× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 9956826b77aaa1f0980ce0d0cc08d7785d4cc1314c0afb6cca615c772d6e518e
File name: output.17501128.txt
Detection ratio: 26 / 48
Analysis date: 2013-11-27 10:11:38 UTC ( 4 years, 8 months ago )
Antivirus Result Update
Ad-Aware Gen:Trojan.Heur.Hype.iyW@aOk1jTnc 20131127
AhnLab-V3 Trojan/Win32.Generic 20131126
AntiVir TR/Crypt.XPACK.Gen2 20131127
Avast Win32:LoadMoney-AV [Trj] 20131127
AVG Generic35.AIDB 20131127
Baidu-International Trojan.Win32.StartPage.aT 20131127
BitDefender Gen:Trojan.Heur.Hype.iyW@aOk1jTnc 20131127
Comodo TrojWare.Win32.Kryptik.BNML 20131127
DrWeb Trojan.LoadMoney.227 20131127
Emsisoft Gen:Trojan.Heur.Hype.iyW@aOk1jTnc (B) 20131127
ESET-NOD32 a variant of Win32/Kryptik.BPJH 20131127
F-Secure Gen:Trojan.Heur.Hype.iyW@aOk1jTnc 20131127
Fortinet W32/StartPage.BPJH!tr 20131127
GData Gen:Trojan.Heur.Hype.iyW@aOk1jTnc 20131127
Kaspersky Trojan.Win32.StartPage.cmrw 20131127
Kingsoft Win32.Troj.StartPage.cm.(kcloud) 20130829
Malwarebytes PUP.Optional.LoadMoney 20131127
McAfee PUP-FFE!A59016B60B1F 20131127
eScan Gen:Trojan.Heur.Hype.iyW@aOk1jTnc 20131127
Panda Suspicious file 20131126
Rising PE:PUA.XPACK-HIE!1.9C48 20131127
Sophos AV Troj/LdMon-D 20131127
SUPERAntiSpyware Trojan.Agent/Gen-FakeAlert 20131126
Symantec Suspicious.Cloud.5 20131127
VBA32 Malware-Cryptor.Limpopo 20131127
VIPRE Trojan.Win32.Generic.pak!cobra 20131127
Yandex 20131126
Antiy-AVL 20131126
Bkav 20131127
ByteHero 20131127
CAT-QuickHeal 20131127
ClamAV 20131127
Commtouch 20131127
F-Prot 20131127
Ikarus 20131127
Jiangmin 20131127
K7AntiVirus 20131126
K7GW 20131126
McAfee-GW-Edition 20131127
Microsoft 20131127
NANO-Antivirus 20131127
Norman 20131127
nProtect 20131127
TheHacker 20131127
TotalDefense 20131126
TrendMicro 20131127
TrendMicro-HouseCall 20131127
ViRobot 20131127
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1992-06-19 22:22:17
Entry Point 0x0000100C
Number of sections 6
PE sections
PE imports
MapViewOfFile
SetLocalTime
VerifyVersionInfoW
PeekConsoleInputW
DefWindowProcA
FlashWindow
EnumWindowStationsW
SetUserObjectInformationA
ChooseFontW
CallNamedPipeW
EnterCriticalSection
VerifyConsoleIoHandle
GetLargestConsoleWindowSize
LoadLibraryA
SetDefaultCommConfigW
RtlZeroMemory
GetProcessHeaps
HeapQueryInformation
OpenFileMappingA
LZCreateFileW
WaitForMultipleObjects
GetNumberOfConsoleFonts
GetTimeFormatW
VirtualUnlock
ReadConsoleOutputCharacterW
ExpandEnvironmentStringsA
LocalFileTimeToFileTime
ConsoleMenuControl
MoveFileW
GetVersion
SetLocaleInfoW
CopyFileExW
GetAsyncKeyState
ReleaseDC
EnumDesktopsA
LoadKeyboardLayoutEx
UnregisterClassA
SetWindowPlacement
GetWindowPlacement
SetMenuContextHelpId
RemovePropW
CharUpperBuffW
GetWindow
Number of PE resources by type
RT_ICON 3
RT_GROUP_ICON 1
RT_MANIFEST 1
Number of PE resources by language
RUSSIAN 5
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
1992:06:19 23:22:17+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
100352

LinkerVersion
8.0

EntryPoint
0x100c

InitializedDataSize
24064

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 a59016b60b1f06848967089416dca301
SHA1 69c50aaba5b86d6e623cced9170499fdb728df46
SHA256 9956826b77aaa1f0980ce0d0cc08d7785d4cc1314c0afb6cca615c772d6e518e
ssdeep
3072:cCExbkbji/+cRx3zUk9iyZ/iRgYKKJaVBaaqwbWyPShbAzYhE+LxJhOUvwrhUN9:VExSji/33zHP/z7VzquqlA8h1D

File size 140.5 KB ( 143872 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.3%)
Win32 Executable (generic) (26.2%)
Win16/32 Executable Delphi generic (12.0%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2013-11-27 03:10:03 UTC ( 4 years, 8 months ago )
Last submission 2013-11-27 03:13:13 UTC ( 4 years, 8 months ago )
File names 17501128
output.17501128.txt
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Copied files
Set keys
Created processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
HTTP requests
DNS requests
TCP connections
UDP communications