× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: a5fdf0349e7322a1ffdc0425157da9fb69c7619ae7e4a47332774c687eced467
File name: 17b9e04a7e5e63d242b6d2d0cc83e26ec4493023
Detection ratio: 9 / 57
Analysis date: 2015-04-02 23:46:57 UTC ( 3 years, 11 months ago )
Antivirus Result Update
ByteHero Trojan.Malware.Obscu.Gen.004 20150403
DrWeb Trojan.Packed 20150402
ESET-NOD32 a variant of Win32/Kryptik.DDVX 20150403
Fortinet W32/Kryptik.CAHR!tr 20150402
Malwarebytes Trojan.Agent.ED 20150403
McAfee Artemis!DEB2BB52423D 20150402
McAfee-GW-Edition BehavesLike.Win32.Sdbot.hz 20150402
Tencent Trojan.Win32.Qudamah.Gen.7 20150403
VBA32 BScope.Malware-Cryptor.Bredolab.2213 20150402
Ad-Aware 20150402
AegisLab 20150403
Yandex 20150402
AhnLab-V3 20150402
Alibaba 20150402
ALYac 20150403
Antiy-AVL 20150402
Avast 20150403
AVG 20150403
Avira (no cloud) 20150402
AVware 20150402
Baidu-International 20150402
BitDefender 20150403
Bkav 20150402
CAT-QuickHeal 20150402
ClamAV 20150402
CMC 20150402
Comodo 20150402
Cyren 20150402
Emsisoft 20150402
F-Prot 20150401
F-Secure 20150402
GData 20150403
Ikarus 20150402
Jiangmin 20150402
K7AntiVirus 20150402
K7GW 20150402
Kaspersky 20150402
Kingsoft 20150403
Microsoft 20150403
eScan 20150403
NANO-Antivirus 20150403
Norman 20150402
nProtect 20150402
Panda 20150401
Qihoo-360 20150403
Rising 20150402
Sophos AV 20150402
SUPERAntiSpyware 20150402
Symantec 20150402
TheHacker 20150401
TotalDefense 20150402
TrendMicro 20150403
TrendMicro-HouseCall 20150402
VIPRE 20150402
ViRobot 20150402
Zillya 20150402
Zoner 20150402
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2005-07-24 22:27:18
Entry Point 0x00001000
Number of sections 13
PE sections
PE imports
AreFileApisANSI
DeleteCriticalSection
RaiseException
FlushConsoleInputBuffer
GetPrivateProfileSectionW
RtlZeroMemory
lstrcmpA
ReadConsoleOutputW
lstrcmpiA
SetConsoleWindowInfo
FindClose
TlsAlloc
BuildCommDCBW
GetCurrentThreadId
_lread
GetStringTypeW
GetShortPathNameA
Number of PE resources by type
RT_BITMAP 1
RT_VERSION 1
Number of PE resources by language
NEUTRAL 1
ENGLISH US 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2005:07:24 23:27:18+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
422912

LinkerVersion
0.0

EntryPoint
0x1000

InitializedDataSize
124928

SubsystemVersion
4.1

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 deb2bb52423d4144e04e7335b4acba2c
SHA1 7ab9122333e74bc68830c495ec5ca70550a9b2a2
SHA256 a5fdf0349e7322a1ffdc0425157da9fb69c7619ae7e4a47332774c687eced467
ssdeep
3072:bGwTY71Kzc7x8b5rrJVB9npLI/zmzsIu:hTUIcGlrr/XpE/P3

authentihash a1a813906a9095ed5d59df51b9f8d3e5ccc37b077f79d8f7c16a461b8cdff212
imphash 510f22c92441ccdee6578ac6b9fe9460
File size 559.5 KB ( 572928 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable (generic) (52.7%)
Generic Win/DOS Executable (23.4%)
DOS Executable Generic (23.4%)
VXD Driver (0.3%)
Tags
peexe

VirusTotal metadata
First submission 2015-04-02 23:46:57 UTC ( 3 years, 11 months ago )
Last submission 2015-04-02 23:46:57 UTC ( 3 years, 11 months ago )
File names 17b9e04a7e5e63d242b6d2d0cc83e26ec4493023
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Created mutexes
Opened mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
UDP communications