× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: aa0bbaecb678868e1e7f57c7ca9d61b608b3d788be490790eb1d148beadf4615
File name: 03.tmp
Detection ratio: 52 / 57
Analysis date: 2015-06-18 19:34:58 UTC ( 1 week, 5 days ago )
Antivirus Result Update
ALYac Worm.Conficker 20150618
AVG I-Worm/Generic.COB 20150618
AVware Trojan.WinNT.Conficker.b (v) 20150618
Ad-Aware Win32.Worm.Conficker.A 20150618
Agnitum Worm.Conficker!L/CdK4RT60g 20150618
AhnLab-V3 Win32/Conficker.worm.4096 20150618
Antiy-AVL Worm[Net]/Win32.Kido 20150618
Arcabit Win32.Worm.Conficker.A 20150618
Avast Win32:ConfiDrv-B [Rtk] 20150618
Avira RKIT/Conficker.A 20150618
Baidu-International Trojan.Win32.Agent.40 20150618
BitDefender Win32.Worm.Conficker.A 20150618
Bkav W32.ConfickerIOC.Worm 20150618
CAT-QuickHeal I-Worm.Kido.ij.n5 20150618
CMC Generic.Win32.3291e16037!CMCRadar 20150618
ClamAV Trojan.Rootkit-1503 20150618
Comodo TrojWare.Win32.Rootkit.Agent.~a 20150618
Cyren W32/Conficker.UCIE-3981 20150618
DrWeb Win32.HLLW.Autoruner.5555 20150618
ESET-NOD32 Win32/Conficker.AA 20150618
Emsisoft Win32.Worm.Conficker.A (B) 20150618
F-Prot W32/Conficker.G 20150618
F-Secure Trojan:W32/Downadup.AL 20150618
Fortinet W32/Conficker.IJ!tr.rkit 20150617
GData Win32.Worm.Conficker.A 20150618
Ikarus Net-Worm.Win32.Kido 20150618
Jiangmin Worm/Kido.hh 20150615
K7AntiVirus Trojan ( 0001140e1 ) 20150618
K7GW Trojan ( 0001140e1 ) 20150618
Kaspersky Net-Worm.Win32.Kido.jq 20150618
Kingsoft Worm.Kido.ij.(kcloud) 20150618
Malwarebytes Worm.Conficker 20150618
McAfee W32/Conficker.sys 20150618
McAfee-GW-Edition W32/Conficker.sys 20150618
MicroWorld-eScan Win32.Worm.Conficker.A 20150618
Microsoft Trojan:WinNT/Conficker.B 20150618
NANO-Antivirus Trojan.Win32.Kido.ghbd 20150618
Panda Rootkit/Conficker.C 20150618
Qihoo-360 Win32/Trojan.75d 20150618
Rising PE:Trojan.Win32.Generic.1251DE6C!307355244 20150618
SUPERAntiSpyware Trojan.Unknown Origin 20150618
Sophos W32/Confick-D 20150618
Symantec W32.Downadup 20150618
Tencent Trojan.Win32.Conficker.dd 20150618
TheHacker Trojan/Conficker.dam 20150616
TrendMicro TROJ_DOWNAD.E 20150618
TrendMicro-HouseCall TROJ_DOWNAD.E 20150618
VBA32 Net-Worm.Kido 20150618
VIPRE Trojan.WinNT.Conficker.b (v) 20150618
ViRobot Worm.Win32.Conficker.4096[h] 20150618
Zillya Worm.Conficker.Win32.405 20150618
nProtect Worm/W32.Kido.4096 20150618
AegisLab 20150618
Alibaba 20150618
ByteHero 20150618
TotalDefense 20150618
Zoner 20150618
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Native subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1999-05-05 13:27:28
Link date 2:27 PM 5/5/1999
Entry Point 0x000010B0
Number of sections 5
PE sections
PE imports
_except_handler3
RtlInitUnicodeString
IoAllocateMdl
IofCompleteRequest
IoCreateSymbolicLink
IoDeleteSymbolicLink
ZwQuerySystemInformation
IoCreateDevice
MmProbeAndLockPages
MmUnmapLockedPages
IoDeleteDevice
MmMapLockedPagesSpecifyCache
ObfDereferenceObject
ExAllocatePoolWithTag
IoFreeMdl
MmUnlockPages
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Native

MachineType
Intel 386 or later, and compatibles

TimeStamp
1999:05:05 14:27:28+01:00

FileType
Win32 DLL

PEType
PE32

CodeSize
1536

LinkerVersion
7.0

FileTypeExtension
dll

InitializedDataSize
1536

SubsystemVersion
4.0

EntryPoint
0x10b0

OSVersion
4.0

ImageVersion
0.0

UninitializedDataSize
0

CarbonBlack CarbonBlack acts as a surveillance camera for computers
While monitoring an end-user machine in-the-wild, CarbonBlack noticed the following files in execution wrote this sample to disk.
Compressed bundles
File identification
MD5 3291e1603715c47a23b60a8bf2ca73db
SHA1 41531fa6b5086e9150b57256efbcd47d7c05cd53
SHA256 aa0bbaecb678868e1e7f57c7ca9d61b608b3d788be490790eb1d148beadf4615
ssdeep
48:qZs7U1X+r/34o0dVYDP9O6sbo6GYDpwQRr3EYJlLu48:2K8A0doP9VsxGYtN1fJlLr8

authentihash c4971a5412ee420b844e547807911345c9bcfe3a9b1ee0ae21d93b45e1b821a8
imphash 4ab64aebae0dd65a5d0dda9f9befd033
File size 4.0 KB ( 4096 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (native) Intel 80386 32-bit

TrID Win32 Executable (generic) (42.7%)
Clipper DOS Executable (19.1%)
Generic Win/DOS Executable (19.0%)
DOS Executable Generic (18.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
pedll native

VirusTotal metadata
First submission 2009-01-02 16:21:52 UTC ( 6 years, 6 months ago )
Last submission 2015-06-18 19:34:58 UTC ( 1 week, 5 days ago )
File names smona131831195101454686231
Net-Worm.Win32.Kido.jq.exe
smona131831195112461260022
02.tmp
TcpIp_Perf.sys
vti-rescan
vt-upload-e_sxh
avz00002.dta
05237.tmp
03.tmp
08.tmp
smona132022018315578557305
3291e1603715c47a23b60a8bf2ca73db
avz00001.dta
viru.txt
08DDD.tmp
011.tmp
04.tmp
3291e1603715c47a23b60a8bf2ca73db
01.tmp
file-3014212_000
01tmp
123
01.tmp.000
0D92F.tmp
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!