× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: a2e0fa7251392bb316b8b2678b6e5bcd8759504a4e5a66611a5c324ac4090234
File name: 7B42B35832855AB4FF37AE9B8FA9E571
Detection ratio: 46 / 54
Analysis date: 2015-12-17 13:24:47 UTC ( 3 years, 1 month ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.Generic.4596108 20151217
Yandex Trojan.Cossta!FpZYlFu0PP0 20151217
AhnLab-V3 Trojan/Win32.Cossta 20151217
Antiy-AVL Trojan/Win32.Cossta 20151217
Arcabit Trojan.Generic.D46218C 20151217
Avast Win32:Malware-gen 20151217
AVG Agent2.BCYK 20151217
Avira (no cloud) TR/Cossta.grt.10 20151217
AVware Trojan.Win32.Generic!BT 20151217
Baidu-International Backdoor.Win32.Small.liy 20151217
BitDefender Trojan.Generic.4596108 20151217
CAT-QuickHeal Trojan.Cossta.grt 20151217
ClamAV WIN.Trojan.Cossta-4 20151217
CMC Trojan.Win32.Cossta!O 20151217
Comodo UnclassifiedMalware 20151217
Cyren W32/Trojan.FJYA-5091 20151217
DrWeb Trojan.Siggen4.25865 20151217
Emsisoft Trojan.Generic.4596108 (B) 20151217
ESET-NOD32 a variant of Win32/Agent.WQS 20151217
F-Secure Trojan.Generic.4596108 20151217
Fortinet W32/Cossta.WQS!tr 20151217
GData Trojan.Generic.4596108 20151217
Ikarus Trojan.Win32.Cossta 20151217
Jiangmin Trojan/Cossta.rgc 20151217
K7AntiVirus Trojan ( 000030f81 ) 20151217
K7GW Trojan ( 000030f81 ) 20151217
Kaspersky Backdoor.Win32.Small.liy 20151217
McAfee Generic BackDoor.adt 20151217
McAfee-GW-Edition Generic BackDoor.adt 20151217
Microsoft Backdoor:Win32/Neunut.A 20151217
eScan Trojan.Generic.4596108 20151217
NANO-Antivirus Trojan.Win32.Cossta.cqvyn 20151217
nProtect Trojan/W32.Small.34304.EG 20151217
Panda Generic Malware 20151217
Rising PE:Malware.Generic(Thunder)!1.A1C4 [F] 20151217
Sophos AV Mal/Dloadr-BK 20151217
SUPERAntiSpyware Trojan.Agent/Gen-Cossta 20151217
Symantec Trojan.Gen 20151217
Tencent Win32.Backdoor.Small.Aiic 20151217
TheHacker Trojan/Agent.wqs 20151215
TrendMicro TSPY_COSSTA.DH 20151217
TrendMicro-HouseCall TSPY_COSSTA.DH 20151217
VBA32 Trojan.Cossta 20151217
VIPRE Trojan.Win32.Generic!BT 20151217
ViRobot Trojan.Win32.A.Cossta.34304.A[h] 20151217
Zillya Trojan.Cossta.Win32.4049 20151217
AegisLab 20151217
Alibaba 20151208
Bkav 20151217
ByteHero 20151217
F-Prot 20151217
Malwarebytes 20151217
TotalDefense 20151217
Zoner 20151217
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
PEiD Armadillo v1.71
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2009-08-03 08:29:29
Entry Point 0x0000328E
Number of sections 3
PE sections
PE imports
PeekNamedPipe
GetLastError
HeapFree
GetStdHandle
LCMapStringW
SetHandleCount
GlobalFree
GetOEMCP
LCMapStringA
HeapDestroy
ExitProcess
GetEnvironmentStringsW
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetSystemDirectoryA
GetCommandLineA
CreatePipe
GetCurrentProcess
GetEnvironmentStrings
WideCharToMultiByte
UnhandledExceptionFilter
MultiByteToWideChar
FreeEnvironmentStringsW
GetModuleFileNameA
GetProcAddress
SetStdHandle
SetFilePointer
FreeEnvironmentStringsA
GetCPInfo
GetStringTypeA
GetModuleHandleA
ReadFile
WriteFile
GetStartupInfoA
CloseHandle
GetComputerNameA
GetACP
HeapReAlloc
GetStringTypeW
TerminateProcess
CreateProcessA
HeapCreate
VirtualFree
Sleep
GetFileType
SetEndOfFile
CreateFileA
HeapAlloc
GetVersion
VirtualAlloc
WinHttpSetOption
WinHttpConnect
WinHttpSendRequest
WinHttpCloseHandle
WinHttpWriteData
WinHttpGetIEProxyConfigForCurrentUser
WinHttpGetProxyForUrl
WinHttpReceiveResponse
WinHttpQueryOption
WinHttpOpen
WinHttpOpenRequest
WinHttpReadData
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

SubsystemVersion
4.0

MachineType
Intel 386 or later, and compatibles

TimeStamp
2009:08:03 09:29:29+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
27136

LinkerVersion
6.0

FileTypeExtension
exe

InitializedDataSize
18944

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

EntryPoint
0x328e

OSVersion
4.0

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 7b42b35832855ab4ff37ae9b8fa9e571
SHA1 374943af10ae4c47ba27b4534cc4b468bfaa9eff
SHA256 a2e0fa7251392bb316b8b2678b6e5bcd8759504a4e5a66611a5c324ac4090234
ssdeep
768:u6mCfedjLCsiHSmL2J4gW1nkxlZXkMousSU:u6mfLvQgW1kxlZjsS

authentihash 7bf3263fddf84ac7937299746ecaa42fffce6d3f817b4e3a48d0e7ccf24dd6b4
imphash a1a42f57ff30983efda08b68fedd3cfc
File size 33.5 KB ( 34304 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe armadillo

VirusTotal metadata
First submission 2011-06-30 17:41:16 UTC ( 7 years, 6 months ago )
Last submission 2018-11-10 07:59:21 UTC ( 2 months, 1 week ago )
File names VirusShare_7b42b35832855ab4ff37ae9b8fa9e571
9xzk.7z
setup.exe
7b42b35832855ab4ff37ae9b8fa9e571
WEBC2-HEAD_sample_7B42B35832855AB4FF37AE9B8FA9E571-9973043-1376710857-tmp
RRl2ZcM.xltm
WEBC2-HEAD_sample_7B42B35832855AB4FF37AE9B8FA9E571
VirusShare_7b42b35832855ab4ff37ae9b8fa9e571
B6fODkwHX.pdf
WEBC2-HEAD_sample_7B42B35832855AB4FF37AE9B8FA9E571
VirusShare_7b42b35832855ab4ff37ae9b8fa9e571
7D2klCcs.vbs
srnKvveE.rar
aa
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
DNS requests