× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: aa0bbaecb678868e1e7f57c7ca9d61b608b3d788be490790eb1d148beadf4615
File name: 03.tmp
Detection ratio: 52 / 57
Analysis date: 2015-08-27 08:24:37 UTC ( 3 days, 7 hours ago )
Antivirus Result Update
ALYac Worm.Conficker 20150827
AVG I-Worm/Generic.COB 20150827
AVware Trojan.WinNT.Conficker.b (v) 20150827
Ad-Aware Win32.Worm.Conficker.A 20150826
Agnitum Worm.Conficker!L/CdK4RT60g 20150826
AhnLab-V3 Win32/Conficker.worm.4096 20150826
Antiy-AVL Worm[Net]/Win32.Kido 20150827
Arcabit Win32.Worm.Conficker.A 20150827
Avast Win32:ConfiDrv-B [Rtk] 20150827
Avira RKIT/Conficker.A 20150827
Baidu-International Trojan.Win32.Agent.40 20150827
BitDefender Win32.Worm.Conficker.A 20150827
Bkav W32.ConfickerIOC.Worm 20150826
CAT-QuickHeal I-Worm.Kido.ij.n5 20150827
CMC Generic.Win32.3291e16037!CMCRadar 20150827
ClamAV Trojan.Rootkit-1503 20150827
Comodo TrojWare.Win32.Rootkit.Agent.~a 20150827
Cyren W32/Conficker.UCIE-3981 20150827
DrWeb Win32.HLLW.Autoruner.5555 20150827
ESET-NOD32 Win32/Conficker.AA 20150827
Emsisoft Win32.Worm.Conficker.A (B) 20150827
F-Prot W32/Conficker.G 20150827
F-Secure Trojan:W32/Downadup.AL 20150827
Fortinet W32/Conficker.IJ!tr.rkit 20150827
GData Win32.Worm.Conficker.A 20150827
Ikarus Net-Worm.Win32.Kido 20150827
Jiangmin Worm/Kido.hh 20150826
K7AntiVirus Trojan ( 0001140e1 ) 20150827
K7GW Trojan ( 0001140e1 ) 20150827
Kaspersky Net-Worm.Win32.Kido.jq 20150827
Kingsoft Worm.Kido.ij.(kcloud) 20150827
Malwarebytes Worm.Conficker 20150827
McAfee W32/Conficker.sys 20150827
McAfee-GW-Edition W32/Conficker.sys 20150827
MicroWorld-eScan Win32.Worm.Conficker.A 20150827
Microsoft Trojan:WinNT/Conficker.B 20150827
NANO-Antivirus Trojan.Win32.Kido.ghbd 20150827
Panda Rootkit/Conficker.C 20150827
Qihoo-360 Win32/Trojan.75d 20150827
Rising PE:Trojan.Win32.Generic.1251DE6C!307355244[F1] 20150826
SUPERAntiSpyware Trojan.Unknown Origin 20150826
Sophos W32/Confick-D 20150827
Symantec W32.Downadup 20150826
TheHacker Trojan/Conficker.dam 20150826
TotalDefense Win32/Conficker.B 20150827
TrendMicro TROJ_DOWNAD.E 20150827
TrendMicro-HouseCall TROJ_DOWNAD.E 20150827
VBA32 Net-Worm.Kido 20150827
VIPRE Trojan.WinNT.Conficker.b (v) 20150827
ViRobot Worm.Win32.Conficker.4096[h] 20150827
Zillya Worm.Conficker.Win32.405 20150827
nProtect Worm/W32.Kido.4096 20150827
AegisLab 20150827
Alibaba 20150827
ByteHero 20150827
Tencent 20150827
Zoner 20150827
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Native subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1999-05-05 13:27:28
Link date 2:27 PM 5/5/1999
Entry Point 0x000010B0
Number of sections 5
PE sections
PE imports
_except_handler3
RtlInitUnicodeString
IoAllocateMdl
IofCompleteRequest
IoCreateSymbolicLink
IoDeleteSymbolicLink
ZwQuerySystemInformation
IoCreateDevice
MmProbeAndLockPages
MmUnmapLockedPages
IoDeleteDevice
MmMapLockedPagesSpecifyCache
ObfDereferenceObject
ExAllocatePoolWithTag
IoFreeMdl
MmUnlockPages
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Native

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
dll

TimeStamp
1999:05:05 14:27:28+01:00

FileType
Win32 DLL

PEType
PE32

CodeSize
1536

LinkerVersion
7.0

EntryPoint
0x10b0

InitializedDataSize
1536

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

CarbonBlack CarbonBlack acts as a surveillance camera for computers
While monitoring an end-user machine in-the-wild, CarbonBlack noticed the following files in execution wrote this sample to disk.
Compressed bundles
File identification
MD5 3291e1603715c47a23b60a8bf2ca73db
SHA1 41531fa6b5086e9150b57256efbcd47d7c05cd53
SHA256 aa0bbaecb678868e1e7f57c7ca9d61b608b3d788be490790eb1d148beadf4615
ssdeep
48:qZs7U1X+r/34o0dVYDP9O6sbo6GYDpwQRr3EYJlLu48:2K8A0doP9VsxGYtN1fJlLr8

authentihash c4971a5412ee420b844e547807911345c9bcfe3a9b1ee0ae21d93b45e1b821a8
imphash 4ab64aebae0dd65a5d0dda9f9befd033
File size 4.0 KB ( 4096 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (native) Intel 80386 32-bit

TrID Win32 Executable (generic) (42.7%)
Clipper DOS Executable (19.1%)
Generic Win/DOS Executable (19.0%)
DOS Executable Generic (18.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
pedll native

VirusTotal metadata
First submission 2009-01-02 16:21:52 UTC ( 6 years, 8 months ago )
Last submission 2015-06-18 19:34:58 UTC ( 2 months, 1 week ago )
File names smona131831195101454686231
Net-Worm.Win32.Kido.jq.exe
smona131831195112461260022
02.tmp
TcpIp_Perf.sys
01d.tmp
vti-rescan
vt-upload-e_sxh
avz00002.dta
05237.tmp
03.tmp
08.tmp
smona132022018315578557305
3291e1603715c47a23b60a8bf2ca73db
avz00001.dta
viru.txt
08DDD.tmp
011.tmp
04.tmp
3291e1603715c47a23b60a8bf2ca73db
01.tmp
file-3014212_000
01tmp
06.tmp
123
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!