× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 9cb2264851f3954b2b4f231997a083681c60933dd177b53b8d8a8844accfd510
File name: 24d1d5c7b28929f52ff50d11a171657e3765fda9
Detection ratio: 9 / 57
Analysis date: 2015-02-23 13:23:56 UTC ( 4 years, 1 month ago )
Antivirus Result Update
AhnLab-V3 Malware/Win32.Generic 20150223
Avira (no cloud) TR/Crypt.EPACK.24328 20150223
ESET-NOD32 a variant of Win32/Kryptik.CZKQ 20150223
Fortinet W32/Kryptik.CAHR!tr 20150223
Malwarebytes Trojan.Agent.ED 20150223
McAfee PWSZbot-FABK!A1344318643D 20150223
McAfee-GW-Edition BehavesLike.Win32.PWSZbot.hz 20150222
Rising PE:Malware.XPACK-LNR/Heur!1.5594 20150222
TrendMicro-HouseCall TROJ_GEN.R02PH06BM15 20150223
Ad-Aware 20150223
AegisLab 20150223
Yandex 20150222
Alibaba 20150223
ALYac 20150223
Antiy-AVL 20150223
Avast 20150223
AVG 20150223
AVware 20150223
Baidu-International 20150223
BitDefender 20150223
Bkav 20150213
ByteHero 20150223
CAT-QuickHeal 20150223
ClamAV 20150223
CMC 20150223
Comodo 20150223
Cyren 20150223
DrWeb 20150223
Emsisoft 20150223
F-Prot 20150223
F-Secure 20150223
GData 20150223
Ikarus 20150223
Jiangmin 20150222
K7AntiVirus 20150223
K7GW 20150223
Kaspersky 20150223
Kingsoft 20150223
Microsoft 20150223
eScan 20150223
NANO-Antivirus 20150223
Norman 20150223
nProtect 20150223
Panda 20150223
Qihoo-360 20150223
Sophos AV 20150223
SUPERAntiSpyware 20150222
Symantec 20150223
Tencent 20150223
TheHacker 20150222
TotalDefense 20150223
TrendMicro 20150223
VBA32 20150220
VIPRE 20150223
ViRobot 20150223
Zillya 20150222
Zoner 20150220
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2005-06-09 12:24:23
Entry Point 0x00001000
Number of sections 10
PE sections
PE imports
GetDIBColorTable
SetMapMode
CreateFontIndirectW
GdiDeleteSpoolFileHandle
SelectBrushLocal
RemoveFontMemResourceEx
GetEnhMetaFilePaletteEntries
GetGlyphOutlineA
CreateMetaFileW
GetBrushOrgEx
CloseMetaFile
TranslateCharsetInfo
CreateColorSpaceW
GetPixelFormat
GetCharWidthI
StartPage
ChoosePixelFormat
SetDIBitsToDevice
CreateDIBSection
GdiSetBatchLimit
EnumFontFamiliesA
ExtFloodFill
GetCurrentObject
PlgBlt
SetAbortProc
CreatePalette
RectVisible
DeleteColorSpace
AbortPath
SetPixelFormat
GetEnhMetaFileBits
ScaleViewportExtEx
CreateFontW
StretchDIBits
PolyBezier
Chord
SetROP2
CreateScalableFontResourceW
GdiPlayDCScript
PolyTextOutA
EnumEnhMetaFile
RemoveFontResourceW
GetKerningPairsA
GetClipRgn
CopyMetaFileA
Number of PE resources by type
RT_BITMAP 1
RT_VERSION 1
Number of PE resources by language
NEUTRAL 1
ENGLISH US 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2005:06:09 13:24:23+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
422912

LinkerVersion
0.0

EntryPoint
0x1000

InitializedDataSize
143360

SubsystemVersion
4.1

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 a1344318643de017dc22c74e7e3fdc72
SHA1 0514666f7399f61a8db17d28c55091d704596780
SHA256 9cb2264851f3954b2b4f231997a083681c60933dd177b53b8d8a8844accfd510
ssdeep
3072:Uj2IgasOTCGwfAm2LLHiFWrJeqNMf4CIER:UaIbsOTxwfhAjiF5qpC7R

authentihash 60ccc1e6c2e4ae50022081252423fa4ba391adc30ac97248668addc4afab046a
imphash 7ba31c4741d221217a9d5ca6c0f37267
File size 563.0 KB ( 576512 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable (generic) (52.7%)
Generic Win/DOS Executable (23.4%)
DOS Executable Generic (23.4%)
VXD Driver (0.3%)
Tags
peexe

VirusTotal metadata
First submission 2015-02-23 13:23:56 UTC ( 4 years, 1 month ago )
Last submission 2015-02-23 13:23:56 UTC ( 4 years, 1 month ago )
File names 24d1d5c7b28929f52ff50d11a171657e3765fda9
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Created mutexes
Opened mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.