× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 9f5d3033392671e5b545461fb90370ff2f40d2378b8029a0022aa95c187b656d
File name: BSRZdQR.exe
Detection ratio: 3 / 42
Analysis date: 2012-08-14 12:10:12 UTC ( 6 years, 7 months ago ) View latest
Antivirus Result Update
AntiVir TR/Crypt.XPACK.Gen 20120813
McAfee-GW-Edition Heuristic.LooksLike.Win32.Suspicious.B 20120813
Panda Suspicious file 20120813
AhnLab-V3 20120813
Antiy-AVL 20120813
Avast 20120813
AVG 20120813
BitDefender 20120813
ByteHero 20120723
CAT-QuickHeal 20120813
ClamAV 20120813
Commtouch 20120813
Comodo 20120813
DrWeb 20120813
Emsisoft 20120813
eSafe 20120813
ESET-NOD32 20120813
F-Prot 20120813
F-Secure 20120813
Fortinet 20120813
GData 20120814
Ikarus 20120813
Jiangmin 20120813
K7AntiVirus 20120813
Kaspersky 20120813
McAfee 20120814
Microsoft 20120814
Norman 20120813
nProtect 20120813
PCTools 20120813
Rising 20120813
Sophos AV 20120813
SUPERAntiSpyware 20120811
Symantec 20120813
TheHacker 20120813
TotalDefense 20120814
TrendMicro 20120814
TrendMicro-HouseCall 20120814
VBA32 20120813
VIPRE 20120813
ViRobot 20120813
VirusBuster 20120813
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-08-14 07:56:48
Entry Point 0x000061CD
Number of sections 5
PE sections
Overlays
MD5 709c4320a35c2b745887f98546dd2fb7
File type data
Offset 313344
Size 1025
Entropy 4.76
PE imports
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
SetHandleCount
GetModuleFileNameW
GetOEMCP
QueryPerformanceCounter
IsDebuggerPresent
ExitProcess
TlsAlloc
GetEnvironmentStringsW
GetModuleFileNameA
RtlUnwind
IsProcessorFeaturePresent
HeapSetInformation
GetCurrentProcess
GetStringTypeW
GetCurrentProcessId
GetCPInfo
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
GetStartupInfoW
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
EncodePointer
HeapSize
WideCharToMultiByte
LoadLibraryW
TlsFree
GetModuleHandleA
DeleteCriticalSection
SetUnhandledExceptionFilter
WriteFile
GetSystemTimeAsFileTime
GetACP
HeapReAlloc
DecodePointer
GetModuleHandleW
HeapAlloc
TerminateProcess
IsValidCodePage
HeapCreate
VirtualFree
TlsGetValue
Sleep
GetFileType
TlsSetValue
GetTickCount
GetCurrentThreadId
LeaveCriticalSection
VirtualAlloc
SetLastError
InterlockedIncrement
SystemParametersInfoA
MapWindowPoints
GetMessagePos
SetWindowRgn
DestroyMenu
PostQuitMessage
GetForegroundWindow
LoadBitmapA
SetWindowPos
OemToCharBuffA
DispatchMessageA
EndPaint
ScrollWindowEx
WindowFromPoint
DrawIcon
SetActiveWindow
GetDC
GetCursorPos
ReleaseDC
GetClassInfoA
SendMessageW
UnregisterClassA
SendMessageA
GetClientRect
DrawTextW
SetScrollPos
CallNextHookEx
ClientToScreen
GetActiveWindow
ShowCursor
MsgWaitForMultipleObjects
ScrollWindow
GetWindowTextA
PtInRect
GetMessageA
GetParent
UpdateWindow
SetPropA
EqualRect
EnumWindows
DefMDIChildProcA
ShowWindow
GetPropA
GetDesktopWindow
DestroyIcon
TranslateMDISysAccel
EnableWindow
SetWindowPlacement
PeekMessageA
TranslateMessage
IsWindowEnabled
GetWindow
InsertMenuItemA
CreatePopupMenu
GetIconInfo
LoadStringA
IsZoomed
GetWindowPlacement
GetWindowRgn
DrawMenuBar
IsWindow
IsIconic
RegisterClassA
GetMenuItemCount
GetWindowLongA
SetTimer
OemToCharA
ShowOwnedPopups
FillRect
EnumThreadWindows
WaitForInputIdle
CreateMenu
DestroyWindow
IsDialogMessageA
SetFocus
SendNotifyMessageA
MapVirtualKeyA
SetCapture
BeginPaint
OffsetRect
GetScrollPos
KillTimer
RegisterWindowMessageA
DefWindowProcA
DrawFocusRect
GetSystemMetrics
SetWindowLongW
GetWindowRect
InflateRect
PostMessageA
ReleaseCapture
CreateWindowExA
SetWindowLongA
RemovePropA
SetWindowTextA
CheckMenuItem
GetSubMenu
GetLastActivePopup
DrawIconEx
GetDCEx
BringWindowToTop
AppendMenuA
ScreenToClient
InsertMenuA
LoadCursorA
LoadIconA
TrackPopupMenu
SetWindowsHookExA
GetMenuStringA
GetMenuState
GetSystemMenu
SetForegroundWindow
ExitWindowsEx
DrawTextA
IntersectRect
CreateIcon
GetCapture
WaitMessage
FindWindowA
MessageBeep
RemoveMenu
GetWindowThreadProcessId
GetMenu
DrawFrameControl
UnhookWindowsHookEx
SetRectEmpty
CallWindowProcA
MessageBoxA
DestroyCursor
GetSysColor
SetScrollInfo
GetKeyState
SystemParametersInfoA
EnableMenuItem
GetKeyNameTextA
IsWindowVisible
SetMenu
WinHelpA
FrameRect
SetRect
DeleteMenu
InvalidateRect
DefFrameProcA
SendMessageTimeoutA
CallWindowProcW
GetClassInfoW
IsRectEmpty
GetCursor
GetFocus
ReplyMessage
SetCursor
Number of PE resources by type
RT_GROUP_CURSOR 1
RT_BITMAP 1
RT_CURSOR 1
RT_MANIFEST 1
Number of PE resources by language
RUSSIAN 2
ENGLISH US 2
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

SubsystemVersion
5.1

MachineType
Intel 386 or later, and compatibles

TimeStamp
2012:08:14 09:56:48+02:00

FileType
Win32 EXE

PEType
PE32

CodeSize
39936

LinkerVersion
10.0

FileTypeExtension
exe

InitializedDataSize
268288

ImageFileCharacteristics
Executable, 32-bit

EntryPoint
0x61cd

OSVersion
5.1

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 f4a01eb1739624041556980d0c80b82b
SHA1 e325aec4539dd69b727db5c21febf5932e47a808
SHA256 9f5d3033392671e5b545461fb90370ff2f40d2378b8029a0022aa95c187b656d
ssdeep
6144:mTfzkT72Y0SGzinYKTY1SQshfRPVQe1MZkIYSccr7wbstOsPECYeixlYGicM:mTr47SSBYsY1UMqMZJYSN7wbstOs8fvW

authentihash 0a5427cc6aae2e07f69b34fd8933475de48c7a5656f1648380ad8652639bf77b
imphash 28e07a4982e806c698eacfcc6aef9805
File size 307.0 KB ( 314369 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe overlay

VirusTotal metadata
First submission 2012-08-14 12:10:12 UTC ( 6 years, 7 months ago )
Last submission 2019-01-31 19:35:32 UTC ( 1 month, 2 weeks ago )
File names 314369_f4a01eb1739624041556980d0c80b82b.exe
file-4371918_
21388_D5TPTF.exe.dat
aa
lPg1aTS.chm
file
2L97.xdp
BSRZdQR.exe
9f5d3033392671e5b545461fb90370ff2f40d2378b8029a0022aa95c187b656d.bin
f4a01eb1739624041556980d0c80b82b.virus
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Set keys
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
Additional details
The file uses the IsDebuggerPresent Windows API function in order to see whether it is being debugged.
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
TCP connections
UDP communications