× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 9680c5a21334779e858c88dd01d35fafedd2d359080f813771f8de8c55dca811
File name: pin.exe
Detection ratio: 12 / 55
Analysis date: 2014-09-04 21:24:31 UTC ( 4 years, 6 months ago ) View latest
Antivirus Result Update
Baidu-International Trojan.Win32.Zbot.bABX 20140904
BitDefender Trojan.GenericKD.1841121 20140904
Emsisoft Trojan.GenericKD.1841121 (B) 20140904
ESET-NOD32 Win32/Spy.Zbot.ABX 20140904
Kaspersky Trojan-Spy.Win32.Zbot.tzkm 20140904
Malwarebytes Trojan.Agent.ED 20140904
McAfee Artemis!D4BADA7DC36C 20140904
McAfee-GW-Edition BehavesLike.Win32.Packed.dc 20140904
eScan Trojan.GenericKD.1841121 20140904
Qihoo-360 Win32/Trojan.Multi.daf 20140904
Rising PE:Malware.XPACK-HIE/Heur!1.9C48 20140904
Sophos AV Mal/Generic-S 20140904
Ad-Aware 20140904
AegisLab 20140904
Yandex 20140904
AhnLab-V3 20140903
Antiy-AVL 20140904
Avast 20140904
AVG 20140904
Avira (no cloud) 20140904
AVware 20140904
Bkav 20140904
ByteHero 20140904
CAT-QuickHeal 20140904
ClamAV 20140904
CMC 20140904
Comodo 20140904
Cyren 20140904
DrWeb 20140904
F-Prot 20140904
F-Secure 20140904
Fortinet 20140904
GData 20140904
Ikarus 20140904
Jiangmin 20140904
K7AntiVirus 20140904
K7GW 20140904
Kingsoft 20140904
Microsoft 20140904
NANO-Antivirus 20140904
Norman 20140904
nProtect 20140904
Panda 20140904
SUPERAntiSpyware 20140904
Symantec 20140904
Tencent 20140904
TheHacker 20140904
TotalDefense 20140904
TrendMicro 20140904
TrendMicro-HouseCall 20140904
VBA32 20140903
VIPRE 20140904
ViRobot 20140904
Zillya 20140904
Zoner 20140901
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-09-04 06:28:00
Entry Point 0x00004E2E
Number of sections 4
PE sections
PE imports
RegCloseKey
OpenProcessToken
GetUserNameW
GetCurrentHwProfileA
GetUserNameA
LookupAccountSidA
RegOpenKeyExA
ConvertStringSidToSidW
RegEnumKeyExA
RegQueryInfoKeyA
GetDeviceCaps
SetViewportExtEx
LineTo
SetROP2
SetMapMode
FrameRgn
SetBkMode
MoveToEx
CreatePen
GetStockObject
SaveDC
TextOutA
RestoreDC
CreateSolidBrush
DPtoLP
SelectObject
EnumFontsA
DeleteObject
Ellipse
SetThreadLocale
GetStdHandle
WaitForSingleObject
GetDriveTypeA
EncodePointer
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
ExpandEnvironmentStringsA
GetLogicalDrives
FreeEnvironmentStringsW
SetStdHandle
WideCharToMultiByte
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
LocalFree
GetLogicalDriveStringsA
AllocConsole
TlsGetValue
FindNextChangeNotification
SetLastError
GetModuleFileNameW
IsDebuggerPresent
ExitProcess
GetModuleFileNameA
HeapSetInformation
GetVolumeInformationA
FindClose
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
CreateSemaphoreA
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
GetSystemDirectoryA
DecodePointer
TerminateProcess
FindCloseChangeNotification
GetNumberFormatA
GlobalAlloc
GetCurrentThreadId
InterlockedIncrement
SetCurrentDirectoryA
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
LoadLibraryW
GetOEMCP
QueryPerformanceCounter
GetTickCount
SetConsoleTextAttribute
TlsAlloc
FlushFileBuffers
LoadLibraryA
RtlUnwind
CreateDirectoryA
GetWindowsDirectoryA
GetStartupInfoW
GlobalLock
lstrcpyW
FindFirstFileA
lstrcpyA
GetComputerNameA
FindNextFileA
GetProcAddress
CreateFileW
GetFileType
SetVolumeLabelA
TlsSetValue
HeapAlloc
LeaveCriticalSection
GetLastError
LCMapStringW
FindFirstChangeNotificationA
GetConsoleCP
GetEnvironmentStringsW
GlobalUnlock
GetCurrentProcessId
GetCPInfo
HeapSize
GetCommandLineA
RaiseException
ReleaseSemaphore
TlsFree
SetFilePointer
ReadConsoleOutputCharacterW
CloseHandle
GetACP
GetModuleHandleW
IsValidCodePage
HeapCreate
CreateProcessW
Sleep
NetUserGetInfo
LoadRegTypeLib
VariantChangeType
VariantClear
SysAllocString
RegisterActiveObject
SysFreeString
VariantInit
SHGetDesktopFolder
SHGetFolderPathA
StrChrA
MapWindowPoints
GetMessageA
GetForegroundWindow
UpdateWindow
EndDialog
BeginPaint
SetFocus
DestroyMenu
LoadBitmapA
SetWindowLongW
GetCursorPos
GetWindowRect
DispatchMessageA
EndPaint
SetMenu
PeekMessageA
TranslateMessage
GetWindow
ActivateKeyboardLayout
GetDC
GetAsyncKeyState
ReleaseDC
GetDlgCtrlID
GetMenu
SendMessageA
GetClientRect
GetDlgItem
IsWindow
EnableMenuItem
wsprintfA
CharNextA
WaitForInputIdle
GetFocus
CreateWindowExW
MsgWaitForMultipleObjects
GetWindowTextA
IsDialogMessageA
CoInitializeEx
CoUninitialize
CoInitialize
CoCreateInstance
CLSIDFromString
CreateILockBytesOnHGlobal
CoGetClassObject
Number of PE resources by type
RT_DIALOG 3
RT_ACCELERATOR 1
RT_ICON 1
RT_GROUP_ICON 1
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 7
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2014:09:04 08:28:00+02:00

FileType
Win32 EXE

PEType
PE32

CodeSize
124928

LinkerVersion
10.0

ImageFileCharacteristics
No relocs, Executable, 32-bit

EntryPoint
0x4e2e

InitializedDataSize
165376

SubsystemVersion
5.1

ImageVersion
0.0

OSVersion
5.1

UninitializedDataSize
0

Compressed bundles
File identification
MD5 d4bada7dc36cecb9103aa0c4c3da86ec
SHA1 5b79c30842bdbddbea7c06b224c4f56cc49cd904
SHA256 9680c5a21334779e858c88dd01d35fafedd2d359080f813771f8de8c55dca811
ssdeep
6144:nrGy4dp5EUQmsBglXEOPdn/oocj+bjmmYVSx6Le46u+LqduD:nx4dp5Fyq39QryYMx6LyKw

authentihash 01db191e7e3b69e0104719e2420db6238ac63a63ef13f15ad53b68c0c4201ae5
imphash 34e4be1164d7d9cbede664ad974be8a3
File size 284.5 KB ( 291328 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2014-09-04 10:19:45 UTC ( 4 years, 6 months ago )
Last submission 2018-05-15 05:57:03 UTC ( 10 months, 1 week ago )
File names SBJINCG.wsf
2014-09-04-23-51-25-d4bada7dc36cecb9103aa0c4c3da86ec
d4bada7dc36cecb9103aa0c4c3da86ec.exe
me.ex#
9680c5a21334779e858c88dd01d35fafedd2d359080f813771f8de8c55dca811.exe
me.exe
media.exe
pin.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
UDP communications