× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: a739e1c23cd19d8843478136ddeb142459c2bf09bef9be7023834ad24c67ffea
File name: mswytexma.exe
Detection ratio: 49 / 56
Analysis date: 2015-02-04 17:52:19 UTC ( 3 weeks, 4 days ago )
Antivirus Result Update
ALYac Trojan.GenericKD.1460106 20150204
AVG Zbot.EMS 20150204
AVware Worm.Win32.Gamarue.ic (v) 20150204
Ad-Aware Trojan.GenericKD.1460106 20150204
Agnitum Backdoor.Androm!k9jFYLYCvqc 20150202
AhnLab-V3 Worm/Win32.Gamarue 20150204
Antiy-AVL Trojan[Backdoor]/Win32.Androm 20150204
Avast Win32:Malware-gen 20150204
Avira TR/Crypt.ZPACK.39298 20150204
Baidu-International Backdoor.Win32.Androm.awnA 20150204
BitDefender Trojan.GenericKD.1460106 20150204
Bkav W32.RogueNeurevtF.Trojan 20150203
CAT-QuickHeal Worm.Gamarue.I5 20150204
Comodo TrojWare.Win32.Genome.xhtk 20150204
Cyren W32/Trojan.TNVT-8983 20150204
DrWeb Trojan.Inject2.23 20150204
ESET-NOD32 Win32/TrojanDownloader.Wauchos.X 20150204
Emsisoft Backdoor.Win32.Androm (A) 20150204
F-Prot W32/Trojan2.OBIL 20150204
F-Secure Trojan.GenericKD.1460106 20150204
Fortinet W32/Androm.BJKN!tr.bdr 20150204
GData Trojan.GenericKD.1460106 20150204
Ikarus Backdoor.Win32.Androm 20150204
K7AntiVirus Riskware ( 0040eff71 ) 20150204
K7GW Riskware ( 0040eff71 ) 20150204
Kaspersky Backdoor.Win32.Androm.bjkn 20150204
Kingsoft Win32.Hack.Androm.bj.(kcloud) 20150204
Malwarebytes Backdoor.Andromeda.AMZ 20150204
McAfee Generic.rm 20150204
McAfee-GW-Edition Generic.rm 20150204
MicroWorld-eScan Trojan.GenericKD.1460106 20150204
Microsoft Worm:Win32/Gamarue.I 20150204
NANO-Antivirus Trojan.Win32.Inject2.crhhyd 20150204
Norman Suspicious_Gen4.FMTUJ 20150204
Qihoo-360 Win32/Trojan.Multi.daf 20150204
Rising PE:Trojan.Win32.Generic.16356297!372597399 20150204
Sophos Mal/Generic-L 20150204
Symantec Backdoor.Trojan 20150204
Tencent Win32.Backdoor.Androm.Swlc 20150204
TheHacker Trojan/Downloader.Wauchos.x 20150203
TotalDefense Win32/Gamarue.GYQQBDC 20150204
TrendMicro WORM_GAMARUE.JQ 20150204
TrendMicro-HouseCall WORM_GAMARUE.JQ 20150204
VBA32 BScope.Malware-Cryptor.Androm 20150204
VIPRE Worm.Win32.Gamarue.ic (v) 20150204
ViRobot Worm.Win32.S.Gamarue.94208[h] 20150204
Zillya Backdoor.Androm.Win32.4999 20150204
Zoner Trojan.Wauchos.X 20150202
nProtect Backdoor/W32.Androm.94208.B 20150204
AegisLab 20150204
Alibaba 20150203
ByteHero 20150204
CMC 20150202
ClamAV 20150204
Panda 20150204
SUPERAntiSpyware 20150204
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-12-17 02:56:11
Link date 3:56 AM 12/17/2013
Entry Point 0x00004891
Number of sections 4
PE sections
PE imports
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetSystemTimeAsFileTime
EnterCriticalSection
LCMapStringW
SetHandleCount
GetModuleFileNameW
TryEnterCriticalSection
GetVersionExW
FreeLibrary
QueryPerformanceCounter
IsDebuggerPresent
ExitProcess
TlsAlloc
GetEnvironmentStringsW
GetVersionExA
GetModuleFileNameA
WaitForSingleObjectEx
RtlUnwind
LoadLibraryA
GetStdHandle
DeleteCriticalSection
GetCurrentProcess
GetStartupInfoW
GetFileType
SetConsoleCtrlHandler
GetCurrentProcessId
IsValidCodePage
GetCPInfo
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
HeapSize
SetFilePointerEx
FreeEnvironmentStringsW
GetCommandLineA
CloseHandle
InterlockedCompareExchange
EncodePointer
GetLocaleInfoW
CreateMutexA
SetFilePointer
RaiseException
WideCharToMultiByte
LoadLibraryW
TlsFree
GetModuleHandleA
HeapSetInformation
ReadFile
InterlockedExchange
SetUnhandledExceptionFilter
WriteFile
TlsSetValue
DecodePointer
WaitForSingleObject
IsProcessorFeaturePresent
GetACP
HeapReAlloc
GetStringTypeW
GetModuleHandleW
GetOEMCP
LocalFree
TerminateProcess
FreeLibraryAndExitThread
InitializeCriticalSection
HeapCreate
GetProcAddress
FatalAppExitA
FindClose
InterlockedDecrement
Sleep
GetCurrentThread
GetTickCount
HeapDestroy
CreateFileA
HeapAlloc
GetCurrentThreadId
InterlockedIncrement
VirtualAlloc
SetLastError
LeaveCriticalSection
NetGetJoinInformation
OleUninitialize
CoCreateInstance
OleInitialize
StgCreateDocfileOnILockBytes
OleFlushClipboard
ReleaseStgMedium
GetRunningObjectTable
RegisterDragDrop
CoLockObjectExternal
CoRevokeClassObject
CoInitializeSecurity
CLSIDFromProgID
CoQueryProxyBlanket
RevokeDragDrop
CoDisconnectObject
CoCreateGuid
CoTaskMemFree
OleRun
CoGetClassObject
Number of PE resources by type
RT_ICON 2
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 4
ExifTool file metadata
SubsystemVersion
4.0

Comments
Oracle Software

LinkerVersion
7.1

ImageVersion
0.0

FileVersionNumber
1.0.0.0

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
49152

FileOS
Unknown (0x5)

MIMEType
application/octet-stream

FileVersion
1.0

TimeStamp
2013:12:17 03:56:11+01:00

FileType
Win32 EXE

PEType
PE32

FileAccessDate
2015:02:04 18:52:36+01:00

ProductVersion
1.0

FileDescription
Oracle Software

OSVersion
4.0

FileCreateDate
2015:02:04 18:52:36+01:00

OriginalFilename
olaunch.exe

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Oracle Software, Inc.

CodeSize
40960

FileSubtype
0

ProductVersionNumber
1.0.0.0

EntryPoint
0x4891

ObjectFileType
Executable application

File identification
MD5 52d832c893645a86ab7c8e1708b4ae37
SHA1 71196c523b5f995834789e2d4036f59129874414
SHA256 a739e1c23cd19d8843478136ddeb142459c2bf09bef9be7023834ad24c67ffea
ssdeep
1536:gta3EBc0EUaD4KAwjNJxiLZRKRZ1Y2+ZNpB5t:gta0yn4Bwj/x8Z4RM20F

authentihash e7ac692255a396a1b73b279c3fed1d5b955d8d96dfcb700420601919d35fd868
imphash 7fec5d52cfc514b40575fd86b41018f9
File size 92.0 KB ( 94208 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2013-12-16 17:51:49 UTC ( 1 year, 2 months ago )
Last submission 2015-02-04 17:52:19 UTC ( 3 weeks, 4 days ago )
File names MSIOFOSOH.EXE
msckahxh.exe
file-6425586_exe
1000317245.transact_store.exe
1000317245.transact_store.exe
transact_store344578.exe
msaccoxp.exe
msaodgeh.exe
msoepba.exe
mspwib.exe
a739e1c23cd19d8843478136ddeb142459c2bf09bef9be7023834ad24c67ffea
10001723.transact_store.exe
vti-rescan
msuuxaw.exe
mskicfqo.exe
mswytexma.exe
msbisbhga.exe
msiiligov.exe
transact_store1875.exe
mscqjknm.exe
52d832c893645a86ab7c8e1708b4ae37
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
Behaviour characterization
Zemana
dll-injection

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Copied files
Set keys
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.