× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: aa0bbaecb678868e1e7f57c7ca9d61b608b3d788be490790eb1d148beadf4615
File name: 02.tmp
Detection ratio: 49 / 52
Analysis date: 2016-02-04 18:32:35 UTC ( 1 week ago )
Antivirus Result Update
ALYac Worm.Conficker 20160204
AVG I-Worm/Generic.COB 20160204
Ad-Aware Win32.Worm.Conficker.A 20160204
AegisLab W32.W.Kido.ij!c 20160204
Agnitum Worm.Conficker!L/CdK4RT60g 20160203
AhnLab-V3 Win32/Conficker.worm.4096 20160203
Antiy-AVL Worm[Net]/Win32.Kido 20160204
Arcabit Win32.Worm.Conficker.A 20160203
Avast Win32:ConfiDrv-B [Rtk] 20160203
Avira RKIT/Conficker.A 20160203
Baidu-International Trojan.Win32.Agent.40 20160203
BitDefender Win32.Worm.Conficker.A 20160203
Bkav W32.ConfickerIOC.Worm 20160203
CAT-QuickHeal Worm.Kido.07655 20160203
ClamAV Trojan.Rootkit-1503 20160203
Comodo TrojWare.Win32.Rootkit.Agent.~a 20160203
Cyren W32/Conficker.UCIE-3981 20160203
DrWeb Win32.HLLW.Autoruner.5555 20160204
ESET-NOD32 Win32/Conficker.AA 20160203
Emsisoft Win32.Worm.Conficker.A (B) 20160203
F-Prot W32/Conficker.G 20160129
Fortinet W32/Conficker.IJ!tr.rkit 20160203
GData Win32.Worm.Conficker.A 20160203
Ikarus Net-Worm.Win32.Kido 20160204
Jiangmin Worm/Kido.hw 20160203
K7AntiVirus Trojan ( 0001140e1 ) 20160203
K7GW Trojan ( 0001140e1 ) 20160203
Kaspersky Net-Worm.Win32.Kido.jq 20160203
Malwarebytes Worm.Conficker 20160204
McAfee W32/Conficker.sys 20160203
McAfee-GW-Edition W32/Conficker.sys 20160204
MicroWorld-eScan Win32.Worm.Conficker.A 20160203
Microsoft Trojan:WinNT/Conficker.B 20160204
NANO-Antivirus Trojan.Win32.Kido.ghbd 20160203
Panda Rootkit/Conficker.C 20160202
Qihoo-360 Win32/Trojan.75d 20160204
Rising PE:Backdoor.Win32.Undef.cef!1449988 [F] 20160204
SUPERAntiSpyware Trojan.Unknown Origin 20160203
Sophos W32/Confick-D 20160204
Symantec W32.Downadup 20160202
Tencent Win32.Worm-net.Kido.Ljaf 20160204
TheHacker Trojan/Conficker.dam 20160202
TrendMicro TROJ_DOWNAD.E 20160204
TrendMicro-HouseCall TROJ_DOWNAD.E 20160204
VBA32 Net-Worm.Kido 20160204
VIPRE Trojan.WinNT.Conficker.b (v) 20160204
ViRobot Worm.Win32.Conficker.4096[h] 20160203
Zillya Worm.Conficker.Win32.405 20160202
nProtect Worm/W32.Kido.4096 20160201
Alibaba 20160203
ByteHero 20160204
Zoner 20160203
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Native subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1999-05-05 13:27:28
Link date 2:27 PM 5/5/1999
Entry Point 0x000010B0
Number of sections 5
PE sections
PE imports
_except_handler3
RtlInitUnicodeString
IoAllocateMdl
IofCompleteRequest
IoCreateSymbolicLink
IoDeleteSymbolicLink
ZwQuerySystemInformation
IoCreateDevice
MmProbeAndLockPages
MmUnmapLockedPages
IoDeleteDevice
MmMapLockedPagesSpecifyCache
ObfDereferenceObject
ExAllocatePoolWithTag
IoFreeMdl
MmUnlockPages
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Native

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
dll

TimeStamp
1999:05:05 14:27:28+01:00

FileType
Win32 DLL

PEType
PE32

CodeSize
1536

LinkerVersion
7.0

EntryPoint
0x10b0

InitializedDataSize
1536

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

CarbonBlack CarbonBlack acts as a surveillance camera for computers
While monitoring an end-user machine in-the-wild, CarbonBlack noticed the following files in execution wrote this sample to disk.
Compressed bundles
File identification
MD5 3291e1603715c47a23b60a8bf2ca73db
SHA1 41531fa6b5086e9150b57256efbcd47d7c05cd53
SHA256 aa0bbaecb678868e1e7f57c7ca9d61b608b3d788be490790eb1d148beadf4615
ssdeep
48:qZs7U1X+r/34o0dVYDP9O6sbo6GYDpwQRr3EYJlLu48:2K8A0doP9VsxGYtN1fJlLr8

authentihash c4971a5412ee420b844e547807911345c9bcfe3a9b1ee0ae21d93b45e1b821a8
imphash 4ab64aebae0dd65a5d0dda9f9befd033
File size 4.0 KB ( 4096 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (native) Intel 80386 32-bit

TrID Win32 Executable (generic) (42.8%)
Clipper DOS Executable (19.1%)
Generic Win/DOS Executable (19.0%)
DOS Executable Generic (18.9%)
Tags
pedll native

VirusTotal metadata
First submission 2009-01-02 16:21:52 UTC ( 7 years, 1 month ago )
Last submission 2016-02-04 18:32:35 UTC ( 1 week ago )
File names 03A6D.tmp
smona131831195101454686231
Net-Worm.Win32.Kido.jq.exe
smona131831195112461260022
02.tmp
TcpIp_Perf.sys
01d.tmp
vti-rescan
vt-upload-e_sxh
avz00002.dta
05237.tmp
03.tmp
06EC0.tmp
08.tmp
smona132022018315578557305
3291e1603715c47a23b60a8bf2ca73db
avz00001.dta
viru.txt
08DDD.tmp
011.tmp
04.tmp
3291e1603715c47a23b60a8bf2ca73db
01.tmp
file-3014212_000
01tmp
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!