Dynamic Link Library (generic) (7.3%)
Win32 Executable (generic) (5.0%)
Generic Win/DOS Executable (2.2%)
Tags
peexe overlay

VirusTotal metadata
First submission 2015-05-10 22:29:13 UTC ( 4 years ago )
Last submission 2015-05-18 12:32:34 UTC ( 4 years ago )
File names 01431234066505.exe
01431234066505.bin
01431234066505.exe
Advanced heuristic and reputation engines
TrendMicro-HouseCall
TrendMicro's heuristic engine has flagged this file as: TROJ_GEN.R021C0FEH15.

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created processes
Terminated processes
Opened mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.