× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: a13d418e63074f6e6d492e1946d96255a8ddc0acf7d717115931cc8d98f3954c
File name: 9db952cfaedb5f6d9b87f877d20c8a070cd9d0db
Detection ratio: 4 / 57
Analysis date: 2015-06-12 03:38:27 UTC ( 3 years, 9 months ago ) View latest
Antivirus Result Update
DrWeb Trojan.PWS.Panda.8087 20150612
Kaspersky Trojan-Spy.Win32.Zbot.vnsz 20150612
Qihoo-360 HEUR/QVM19.1.Malware.Gen 20150612
Tencent Trojan.Win32.Qudamah.Gen.7 20150612
Ad-Aware 20150612
AegisLab 20150612
Yandex 20150611
AhnLab-V3 20150611
Alibaba 20150611
ALYac 20150612
Antiy-AVL 20150611
Arcabit 20150612
Avast 20150612
AVG 20150612
Avira (no cloud) 20150611
AVware 20150612
Baidu-International 20150611
BitDefender 20150612
Bkav 20150611
ByteHero 20150612
CAT-QuickHeal 20150612
ClamAV 20150611
CMC 20150610
Comodo 20150612
Cyren 20150612
Emsisoft 20150612
ESET-NOD32 20150612
F-Prot 20150611
F-Secure 20150612
Fortinet 20150612
GData 20150612
Ikarus 20150612
Jiangmin 20150610
K7AntiVirus 20150611
K7GW 20150611
Kingsoft 20150612
Malwarebytes 20150611
McAfee 20150612
McAfee-GW-Edition 20150611
Microsoft 20150612
eScan 20150612
NANO-Antivirus 20150611
nProtect 20150611
Panda 20150611
Rising 20150611
Sophos AV 20150612
SUPERAntiSpyware 20150612
Symantec 20150612
TheHacker 20150611
TotalDefense 20150611
TrendMicro 20150612
TrendMicro-HouseCall 20150612
VBA32 20150611
VIPRE 20150612
ViRobot 20150612
Zillya 20150611
Zoner 20150609
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2005-07-25 18:51:44
Entry Point 0x00001000
Number of sections 11
PE sections
PE imports
FillRgn
SetBrushOrgEx
PlgBlt
GetCharWidth32W
MoveToEx
CreateDiscardableBitmap
GdiPlayPageEMF
RectInRegion
GetCharWidthA
GetCharABCWidthsA
GetMetaRgn
GdiFlush
GdiPlayEMF
EnumFontsA
CreatePolyPolygonRgn
Number of PE resources by type
RT_GROUP_CURSOR 1
RT_CURSOR 1
RT_VERSION 1
Number of PE resources by language
JAPANESE DEFAULT 3
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2005:07:25 19:51:44+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
242176

LinkerVersion
0.0

EntryPoint
0x1000

InitializedDataSize
35328

SubsystemVersion
4.1

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 d674dfa3f6b9912a0d7152565506f5b6
SHA1 f5ff1df305d5703ed6e9071d1726853170214b54
SHA256 a13d418e63074f6e6d492e1946d96255a8ddc0acf7d717115931cc8d98f3954c
ssdeep
1536:Mjl3Bmj00ii1XK/8fl1NDdECKziATPSeYTvTnBGRj7TO6627I:Yf8XK/Sl1nErBTPS7br8jm6jI

authentihash e3d1845bbcf2db99442695b6463494558d6b3e63cde93642a826b65511dbbb53
imphash bd3e0aaf10fef7d7a0269edd0d6b712b
File size 278.5 KB ( 285184 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable (generic) (52.7%)
Generic Win/DOS Executable (23.4%)
DOS Executable Generic (23.4%)
VXD Driver (0.3%)
Tags
peexe

VirusTotal metadata
First submission 2015-06-11 20:13:53 UTC ( 3 years, 9 months ago )
Last submission 2015-06-12 03:38:27 UTC ( 3 years, 9 months ago )
File names 9db952cfaedb5f6d9b87f877d20c8a070cd9d0db
Advanced heuristic and reputation engines
TrendMicro-HouseCall
TrendMicro's heuristic engine has flagged this file as: TROJ_GEN.R01TC0DFI15.

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.