× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 987e762df444c746f82ff47f21382878764fc1c832f45d75e103cfe9baa398af
File name: b349db29750e8a621fc780eefb7d7e04
Detection ratio: 49 / 57
Analysis date: 2016-05-26 00:09:52 UTC ( 1 year, 11 months ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Kazy.290212 20160526
AegisLab Backdoor.W32.Simda.qdl!c 20160525
AhnLab-V3 Backdoor/Win32.Simda 20160525
ALYac Gen:Variant.Kazy.290212 20160525
Antiy-AVL Trojan[Backdoor]/Win32.Simda 20160525
Arcabit Trojan.Kazy.D46DA4 20160525
Avast Win32:Crypt-OYO [Trj] 20160525
AVG Crypt.BPRB 20160525
Avira (no cloud) TR/Crypt.XPACK.Gen 20160526
AVware Backdoor.Win32.Simda.b (v) 20160525
Baidu Win32.Trojan.WisdomEyes.151026.9950.9999 20160525
BitDefender Gen:Variant.Kazy.290212 20160525
Bkav HW32.Packed.6938 20160525
CAT-QuickHeal Backdoor.Simda.Gen 20160525
Comodo Backdoor.Win32.Simda.QAN 20160525
Cyren W32/Simda.T.gen!Eldorado 20160526
DrWeb Trojan.Rodricter.21 20160526
Emsisoft Gen:Variant.Kazy.290212 (B) 20160525
ESET-NOD32 Win32/Simda.B 20160525
F-Prot W32/Simda.T.gen!Eldorado 20160526
F-Secure Gen:Variant.Kazy.290212 20160525
Fortinet W32/Simda.B!tr 20160526
GData Gen:Variant.Kazy.290212 20160526
Ikarus Backdoor.Win32.Simda 20160525
Jiangmin Backdoor/Simda.re 20160526
K7AntiVirus Backdoor ( 0040f53a1 ) 20160525
K7GW Backdoor ( 0040f53a1 ) 20160525
Kaspersky HEUR:Trojan.Win32.Generic 20160525
Kingsoft Win32.Troj.Undef.(kcloud) 20160526
McAfee BackDoor-FAMP!B349DB29750E 20160526
McAfee-GW-Edition BehavesLike.Win32.Backdoor.jc 20160526
Microsoft Backdoor:Win32/Simda.A 20160525
eScan Gen:Variant.Kazy.290212 20160526
NANO-Antivirus Trojan.Win32.Simda.brmmuo 20160525
nProtect Backdoor/W32.Simda.714752.B 20160525
Panda Trj/Genetic.gen 20160525
Qihoo-360 HEUR/Malware.QVM19.Gen 20160526
Rising Malware.Generic!jvp4oGkpTnB@4 (Thunder) 20160526
Sophos AV Mal/Encpk-ADD 20160526
SUPERAntiSpyware Trojan.Agent/Gen-Simda 20160525
Symantec Trojan.FakeAV 20160525
Tencent Win32.Backdoor.Simda.cpxh 20160526
TheHacker Trojan/Simda.b 20160526
TrendMicro TROJ_AGENT_054314.TOMB 20160526
TrendMicro-HouseCall TROJ_AGENT_054314.TOMB 20160526
VBA32 SScope.Trojan.Simda.01718 20160525
VIPRE Backdoor.Win32.Simda.b (v) 20160525
Yandex Backdoor.Simda!SXlKVSU8q8c 20160525
Zillya Backdoor.Simda.Win32.511 20160525
Alibaba 20160525
Baidu-International 20160525
ClamAV 20160525
CMC 20160523
Malwarebytes 20160525
TotalDefense 20160526
ViRobot 20160525
Zoner 20160525
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2009-07-01 21:43:39
Entry Point 0x000188DB
Number of sections 7
PE sections
PE imports
GetTokenInformation
SetKernelObjectSecurity
RegNotifyChangeKeyValue
CryptDecrypt
GetKernelObjectSecurity
GetSecurityDescriptorGroup
MakeSelfRelativeSD
ElfDeregisterEventSource
EqualDomainSid
RegSetValueExA
InstallApplication
GetSecurityDescriptorOwner
IsWellKnownSid
RegCreateKeyExA
LookupPrivilegeValueW
CryptContextAddRef
TraceMessage
CreateProcessAsUserW
SetFileAttributesA
FindCloseChangeNotification
WritePrivateProfileStringA
WaitForDebugEvent
Process32First
ExpandEnvironmentStringsA
GetCurrentDirectoryA
GetCommProperties
WriteFileEx
GetCommMask
lstrcmpW
GetConsoleWindow
VirtualAlloc
SetInformationJobObject
GetPrivateProfileStructW
acmFormatDetailsW
acmStreamClose
acmStreamOpen
acmDriverEnum
acmStreamUnprepareHeader
acmDriverClose
acmFormatSuggest
acmFormatChooseW
acmStreamPrepareHeader
acmDriverOpen
acmMetrics
acmFormatTagDetailsW
acmStreamConvert
acmStreamSize
acmGetVersion
lineGetTranslateCapsW
lineNegotiateExtVersion
lineMakeCallA
lineGetDevCaps
lineInitializeExA
lineConfigDialogW
lineAccept
lineDrop
lineOpen
lineGetID
lineSetCurrentLocation
lineSetStatusMessages
lineMakeCall
lineGetIDA
lineInitializeExW
lineClose
lineGetCountryW
lineSetDevConfigA
lineOpenA
lineTranslateDialogW
lineGetAddressCapsA
TAPIWndProc
lineInitialize
lineGetDevCapsA
lineGetDevConfigA
Number of PE resources by type
RT_ICON 2
RT_GROUP_ICON 1
Number of PE resources by language
RUSSIAN 3
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2009:07:01 22:43:39+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
159744

LinkerVersion
4.1

FileTypeExtension
exe

InitializedDataSize
539648

SubsystemVersion
4.1

EntryPoint
0x188db

OSVersion
4.1

ImageVersion
4.1

UninitializedDataSize
0

File identification
MD5 b349db29750e8a621fc780eefb7d7e04
SHA1 ddc677244fce656f348bb77b5bd71b1ae22c90f6
SHA256 987e762df444c746f82ff47f21382878764fc1c832f45d75e103cfe9baa398af
ssdeep
12288:nqpDpKD3QH5pwMwktr5NE+yHko71f6hIehY876GMNlUjk6BeMXEvI57oZrjwsxIk:q5UbEtrHgH31GI67WB6cM0v4UdjTI

authentihash ec3c1de8e92fd77fdf5a4a6092e300617311d89c77e82bddb02306d84092b164
imphash b7b87259ce80d776782cfa35f8c672d3
File size 698.0 KB ( 714752 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable (generic) (52.9%)
Generic Win/DOS Executable (23.5%)
DOS Executable Generic (23.5%)
Tags
peexe

VirusTotal metadata
First submission 2013-03-12 07:10:07 UTC ( 5 years, 1 month ago )
Last submission 2016-05-26 00:09:52 UTC ( 1 year, 11 months ago )
File names calc.exe
b349db29750e8a621fc780eefb7d7e04
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
UDP communications