× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 9e555c69d0c5870ef25c8ed3c73c4219e6dd846b38980d119855998176a23721
File name: a9d5a9a997954f5421c94ac89d2656cd.kaf
Detection ratio: 2 / 55
Analysis date: 2015-10-29 08:53:02 UTC ( 3 years, 2 months ago ) View latest
Antivirus Result Update
Bkav HW32.Packed.26CE 20151028
Rising PE:Malware.Generic/QRS!1.9E2D [F] 20151028
Ad-Aware 20151029
AegisLab 20151029
Yandex 20151028
AhnLab-V3 20151028
Alibaba 20151029
ALYac 20151029
Antiy-AVL 20151029
Arcabit 20151029
Avast 20151029
AVG 20151029
Avira (no cloud) 20151029
AVware 20151029
Baidu-International 20151028
BitDefender 20151029
ByteHero 20151029
CAT-QuickHeal 20151029
ClamAV 20151029
CMC 20151029
Comodo 20151029
Cyren 20151029
DrWeb 20151029
Emsisoft 20151029
ESET-NOD32 20151029
F-Prot 20151029
F-Secure 20151029
Fortinet 20151029
GData 20151029
Ikarus 20151029
Jiangmin 20151028
K7AntiVirus 20151029
K7GW 20151029
Kaspersky 20151029
Malwarebytes 20151029
McAfee 20151029
McAfee-GW-Edition 20151029
Microsoft 20151029
eScan 20151029
NANO-Antivirus 20151029
nProtect 20151029
Panda 20151028
Qihoo-360 20151029
Sophos AV 20151029
SUPERAntiSpyware 20151028
Symantec 20151028
Tencent 20151029
TheHacker 20151028
TrendMicro 20151029
TrendMicro-HouseCall 20151029
VBA32 20151028
VIPRE 20151029
ViRobot 20151029
Zillya 20151029
Zoner 20151029
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2005-12-03 15:44:44
Entry Point 0x00010537
Number of sections 4
PE sections
PE imports
RegQueryValueA
LsaQueryDomainInformationPolicy
GetPrivateProfileSectionW
lstrcatA
LoadResource
FindResourceW
FreeConsole
GetCurrentThread
_except_handler3
__p__fmode
_acmdln
_exit
__p__commode
__setusermatherr
exit
_XcptFilter
__getmainargs
_initterm
_controlfp
_adjust_fdiv
__set_app_type
SHGetSpecialFolderPathW
SHGetPathFromIDListA
SHAppBarMessage
DragFinish
DragQueryFileA
SetForegroundWindow
GetMessagePos
LoadImageA
DrawTextA
EndDialog
LoadMenuA
SetClassLongW
CreateIconIndirect
GetCapture
KillTimer
SendNotifyMessageW
SetWindowTextA
SetClassLongA
LoadMenuW
FindWindowA
SendDlgItemMessageA
GetSystemMetrics
EnableMenuItem
MessageBoxW
AppendMenuA
GetWindowRect
DispatchMessageA
FrameRect
MoveWindow
GetNextDlgGroupItem
GrayStringA
WindowFromPoint
EnumDisplaySettingsW
CharLowerW
SetWindowLongA
wvsprintfA
SendDlgItemMessageW
GetMessageTime
GetWindow
VkKeyScanW
SetDlgItemTextW
SetScrollInfo
GetKeyState
GetCursorPos
ReleaseDC
SystemParametersInfoA
RemovePropA
GetIconInfo
SendMessageW
SetCursor
InsertMenuA
LoadBitmapW
IsWindowEnabled
SubtractRect
GetMenuItemInfoW
CharLowerBuffA
SetScrollRange
SetScrollPos
ScreenToClient
DeleteMenu
InvalidateRect
LoadAcceleratorsA
GetWindowLongA
GetWindowTextLengthA
GetDCEx
TrackPopupMenu
ShowOwnedPopups
GetActiveWindow
DefDlgProcA
GetWindowTextW
GetDesktopWindow
DialogBoxIndirectParamW
LoadCursorW
GetClassNameA
GetWindowTextLengthW
MsgWaitForMultipleObjects
GetWindowTextA
InvalidateRgn
RegisterClassExA
GetMenu
DestroyWindow
InternetCanonicalizeUrlW
RetrieveUrlCacheEntryFileA
FtpOpenFileW
RetrieveUrlCacheEntryFileW
CreateUrlCacheGroup
InternetGetCookieW
InternetQueryOptionW
HttpAddRequestHeadersA
InternetGetCookieA
InternetQueryOptionA
InternetDial
InternetAttemptConnect
HttpAddRequestHeadersW
UnlockUrlCacheEntryStream
GopherFindFirstFileA
HttpSendRequestExW
GopherGetLocatorTypeW
InternetCheckConnectionW
FtpGetCurrentDirectoryA
InternetSetOptionA
GopherGetAttributeW
FindNextUrlCacheEntryA
FtpGetCurrentDirectoryW
InternetSetOptionW
FindNextUrlCacheEntryW
GopherGetAttributeA
FtpFindFirstFileA
FtpRemoveDirectoryW
FindFirstUrlCacheEntryExW
HttpEndRequestW
InternetUnlockRequestFile
CreateUrlCacheEntryA
FtpOpenFileA
FtpRemoveDirectoryA
FtpFindFirstFileW
CreateUrlCacheEntryW
InternetTimeFromSystemTime
GopherOpenFileA
RetrieveUrlCacheEntryStreamA
GopherOpenFileW
RetrieveUrlCacheEntryStreamW
GopherCreateLocatorW
InternetQueryDataAvailable
InternetCreateUrlW
GopherCreateLocatorA
InternetConfirmZoneCrossing
InternetCreateUrlA
FtpCreateDirectoryA
FindFirstUrlCacheEntryA
FtpCreateDirectoryW
GetUrlCacheEntryInfoExW
FindFirstUrlCacheEntryExA
InternetSetStatusCallback
InternetGetConnectedState
GetUrlCacheEntryInfoExA
HttpSendRequestExA
InternetSetOptionExW
SetUrlCacheEntryInfoW
InternetCloseHandle
InternetGetLastResponseInfoA
InternetSetOptionExA
SetUrlCacheEntryInfoA
InternetLockRequestFile
ReadUrlCacheEntryStream
InternetTimeToSystemTime
InternetReadFile
HttpSendRequestA
FindNextUrlCacheEntryExW
InternetOpenA
HttpSendRequestW
DeleteUrlCacheEntry
InternetOpenW
InternetSetCookieA
InternetGoOnline
InternetSetCookieW
InternetHangUp
InternetErrorDlg
SetUrlCacheEntryGroup
HttpOpenRequestW
GetUrlCacheEntryInfoA
InternetReadFileExA
InternetConnectW
FtpRenameFileA
InternetWriteFile
FtpDeleteFileW
InternetConnectA
GetUrlCacheEntryInfoW
FtpDeleteFileA
FtpRenameFileW
InternetAutodial
HttpQueryInfoW
InternetFindNextFileW
FtpSetCurrentDirectoryA
CommitUrlCacheEntryW
InternetFindNextFileA
HttpQueryInfoA
InternetSetFilePointer
FtpSetCurrentDirectoryW
InternetOpenUrlA
FtpPutFileA
InternetCrackUrlW
InternetAutodialHangup
InternetOpenUrlW
InternetCrackUrlA
Number of PE resources by type
RT_ACCELERATOR 7
RT_ICON 2
RT_GROUP_ICON 2
hFt08M0885 1
sa366X6 1
P02me707S 1
H567A7d8wS 1
FyCX2oelg 1
a0fFSFd 1
WxBmI7h10c 1
n0s48 1
b0da03580U 1
vpqQ5B 1
n8301KyXL6 1
RT_VERSION 1
ba7pmxF 1
S87A00T8 1
k70GWi 1
RT_HTML 1
RT_MANIFEST 1
G220X 1
V5h65Fyr 1
ChEr647Ft 1
lD7J00B5 1
e82T2UY 1
koy7NmYm8d 1
da55Y08 1
K16T4u2K7 1
wY44AT 1
r3o25h 1
PlS02h7 1
sFoI7v 1
ksxx774 1
R417Kt00 1
A86N3t 1
O41771S3I 1
mI2WnT448 1
J8YM6 1
d78230n2 1
ql00L5a77 1
y41C11hn2H 1
IT17YHa11 1
jH46q63 1
RT_RCDATA 1
K6o48 1
k852QQ 1
uN6v1e 1
GQYN8 1
Lv10UaE 1
xf05ew1Tt3 1
F352g 1
TTTinD00k3 1
xU2eO 1
j1sKT6f2 1
q6LU8o033 1
d0q76 1
Number of PE resources by language
ENGLISH JAMAICA 64
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
6.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
0.248.231.8

UninitializedDataSize
0

LanguageCode
Neutral

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
2547712

EntryPoint
0x10537

OriginalFileName
Diagonalises.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright 2020

FileVersion
242, 216, 147, 184

TimeStamp
2005:12:03 16:44:44+01:00

FileType
Win32 EXE

PEType
PE32

FileDescription
Designated

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
MAUS Software

CodeSize
65536

ProductName
Dreamt Flown

ProductVersionNumber
0.254.23.90

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 a9d5a9a997954f5421c94ac89d2656cd
SHA1 aa1ee044489979c741492883f0dac879f3dedd32
SHA256 9e555c69d0c5870ef25c8ed3c73c4219e6dd846b38980d119855998176a23721
ssdeep
12288:lkV0Uj4uYJW514UksCnK0Mm8zp11UJjx1xq75:20UjKW5jXCK0t8zpsjx1O

authentihash 24dbcf5ae4543b719fd28cb993e084bf96aed0e85fec04cdbaf4d15b3953ff41
imphash 53e64702a9c75d8d393d6b3a5fbe35b0
File size 564.0 KB ( 577536 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2015-10-28 23:46:12 UTC ( 3 years, 2 months ago )
Last submission 2015-10-29 08:53:02 UTC ( 3 years, 2 months ago )
File names a9d5a9a997954f5421c94ac89d2656cd.kaf
tmp3dc5.tmp
Advanced heuristic and reputation engines
TrendMicro-HouseCall
TrendMicro's heuristic engine has flagged this file as: TROJ_GEN.R00JC0EK115.

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened service managers
Runtime DLLs