× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 9b3ec0f9a079a1954dbadbe6a0f5ac0a628732748c46f04bbe014b22a91e42ec
File name: str.exe
Detection ratio: 27 / 50
Analysis date: 2014-03-24 09:10:53 UTC ( 3 years, 1 month ago ) View latest
Antivirus Result Update
AntiVir TR/Crypt.FKM.Gen 20140324
AVG SHeur4.BSQO 20140324
Baidu-International Trojan.Win32.Banker.OW 20140324
Bkav HW32.CDB.44b3 20140322
CMC Trojan.Win32.Krap.1!O 20140319
Commtouch W32/SysVenFak.B.gen!Eldorado 20140324
DrWeb Trojan.Click3.6101 20140324
ESET-NOD32 a variant of Win32/Qhost.Banker.OW 20140324
F-Prot W32/SysVenFak.B.gen!Eldorado 20140324
Fortinet W32/OnLineGames.AJN!tr 20140324
Ikarus Backdoor.Win32.FlyAgent 20140324
K7AntiVirus Trojan ( 00361abb1 ) 20140321
K7GW Trojan ( 00361abb1 ) 20140321
Kaspersky Trojan-Banker.Win32.Qhost.adcc 20140324
McAfee Flyagent 20140324
McAfee-GW-Edition Heuristic.LooksLike.Win32.SuspiciousPE.C 20140324
Microsoft TrojanProxy:Win32/Potukorp.A 20140324
Norman Troj_Generic.TDLLW 20140324
Panda Trj/CI.A 20140323
Qihoo-360 Malware.QVM18.Gen 20140324
Rising PE:Packer.Win32.Agent.f!1075136883 20140324
Sophos Mal/Behav-160 20140324
Symantec Suspicious.BredoLab 20140324
TrendMicro Cryp_Xin1 20140324
TrendMicro-HouseCall TROJ_GEN.F47V0323 20140324
VIPRE Trojan.Win32.Generic!BT 20140324
ViRobot Trojan.Win32.S.Agent.29184.BD 20140324
Ad-Aware 20140324
Yandex 20140323
AhnLab-V3 20140323
Antiy-AVL 20140324
Avast 20140324
BitDefender 20140324
ByteHero 20140324
CAT-QuickHeal 20140324
ClamAV 20140324
Comodo 20140324
Emsisoft 20140324
F-Secure 20140323
GData 20140324
Jiangmin 20140324
Kingsoft 20140324
Malwarebytes 20140324
eScan 20140324
NANO-Antivirus 20140324
nProtect 20140323
SUPERAntiSpyware 20140323
TheHacker 20140323
TotalDefense 20140324
VBA32 20140321
The file being studied is a Portable Executable file! More specifically, it is a DOS EXE file.
FileVersionInfo properties
Copyright
(C) Microsoft Corporation. All rights reserved.

Product Microsoft(R) Connection Manager
Original name CMDL32.EXE
Internal name CMDL32
File version 7.02.2600.5512 (xpsp.080413-0852)
Description Microsoft Connection Manager Auto-Download
Packers identified
Command PE-Crypt.CF, PecBundle, PECompact
F-PROT PECompact, PE-Crypt.CF, PecBundle
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Entry Point 0x0002602C
Number of sections 4
PE sections
PE imports
VirtualFree
LoadLibraryA
VirtualAlloc
GetProcAddress
Number of PE resources by type
RT_ICON 1
RT_STRING 1
RT_DIALOG 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
CHINESE SIMPLIFIED 5
PE resources
ExifTool file metadata
FileAccessDate
2015:01:26 13:11:26+01:00

FileCreateDate
2015:01:26 13:11:26+01:00

File identification
MD5 cba7742b3016aa4aa037a191ea93b4e6
SHA1 c02a35c0ad408e4417d409a27225f7367ad6ed5a
SHA256 9b3ec0f9a079a1954dbadbe6a0f5ac0a628732748c46f04bbe014b22a91e42ec
ssdeep
768:CrOm9CCdDYwqVoAFJRZjabIiV0j36j4B9:ClrDgJrmbIiKj3l

authentihash 7bc3cbb8e63482dbf7bc35a2973820ba693444bd7cbe59b00f2e989147465cfa
imphash 09d0478591d4f788cb3e5ea416c25237
File size 28.5 KB ( 29184 bytes )
File type DOS EXE
Magic literal
MS-DOS executable

TrID Win32 Executable (generic) (42.5%)
DOS Executable Borland Pascal 7.0x (19.2%)
Generic Win/DOS Executable (18.8%)
DOS Executable Generic (18.8%)
VXD Driver (0.2%)
Tags
pecompact mz

VirusTotal metadata
First submission 2014-03-23 15:49:21 UTC ( 3 years, 1 month ago )
Last submission 2014-03-25 13:30:39 UTC ( 3 years, 1 month ago )
File names 23350117
CMDL32.EXE
str.exe
str.exe
str.exe_
CMDL32
output.23350117.txt
Advanced heuristic and reputation engines
TrendMicro-HouseCall
TrendMicro's heuristic engine has flagged this file as: Suspicious_GEN.F47V0426.

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Moved files
Deleted files
Created processes
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Runtime DLLs
Additional details
The file uses the IsDebuggerPresent Windows API function in order to see whether it is being debugged.
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
HTTP requests
DNS requests
TCP connections