× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 994346405c3709deb6c7379e7d2748c78e210a056d9a4d7020108d16c6f2db06
File name: malware.exe
Detection ratio: 3 / 56
Analysis date: 2016-03-17 09:50:58 UTC ( 3 years, 2 months ago ) View latest
Antivirus Result Update
Bkav HW32.Packed.621E 20160316
Qihoo-360 HEUR/QVM07.1.0000.Malware.Gen 20160317
Rising PE:Malware.XPACK-HIE/Heur!1.9C48 [F] 20160317
Ad-Aware 20160317
AegisLab 20160317
Yandex 20160316
AhnLab-V3 20160316
Alibaba 20160317
ALYac 20160317
Antiy-AVL 20160317
Arcabit 20160317
Avast 20160317
AVG 20160317
Avira (no cloud) 20160317
AVware 20160317
Baidu 20160317
Baidu-International 20160316
BitDefender 20160317
ByteHero 20160317
CAT-QuickHeal 20160317
ClamAV 20160311
CMC 20160316
Comodo 20160317
Cyren 20160317
DrWeb 20160317
Emsisoft 20160317
ESET-NOD32 20160317
F-Prot 20160317
F-Secure 20160317
Fortinet 20160317
GData 20160317
Ikarus 20160317
Jiangmin 20160317
K7AntiVirus 20160317
K7GW 20160317
Kaspersky 20160317
Malwarebytes 20160317
McAfee 20160317
McAfee-GW-Edition 20160317
Microsoft 20160316
eScan 20160317
NANO-Antivirus 20160317
nProtect 20160316
Panda 20160316
Sophos AV 20160317
SUPERAntiSpyware 20160317
Symantec 20160317
Tencent 20160317
TheHacker 20160315
TrendMicro 20160317
TrendMicro-HouseCall 20160317
VBA32 20160316
VIPRE 20160316
ViRobot 20160317
Zillya 20160316
Zoner 20160317
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2004-10-29 06:31:19
Entry Point 0x00023D5C
Number of sections 4
PE sections
PE imports
RegCreateKeyExW
SetSecurityDescriptorOwner
LsaFreeMemory
RevertToSelf
RegCreateKeyA
RegisterEventSourceA
LsaQueryInformationPolicy
RegQueryValueA
GetSidIdentifierAuthority
DeleteService
RegConnectRegistryA
StartServiceA
RegRestoreKeyW
LookupAccountNameW
RegOpenKeyExA
CloseServiceHandle
GetKernelObjectSecurity
RegisterServiceCtrlHandlerA
RegCreateKeyExA
Ord(3)
PropertySheetA
ImageList_SetBkColor
ImageList_GetIcon
PropertySheetW
Ord(17)
ImageList_DragLeave
ImageList_Remove
ImageList_Merge
ImageList_DrawEx
FlatSB_ShowScrollBar
ImageList_AddMasked
ImageList_GetIconSize
Ord(6)
ImageList_GetBkColor
Ord(4)
InitializeFlatSB
FlatSB_EnableScrollBar
CreatePropertySheetPageW
ImageList_SetImageCount
ImageList_Create
Ord(16)
Ord(14)
Ord(8)
ImageList_EndDrag
CreateICA
GetWindowOrgEx
RectVisible
GetRgnBox
GetTextColor
SetPixelV
GetObjectType
GetLastError
GetModuleHandleA
SleepEx
GetUserDefaultLangID
VarUdateFromDate
OleLoadPictureFileEx
VarCyAbs
VarDecFromStr
VarI2FromR8
VarR4FromI2
LPSAFEARRAY_UserUnmarshal
SafeArrayCreate
VarUI1FromCy
VarCyFromI4
DispInvoke
VarI1FromCy
VarUI1FromStr
VarEqv
VarDateFromBool
VarBoolFromR8
VarI1FromDec
VarDecCmp
BSTR_UserMarshal
VarDateFromI1
VarCyRound
SafeArrayPtrOfIndex
VarR8Round
VarI2FromUI1
VarDateFromR8
LHashValOfNameSysA
VarUI4FromI1
VarUI4FromI2
VarCyFromUI2
VarI1FromUI1
VarDecSub
VarDateFromI2
VarDecFromCy
VarDateFromI4
VarNeg
VarR8FromUI1
GetRecordInfoFromTypeInfo
LHashValOfNameSys
VarMonthName
SafeArrayLock
OleLoadPicturePath
VARIANT_UserFree
VarR4CmpR8
VarR8FromDate
VarUI4FromDisp
VarUI2FromDec
SafeArrayDestroyDescriptor
VarUI4FromDate
DosDateTimeToVariantTime
SafeArraySetRecordInfo
VarPow
VarAnd
VarBstrFromBool
VarCyFromStr
SafeArrayGetElemsize
VarR4FromUI2
VarI4FromUI2
BSTR_UserSize
DispGetIDsOfNames
VarUI4FromCy
VarAdd
VarDecDiv
VarCyCmpR8
VarUI4FromUI2
LPSAFEARRAY_UserSize
VarParseNumFromStr
VarFormatPercent
VarDecInt
SysReAllocStringLen
VarDecFromR4
VARIANT_UserUnmarshal
VarI1FromStr
VarI4FromDec
VarUI4FromR4
VarCyInt
VarFormatFromTokens
SafeArraySetIID
VarUI2FromCy
VarBstrFromR8
Number of PE resources by type
RT_ICON 8
RT_GROUP_ICON 8
RT_DIALOG 7
RT_MENU 5
RT_ACCELERATOR 1
RT_BITMAP 1
RT_VERSION 1
Number of PE resources by language
TATAR DEFAULT 31
PE resources
ExifTool file metadata
SubsystemVersion
4.0

InitializedDataSize
212992

ImageVersion
0.0

FileVersionNumber
0.95.94.84

UninitializedDataSize
0

LanguageCode
Neutral

FileFlagsMask
0x003f

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

CharacterSet
Unicode

LinkerVersion
8.0

FileTypeExtension
exe

OriginalFileName
Miscellanies.exe

MIMEType
application/octet-stream

Subsystem
Windows command line

FileVersion
192, 117, 116, 18

TimeStamp
2004:10:29 07:31:19+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Extrema

ProductVersion
238, 192, 89, 71

FileDescription
Factories

OSVersion
4.0

FileOS
Windows NT 32-bit

LegalCopyright
Copyright 2015

MachineType
Intel 386 or later, and compatibles

CompanyName
Berkeley Data Systems

CodeSize
143360

FileSubtype
0

ProductVersionNumber
0.171.71.16

EntryPoint
0x23d5c

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 50b2dccf38eaf71c37d622f04cd0cd64
SHA1 647316fe25bff6a1f3f4aff384908812f14df15a
SHA256 994346405c3709deb6c7379e7d2748c78e210a056d9a4d7020108d16c6f2db06
ssdeep
6144:KqKyLkXv1CHx36kJ7OtuRy35pHPi2mrfLqDHyo:xkXv1CHkkJ7OtGE5NPi2mqzyo

authentihash e5667bdd3512c4248d4d43ef11fba594125c090be157668514d92ccc61dbd80f
imphash 062537e60cd867075fb149ff81e496fa
File size 244.0 KB ( 249856 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2016-03-17 08:48:22 UTC ( 3 years, 2 months ago )
Last submission 2018-05-08 03:53:19 UTC ( 1 year ago )
File names 4. ojidsfc.exe
crypted120med.exe
dsfjfjvsd.exe
crypted120med.dat
ojidsfc.exe
ojidsfc.exe
malware.exe
ojidsfc.exe.16420829
Malware_MSEXE_994346405c3709deb6c7379e7d2748c78e210a056d9a4d7020108d16c6f2db06
crypted120med[1].exe
crypted120med_exe
thFEa1L2FR.bmp
Miscellanies.exe
5AnrOa.vcf
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Code injections in the following processes
Terminated processes
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Runtime DLLs
HTTP requests
DNS requests
TCP connections
UDP communications