× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: a2d1b737c4fccd6a20370874a6dd4ab43b0c3f70199185940f137ba2b97f86f9
File name: 14f39789e3f697cd95d6fce05d510c9c
Detection ratio: 31 / 57
Analysis date: 2015-06-19 20:59:12 UTC ( 3 years, 11 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.Generic.14737332 20150619
ALYac Trojan.Generic.14737332 20150619
Arcabit Trojan.Generic.DE0DFB4 20150619
Avast Win32:Malware-gen 20150619
AVG Crypt4.AVTM 20150619
Avira (no cloud) TR/Crypt.XPACK.Gen 20150619
AVware Trojan.Win32.Generic!BT 20150619
Baidu-International Worm.Win32.Cridex.qqr 20150619
BitDefender Trojan.Generic.14737332 20150619
Emsisoft Trojan.Generic.14737332 (B) 20150619
ESET-NOD32 a variant of Win32/Dridex.P 20150619
F-Secure Trojan.Generic.14737332 20150619
Fortinet W32/Dridex.M!tr 20150619
GData Trojan.Generic.14737332 20150619
K7AntiVirus Trojan ( 004beebb1 ) 20150619
K7GW Trojan ( 004beebb1 ) 20150619
Kaspersky Worm.Win32.Cridex.qqr 20150619
McAfee Artemis!9FBD106E8D0F 20150619
McAfee-GW-Edition BehavesLike.Win32.Dreform.kh 20150619
Microsoft Trojan:Win32/Dynamer!ac 20150619
eScan Trojan.Generic.14737332 20150619
NANO-Antivirus Virus.Win32.Gen.ccmw 20150619
nProtect Trojan.Generic.14737332 20150619
Panda Trj/Genetic.gen 20150619
Qihoo-360 Win32/Trojan.42b 20150619
Rising PE:Malware.XPACK-LNR/Heur!1.5594 20150618
Sophos AV Mal/EncPk-ABFO 20150619
Tencent Trojan.Win32.Qudamah.Gen.1 20150619
TrendMicro-HouseCall TROJ_GEN.R08OB01FI15 20150619
VBA32 BScope.Trojan.Agent 20150619
VIPRE Trojan.Win32.Generic!BT 20150619
AegisLab 20150619
Yandex 20150619
AhnLab-V3 20150619
Alibaba 20150619
Antiy-AVL 20150619
Bkav 20150619
ByteHero 20150619
CAT-QuickHeal 20150619
ClamAV 20150619
CMC 20150618
Comodo 20150619
Cyren 20150619
DrWeb 20150619
F-Prot 20150619
Ikarus 20150619
Jiangmin 20150618
Kingsoft 20150619
Malwarebytes 20150619
SUPERAntiSpyware 20150619
Symantec 20150619
TheHacker 20150619
TotalDefense 20150619
TrendMicro 20150619
ViRobot 20150619
Zillya 20150619
Zoner 20150619
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-06-15 15:56:52
Entry Point 0x00003F1F
Number of sections 5
PE sections
PE imports
CreateProcessAsUserW
GetLastError
GetSystemTimeAsFileTime
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2015:06:15 16:56:52+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
36864

LinkerVersion
10.0

FileTypeExtension
exe

InitializedDataSize
34304

SubsystemVersion
5.1

EntryPoint
0x3f1f

OSVersion
5.1

ImageVersion
0.0

UninitializedDataSize
0

Compressed bundles
File identification
MD5 9fbd106e8d0f46f942316450e025b0f2
SHA1 9be64ff92fc78a6d42c1606112e0cfc1c78c8aa9
SHA256 a2d1b737c4fccd6a20370874a6dd4ab43b0c3f70199185940f137ba2b97f86f9
ssdeep
1536:wG5hjDbrHWKjC1GraMxBMgf6MUB39679TqOV6985yLqHoHej6ia1ih14:waB2Kj7aMxBMZMU19mG66Ze14

authentihash f460391666bbf47e4080ca1a0e647575e517b5b35e8c00d198d107a5b49f1636
imphash 3a652c34571b8db3cbe3a9bae1cd0ce2
File size 68.5 KB ( 70144 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe

VirusTotal metadata
First submission 2015-06-18 04:41:09 UTC ( 3 years, 11 months ago )
Last submission 2015-09-14 07:39:46 UTC ( 3 years, 8 months ago )
File names 9FBD106E8D0F46F942316450E025B0F2
14f39789e3f697cd95d6fce05d510c9c
9FBD106E8D0F46F942316450E025B0F2.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Code injections in the following processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
HTTP requests
DNS requests
TCP connections