× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 983d40eed31734cffa2324f1e4221207a322669005f134a32d21e5e62fc5f43a
File name: 4dgrgdg.exe
Detection ratio: 4 / 55
Analysis date: 2015-11-24 10:32:51 UTC ( 3 years, 5 months ago ) View latest
Antivirus Result Update
AhnLab-V3 Trojan/Win32.NgrBot 20151123
Cyren W32/Agent.XL.gen!Eldorado 20151124
F-Prot W32/Agent.XL.gen!Eldorado 20151124
Qihoo-360 HEUR/QVM10.1.Malware.Gen 20151124
Ad-Aware 20151124
AegisLab 20151124
Yandex 20151123
Alibaba 20151124
ALYac 20151124
Antiy-AVL 20151124
Arcabit 20151124
Avast 20151124
AVG 20151124
Avira (no cloud) 20151124
AVware 20151124
Baidu-International 20151124
BitDefender 20151124
Bkav 20151123
ByteHero 20151124
CAT-QuickHeal 20151124
ClamAV 20151124
CMC 20151124
Comodo 20151124
DrWeb 20151124
Emsisoft 20151124
ESET-NOD32 20151124
F-Secure 20151124
Fortinet 20151124
GData 20151124
Ikarus 20151124
Jiangmin 20151123
K7AntiVirus 20151124
K7GW 20151124
Kaspersky 20151124
Malwarebytes 20151124
McAfee 20151124
McAfee-GW-Edition 20151124
Microsoft 20151124
eScan 20151124
NANO-Antivirus 20151124
nProtect 20151124
Panda 20151123
Rising 20151122
Sophos AV 20151123
SUPERAntiSpyware 20151124
Symantec 20151123
Tencent 20151124
TheHacker 20151121
TrendMicro 20151124
TrendMicro-HouseCall 20151124
VBA32 20151123
VIPRE 20151124
ViRobot 20151124
Zillya 20151123
Zoner 20151124
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-11-24 08:21:58
Entry Point 0x000186D2
Number of sections 5
PE sections
PE imports
RegDeleteKeyA
CryptReleaseContext
DecryptFileW
CryptGenRandom
CryptAcquireContextA
CryptMsgGetParam
SetMapMode
TextOutW
CreateFontIndirectW
CreatePen
GetTextMetricsA
AnimatePalette
GetROP2
GetBrushOrgEx
GdiGetBatchLimit
SetMapperFlags
GetCharWidthI
AngleArc
GdiAlphaBlend
RealizePalette
ExtFloodFill
GetGraphicsMode
GetEnhMetaFileBits
GetDCOrgEx
GetFontLanguageInfo
GetCharWidth32W
SetWindowExtEx
CreateSolidBrush
SetBkColor
StartDocW
CheckColorsInGamut
GetStdHandle
GetDriveTypeW
FileTimeToSystemTime
WaitForSingleObject
CreateTapePartition
GetFileAttributesW
GetLocalTime
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
FileTimeToDosDateTime
GetConsoleMode
GetLocaleInfoA
SetErrorMode
FreeEnvironmentStringsW
GetLocaleInfoW
SetStdHandle
GetCPInfo
GetProcAddress
GetStringTypeA
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
GetOEMCP
LocalFree
FormatMessageW
ResumeThread
InitializeCriticalSection
GetLogicalDriveStringsW
FindClose
InterlockedDecrement
QueryDosDeviceW
SetFileAttributesW
QueueUserWorkItem
GetEnvironmentVariableW
SetLastError
PeekNamedPipe
DeviceIoControl
GetModuleFileNameW
IsDebuggerPresent
HeapAlloc
GetModuleFileNameA
HeapSetInformation
SetThreadPriority
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
SystemTimeToTzSpecificLocalTime
SetFilePointerEx
GetModuleHandleA
CreateThread
SetEnvironmentVariableW
MoveFileExW
GetSystemDirectoryW
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
ExitThread
SetEnvironmentVariableA
GlobalMemoryStatus
GetVersion
SetCurrentDirectoryW
VirtualQuery
LocalFileTimeToFileTime
GetDiskFreeSpaceExW
SetEndOfFile
GetCurrentThreadId
LeaveCriticalSection
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
GetSystemTime
SetHandleCount
LoadLibraryW
GetExitCodeProcess
QueryPerformanceCounter
CreateJobSet
GetTickCount
TlsAlloc
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetStartupInfoA
OpenProcess
GetWindowsDirectoryA
GetStartupInfoW
ReadProcessMemory
SetEvent
DeleteFileW
WaitForMultipleObjects
GetProcessHeap
GetComputerNameW
CompareStringW
RemoveDirectoryW
ExpandEnvironmentStringsW
FindNextFileW
CreateDirectoryW
ResetEvent
FindFirstFileW
TerminateProcess
DuplicateHandle
ExpandEnvironmentStringsA
GetTimeZoneInformation
CreateFileW
CreateEventA
GetFileType
TlsSetValue
CreateFileA
ExitProcess
InterlockedIncrement
GetLastError
DosDateTimeToFileTime
LCMapStringW
GetSystemInfo
lstrlenA
GlobalFree
GetConsoleCP
LCMapStringA
GetEnvironmentStringsW
GlobalAlloc
lstrlenW
WinExec
CreateProcessW
OpenFile
FileTimeToLocalFileTime
GetEnvironmentStrings
GetCurrentDirectoryW
GetCurrentProcessId
SetFileTime
GetCommandLineW
WideCharToMultiByte
HeapSize
GetCommandLineA
RaiseException
MapViewOfFile
TlsFree
SetFilePointer
ReadFile
CloseHandle
lstrcpynA
GetACP
GetModuleHandleW
IsValidCodePage
HeapCreate
VirtualFree
Sleep
VirtualAlloc
SHBrowseForFolderW
SHGetPathFromIDListW
ShellExecuteA
SHGetFileInfoW
SHGetMalloc
CommandLineToArgvW
GetCaretBlinkTime
GetUserObjectInformationW
CopyAcceleratorTableW
GetScrollRange
EndDialog
SetClassLongW
GetScrollPos
PostQuitMessage
GetMessagePos
GetClipboardData
GetWindowThreadProcessId
SetWindowLongW
SetScrollRange
AppendMenuA
GetKBCodePage
CharUpperW
DialogBoxParamW
GetNextDlgTabItem
IsGUIThread
RegisterShellHookWindow
DialogBoxParamA
GetWindow
PostMessageW
MessageBoxW
GetInputState
DrawCaption
SystemParametersInfoA
CreatePopupMenu
SendMessageW
GetTopWindow
SendMessageA
LoadStringW
SetWindowTextW
CloseWindow
GetKeyboardLayoutList
DrawMenuBar
BringWindowToTop
MoveWindow
IsIconic
OemToCharA
GetMenuContextHelpId
LoadImageA
GetSystemMenu
GetWindowLongW
GetDlgItem
NotifyWinEvent
GetAncestor
CharToOemA
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW
ReleaseStgMedium
OleTranslateAccelerator
CreateOleAdviseHolder
Number of PE resources by type
RT_STRING 18
RT_MANIFEST 1
Number of PE resources by language
POLISH DEFAULT 18
ARABIC EGYPT 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2015:11:24 09:21:58+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
142848

LinkerVersion
9.0

EntryPoint
0x186d2

InitializedDataSize
151040

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
0

File identification
MD5 06c1c0a6d5482b93737f9ce250161b82
SHA1 4b0d75059cb201819e076a6deff4f819973a6627
SHA256 983d40eed31734cffa2324f1e4221207a322669005f134a32d21e5e62fc5f43a
ssdeep
6144:l0Bkt2+7tcWqdMxFUTeaNoksZjW/krL2cciMhpMmI:l0e2tWGMx+SaN8W8rLFrNmI

authentihash b2ae1450e832c3c075d5c8cba25e7f15e83b240675c11309e1d6e237296b9880
imphash 3ea64473886f21cddec758741a4b75c0
File size 288.0 KB ( 294912 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.4%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2015-11-24 09:56:33 UTC ( 3 years, 5 months ago )
Last submission 2016-12-16 11:15:36 UTC ( 2 years, 5 months ago )
File names 4dgrgdg.exe
4dgrgdg[1].exe.2184.dr
4dgrgdg_exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Code injections in the following processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
DNS requests
TCP connections