× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: a0d26642adccefc39db6564cb995289e02ce7d0ddd9b32d859fabd63d42ae09e
File name: newbos3.exe
Detection ratio: 29 / 45
Analysis date: 2013-04-23 00:21:28 UTC ( 11 months, 4 weeks ago ) View latest
Antivirus Result Update
AVG Generic_s.BBQ 20130423
AhnLab-V3 Trojan/Win32.Foreign 20130422
AntiVir TR/Waledac.EB.2 20130422
BitDefender Trojan.GenericKDZ.14822 20130423
Commtouch W32/Backdoor.ZBVS-6750 20130422
Comodo TrojWare.Win32.Kryptik.AYWT 20130423
DrWeb BackDoor.SlymENT.1498 20130423
ESET-NOD32 a variant of Win32/Kryptik.AZBN 20130422
Emsisoft Trojan.GenericKDZ.14822 (B) 20130423
F-Secure Trojan.GenericKDZ.14822 20130423
Fortinet W32/Tepfer.ABIF!tr.pws 20130423
GData Trojan.GenericKDZ.14822 20130423
Ikarus Trojan-PSW.Win32.Tepfer 20130422
K7AntiVirus Trojan 20130422
K7GW Trojan 20130422
Kaspersky Trojan-PSW.Win32.Tepfer.iprr 20130423
Malwarebytes Trojan.FakeAlert 20130423
McAfee Generic-FAGQ!502537A985E2 20130423
McAfee-GW-Edition Heuristic.LooksLike.Win32.Suspicious.E 20130422
Microsoft Backdoor:Win32/Kelihos.F 20130423
Norman Hlux.XD 20130422
PCTools HeurEngine.MaliciousPacker 20130422
Panda Trj/Tepfer.B 20130422
Sophos Troj/Agent-ABIF 20130423
Symantec Packed.Generic.402 20130423
TrendMicro TROJ_GEN.R47CDDK 20130423
TrendMicro-HouseCall TROJ_GEN.R47CDDK 20130423
VIPRE Trojan.Win32.Winwebsec.mdc (v) 20130423
nProtect Trojan.GenericKDZ.14822 20130422
Agnitum 20130422
Antiy-AVL 20130422
ByteHero 20130418
CAT-QuickHeal 20130422
ClamAV 20130423
F-Prot 20130422
Jiangmin 20130422
Kingsoft 20130422
MicroWorld-eScan 20130423
NANO-Antivirus 20130423
SUPERAntiSpyware 20130423
TheHacker 20130422
TotalDefense 20130422
VBA32 20130422
ViRobot 20130422
eSafe 20130418
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-01-23 18:06:03
Entry Point 0x00001152
Number of sections 5
PE sections
PE imports
DllGetClassObject
DllUnregisterServer
DllRegisterServer
HeapSize
MapViewOfFile
IsBadWritePtr
GetStdHandle
GetDriveTypeW
CancelIo
ReleaseMutex
GetLocaleInfoA
GetModuleHandleA
GetFileAttributesA
CreateDirectoryA
DeleteFileA
WriteFile
ResetEvent
CreateMailslotA
VirtualProtect
GetCommandLineA
RemoveDirectoryA
SetLocalTime
SetLastError
GetProcessHeap
DwRasUninitialize
SetFocus
wsprintfA
LoadCursorA
DispatchMessageA
GetWindowTextW
GetCapture
LoadImageA
PeekMessageA
DestroyMenu
GetWindowLongW
PostMessageW
GetCaretPos
SetCursor
Number of PE resources by type
RT_ICON 1
Number of PE resources by language
ENGLISH US 1
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2013:01:23 19:06:03+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
3584

LinkerVersion
3.24

FileAccessDate
2013:04:24 08:30:35+01:00

Warning
Invalid Version Info block

EntryPoint
0x1152

InitializedDataSize
811520

SubsystemVersion
5.1

ImageVersion
0.0

OSVersion
5.1

FileCreateDate
2013:04:24 08:30:35+01:00

UninitializedDataSize
0

File identification
MD5 502537a985e21eb8ceccd246d1bb4289
SHA1 5bb286424c38dc2a46a0fc0530e10241630d2f80
SHA256 a0d26642adccefc39db6564cb995289e02ce7d0ddd9b32d859fabd63d42ae09e
ssdeep
24576:G7T3PlwvCCC9W0oVuRXEazcUzgzvEOCx+:UDqvCCwW+1lAUsbEOCx

File size 797.5 KB ( 816640 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable (generic) (61.9%)
Generic Win/DOS Executable (19.0%)
DOS Executable Generic (19.0%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe

VirusTotal metadata
First submission 2013-04-20 02:47:40 UTC ( 12 months ago )
Last submission 2013-04-24 07:30:32 UTC ( 11 months, 3 weeks ago )
File names newbos3.exe
temp26.exe
502537a985e21eb8ceccd246d1bb4289
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Set keys
Code injections in the following processes
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
UDP communications