× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 9ead7d4b5e1cdb6303cee819fad64fe6d9be21f650400f36f666abede0ce0443
File name: BitBtn
Detection ratio: 41 / 55
Analysis date: 2015-10-27 00:23:31 UTC ( 2 years, 6 months ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Symmi.35138 20151027
Yandex Backdoor.Poison!GJFGNU5c6UY 20151026
AhnLab-V3 Backdoor/Win32.Poison 20151027
ALYac Gen:Variant.Symmi.35138 20151027
Antiy-AVL Trojan[Backdoor]/Win32.Poison 20151027
Arcabit Trojan.Symmi.D8942 20151027
Avast Win32:Dropper-gen [Drp] 20151027
AVG PSW.Generic12.IGJ 20151026
AVware Trojan.Win32.Generic!BT 20151027
Baidu-International Backdoor.Win32.Poison.gfxr 20151026
BitDefender Gen:Variant.Symmi.35138 20151027
Bkav HW32.Packed.BDC7 20151026
CAT-QuickHeal TrojanPWS.Zbot.A4 20151027
Comodo TrojWare.Win32.Injector.AOPO 20151027
Cyren W32/Trojan.RCGU-6204 20151027
DrWeb Trojan.DownLoader10.41947 20151027
Emsisoft Gen:Variant.Symmi.35138 (B) 20151027
ESET-NOD32 a variant of Win32/Injector.AQFQ 20151027
F-Secure Gen:Variant.Symmi.35138 20151027
Fortinet W32/Poison.GFXR!tr.bdr 20151026
GData Gen:Variant.Symmi.35138 20151027
Ikarus Virus.Win32.DelfInject 20151027
K7AntiVirus Trojan ( 0048e3361 ) 20151026
K7GW Trojan ( 0048e3361 ) 20151026
Kaspersky Backdoor.Win32.Poison.gfxr 20151027
McAfee Artemis!6827A8009383 20151027
McAfee-GW-Edition BehavesLike.Win32.Downloader.gc 20151027
Microsoft VirTool:Win32/DelfInject 20151027
eScan Gen:Variant.Symmi.35138 20151027
NANO-Antivirus Virus.Win32.Virut-Gen.bwpxnc 20151026
Panda Generic Malware 20151026
Qihoo-360 Win32/Backdoor.d08 20151027
Sophos AV Mal/Generic-S 20151027
Symantec W32.Extrat 20151026
Tencent Win32.Backdoor.Poison.Wnml 20151027
TheHacker Trojan/Injector.aqfq 20151026
TotalDefense Win32/DfInject.SGYdRAC 20151026
TrendMicro BKDR_POISON.BVU 20151027
TrendMicro-HouseCall BKDR_POISON.BVU 20151027
VBA32 Backdoor.Poison 20151026
VIPRE Trojan.Win32.Generic!BT 20151027
AegisLab 20151026
Alibaba 20151027
ByteHero 20151027
ClamAV 20151027
CMC 20151026
F-Prot 20151027
Jiangmin 20151026
Malwarebytes 20151026
nProtect 20151026
Rising 20151026
SUPERAntiSpyware 20151027
ViRobot 20151026
Zillya 20151026
Zoner 20151027
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (C) 2002

Product BitBtn Application
Original name BitBtn.EXE
Internal name BitBtn
File version 1, 0, 0, 1
Description BitBtn MFC Application
Packers identified
PEiD Armadillo v1.71
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-11-03 21:01:34
Entry Point 0x00002130
Number of sections 4
PE sections
PE imports
GetTextExtentPoint32A
GetStartupInfoA
VirtualProtectEx
GetModuleHandleA
Ord(1775)
Ord(4080)
Ord(4710)
Ord(3597)
Ord(3136)
Ord(6375)
Ord(755)
Ord(3798)
Ord(6052)
Ord(3259)
Ord(5290)
Ord(2446)
Ord(5875)
Ord(815)
Ord(641)
Ord(2645)
Ord(4353)
Ord(2514)
Ord(4425)
Ord(5277)
Ord(3574)
Ord(1134)
Ord(4465)
Ord(609)
Ord(5300)
Ord(4627)
Ord(1168)
Ord(3738)
Ord(4853)
Ord(2982)
Ord(2301)
Ord(4234)
Ord(825)
Ord(3081)
Ord(5199)
Ord(5307)
Ord(4441)
Ord(4424)
Ord(540)
Ord(4078)
Ord(2554)
Ord(6376)
Ord(1727)
Ord(2642)
Ord(2379)
Ord(2725)
Ord(3874)
Ord(4998)
Ord(800)
Ord(3749)
Ord(2512)
Ord(470)
Ord(4274)
Ord(5261)
Ord(2859)
Ord(4079)
Ord(1146)
Ord(3147)
Ord(2124)
Ord(2621)
Ord(4284)
Ord(3262)
Ord(1576)
Ord(2754)
Ord(5065)
Ord(4407)
Ord(4275)
Ord(3346)
Ord(2396)
Ord(3831)
Ord(6374)
Ord(5280)
Ord(3825)
Ord(2976)
Ord(1089)
Ord(2985)
Ord(3922)
Ord(4376)
Ord(1776)
Ord(324)
Ord(2567)
Ord(567)
Ord(3830)
Ord(2385)
Ord(3079)
Ord(4396)
Ord(6334)
Ord(2055)
Ord(4837)
Ord(5241)
Ord(2648)
Ord(5714)
Ord(5289)
Ord(4622)
Ord(561)
Ord(2302)
Ord(4486)
Ord(4698)
Ord(5163)
Ord(6055)
Ord(5265)
Ord(4673)
Ord(5302)
Ord(5731)
_except_handler3
__p__fmode
_acmdln
__CxxFrameHandler
_setmbcp
_exit
_adjust_fdiv
__setusermatherr
__dllonexit
_onexit
_controlfp
exit
_XcptFilter
__getmainargs
_initterm
__p__commode
__set_app_type
GetWindowLongA
GetSystemMetrics
GetSysColor
GetClientRect
LoadIconA
DestroyIcon
EnableWindow
DrawIconEx
OffsetRect
CopyRect
SendMessageA
LoadImageA
DrawIcon
IsIconic
Number of PE resources by type
RT_ICON 3
RT_DIALOG 2
RT_STRING 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 8
PE resources
ExifTool file metadata
SubsystemVersion
4.0

InitializedDataSize
28672

ImageVersion
0.0

ProductName
BitBtn Application

FileVersionNumber
1.0.0.1

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

LinkerVersion
6.0

FileTypeExtension
exe

OriginalFileName
BitBtn.EXE

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
1, 0, 0, 1

TimeStamp
2013:11:03 22:01:34+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
BitBtn

ProductVersion
1, 0, 0, 1

FileDescription
BitBtn MFC Application

OSVersion
4.0

FileOS
Win32

LegalCopyright
Copyright (C) 2002

MachineType
Intel 386 or later, and compatibles

CodeSize
8192

FileSubtype
0

ProductVersionNumber
1.0.0.1

EntryPoint
0x2130

ObjectFileType
Executable application

File identification
MD5 6827a80093832f60630b3dad434a1f56
SHA1 c14166b4ad141056088dab8d00627dab0bde9c40
SHA256 9ead7d4b5e1cdb6303cee819fad64fe6d9be21f650400f36f666abede0ce0443
ssdeep
12288:JIF31Hr63zkoOfD/7fd6GT4gXJKS1zUWbkP+2P5JE:J631Hr4ooO7Td6+J1QWoP+2Pk

authentihash 175da120976e99888f27da926c42bae83b9cb06ef8fd9c5ed6394554a25c4edf
imphash a7a871c712dbe38fb11e4c7d686365f0
File size 493.0 KB ( 504832 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe armadillo

VirusTotal metadata
First submission 2013-11-05 08:44:29 UTC ( 4 years, 6 months ago )
Last submission 2013-11-14 16:41:30 UTC ( 4 years, 6 months ago )
File names top.exe
top.exe_
aa
3B57.docm
vti-rescan
BitBtn.EXE
NkfJw4.png
BitBtn
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Opened mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.