× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 9bff57a56a0966a5325980e58686e6ad011266e1ac91570abfd983eb2f6ab18d
File name: 4d5847deb1f7c35eec9b539a1b0132c4c4cc90a2
Detection ratio: 31 / 57
Analysis date: 2015-10-15 17:58:59 UTC ( 3 years, 5 months ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Kazy.376753 20151015
Yandex Trojan.Kryptik!A3AFADLxlmY 20151014
AhnLab-V3 Backdoor/Win32.Caphaw 20151015
ALYac Gen:Variant.Kazy.376753 20151015
Antiy-AVL Trojan/Win32.SGeneric 20151015
Arcabit Trojan.Kazy.D5BFB1 20151015
Avast Win32:Malware-gen 20151014
AVG Lebros.GT 20151015
Avira (no cloud) BDS/Caphaw.A.708 20151015
AVware Backdoor.Win32.Caphaw 20151015
BitDefender Gen:Variant.Kazy.376753 20151015
Emsisoft Gen:Variant.Kazy.376753 (B) 20151015
ESET-NOD32 a variant of Win32/Kryptik.CBEG 20151015
F-Secure Gen:Variant.Kazy.376753 20151015
Fortinet W32/Kryptik.CBEG!tr 20151015
GData Gen:Variant.Kazy.376753 20151015
Ikarus Trojan.Lebros 20151015
K7AntiVirus Trojan ( 00499d2b1 ) 20151015
K7GW Trojan ( 00499d2b1 ) 20151015
Kaspersky HEUR:Trojan.Win32.Generic 20151015
Kingsoft Win32.Troj.Yakes.eo.(kcloud) 20151015
McAfee RDN/Generic BackDoor!yi 20151015
McAfee-GW-Edition RDN/Generic BackDoor!yi 20151015
Microsoft Trojan:Win32/Toga!rfn 20151015
eScan Gen:Variant.Kazy.376753 20151015
NANO-Antivirus Trojan.Win32.Caphaw.cybelr 20151015
Panda Trj/Genetic.gen 20151015
Rising PE:Malware.Obscure!1.9C59[F1] 20151015
Sophos AV Mal/Generic-S 20151015
Symantec Backdoor.Trojan 20151014
VIPRE Backdoor.Win32.Caphaw 20151015
AegisLab 20151015
Alibaba 20151015
Baidu-International 20151015
Bkav 20151015
ByteHero 20151015
CAT-QuickHeal 20151015
ClamAV 20151015
CMC 20151014
Comodo 20151015
Cyren 20151015
DrWeb 20151015
F-Prot 20151015
Jiangmin 20151014
Malwarebytes 20151015
nProtect 20151015
Qihoo-360 20151015
SUPERAntiSpyware 20151015
Tencent 20151015
TheHacker 20151012
TotalDefense 20151015
TrendMicro 20151015
TrendMicro-HouseCall 20151015
VBA32 20151014
ViRobot 20151015
Zillya 20151015
Zoner 20151015
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-05-03 05:06:01
Entry Point 0x00006B60
Number of sections 4
PE sections
PE imports
SelectObject
EnumObjects
SaveDC
WaitForSingleObject
IsDebuggerPresent
HeapAlloc
LoadLibraryA
RtlUnwind
lstrlenW
GetCurrentProcess
UnregisterWait
UnhandledExceptionFilter
LoadLibraryExW
GetProcAddress
ExitProcess
GetModuleHandleA
ReadFile
SetUnhandledExceptionFilter
CloseHandle
GetThreadPriority
TerminateProcess
FindCloseChangeNotification
Sleep
GetTickCount
VirtualAlloc
ICSendMessage
VariantClear
EnableWindow
auxGetVolume
CoUninitialize
Number of PE resources by type
RT_BITMAP 2
RT_STRING 1
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
RUSSIAN 4
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
614400

ImageVersion
0.0

FileVersionNumber
1.0.0.1

LanguageCode
Russian

FileFlagsMask
0x0017

CharacterSet
Unicode

LinkerVersion
8.0

EntryPoint
0x6b60

MIMEType
application/octet-stream

TimeStamp
2014:05:03 06:06:01+01:00

FileType
Win32 EXE

PEType
PE32

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
28672

FileSubtype
0

ProductVersionNumber
1.0.0.1

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 7f1a21bff28efc4821a672f78d739edc
SHA1 4d5847deb1f7c35eec9b539a1b0132c4c4cc90a2
SHA256 9bff57a56a0966a5325980e58686e6ad011266e1ac91570abfd983eb2f6ab18d
ssdeep
3072:g2fcgHNxLd1l9ppE0W6WvcbN/U3NEk5yIGXFvoD0WmFCCNLAC:g2fHHNBpHvJ8ZK1wIfCI1

authentihash 9331cb19f9fedb005e9924182db3cdcc7feccc1c1de9dcf5a29213be55e29c06
imphash 5c1ef8e91ef8d6cba041c9a398ae3eed
File size 632.0 KB ( 647168 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (35.8%)
Win64 Executable (generic) (31.7%)
Windows screen saver (15.0%)
Win32 Dynamic Link Library (generic) (7.5%)
Win32 Executable (generic) (5.1%)
Tags
peexe suspicious-dns

VirusTotal metadata
First submission 2015-10-15 17:58:59 UTC ( 3 years, 5 months ago )
Last submission 2015-10-15 17:58:59 UTC ( 3 years, 5 months ago )
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
DNS requests
TCP connections
UDP communications