× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: a8700c7f65b443f4a6e4f5c2276f2ef21eb015f2650ddb2cb79fd1b5f8d556a3
File name: fddb6c6b9e959240f931ea30a9ea386c
Detection ratio: 33 / 51
Analysis date: 2014-03-22 10:20:46 UTC ( 4 years, 2 months ago )
Antivirus Result Update
Ad-Aware Gen:Heur.IPZ.4 20140322
AhnLab-V3 Trojan/Win32.LoadMoney 20140321
AntiVir TR/Crypt.XPACK.Gen2 20140322
Avast Win32:PUP-gen [PUP] 20140322
AVG Win32/Cryptor 20140322
BitDefender Gen:Heur.IPZ.4 20140322
Commtouch W32/LoadMoney.L.gen!Eldorado 20140322
Comodo TrojWare.Win32.Kryptik.BEUX 20140322
DrWeb Trojan.LoadMoney.225 20140322
Emsisoft Gen:Heur.IPZ.4 (B) 20140322
ESET-NOD32 a variant of Win32/LoadMoney.BJ 20140322
F-Prot W32/LoadMoney.L.gen!Eldorado 20140322
F-Secure Gen:Heur.IPZ.4 20140322
Fortinet Riskware/LMN 20140322
GData Gen:Heur.IPZ.4 20140322
Ikarus not-a-virus:Downloader.Win32.LMN 20140322
K7AntiVirus Adware ( 0040f69e1 ) 20140321
K7GW Adware ( 0040f69e1 ) 20140321
Kaspersky not-a-virus:HEUR:Downloader.Win32.LMN.gen 20140322
Kingsoft Win32.Troj.Generic.a.(kcloud) 20140322
Malwarebytes PUP.Optional.LoadMoney 20140322
McAfee Downloader-FWY!FDDB6C6B9E95 20140322
McAfee-GW-Edition Heuristic.BehavesLike.Win32.Suspicious.H 20140322
eScan Gen:Heur.IPZ.4 20140322
NANO-Antivirus Trojan.Win32.LMN.cssqrm 20140322
Norman LoadMoney.LLC 20140322
Panda Trj/Genetic.gen 20140321
Qihoo-360 Malware.QVM20.Gen 20140322
Rising PE:Malware.Delphi!6.CE4 20140321
Sophos AV Troj/LdMon-D 20140322
Symantec Downloader 20140322
VBA32 Malware-Cryptor.Limpopo 20140321
VIPRE Trojan.Win32.Generic.pak!cobra 20140322
AegisLab 20140322
Yandex 20140321
Antiy-AVL 20140320
Baidu-International 20140322
Bkav 20140322
ByteHero 20140322
CAT-QuickHeal 20140320
ClamAV 20140322
CMC 20140319
Jiangmin 20140322
Microsoft 20140322
nProtect 20140321
SUPERAntiSpyware 20140322
TheHacker 20140321
TotalDefense 20140321
TrendMicro 20140322
TrendMicro-HouseCall 20140322
ViRobot 20140322
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright 2013

Publisher AND LLC
Product Downloader
Original name Downloader.exe
Internal name Downloader
File version 1, 0, 0, 0
Description Downloader
Signature verification A certificate was explicitly revoked by its issuer.
Signers
[+] AND LLC
Status A certificate was explicitly revoked by its issuer.
Issuer None
Valid from 1:00 AM 10/10/2013
Valid to 12:59 AM 10/11/2014
Valid usage Code Signing
Algorithm SHA1
Thumbprint 047C61D41D2E99093515858D206B39881B36493A
Serial number 77 01 9A 08 23 85 E4 B7 3F 56 95 69 C9 F8 7B B8
[+] COMODO Code Signing CA 2
Status Valid
Issuer None
Valid from 1:00 AM 8/24/2011
Valid to 11:48 AM 5/30/2020
Valid usage Code Signing
Algorithm SHA1
Thumbprint B64771392538D1EB7A9281998791C14AFD0C5035
Serial number 10 70 9D 4F F5 54 08 D7 30 60 01 D8 EA 91 75 BB
[+] UTN-USERFirst-Object
Status Valid
Issuer None
Valid from 9:09 AM 6/7/2005
Valid to 11:48 AM 5/30/2020
Valid usage All
Algorithm SHA1
Thumbprint 8AD5C9987E6F190BD6F5416E2DE44CCD641D8CDA
Serial number 42 1A F2 94 09 84 19 1F 52 0A 4B C6 24 26 A7 4B
[+] USERTrust
Status Valid
Issuer None
Valid from 11:48 AM 5/30/2000
Valid to 11:48 AM 5/30/2020
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing, EFS, IPSEC Tunnel, IPSEC User
Algorithm SHA1
Thumbprint 02FAF3E291435468607857694DF5E45B68851868
Serial number 01
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1992-06-19 22:22:17
Entry Point 0x00018884
Number of sections 6
PE sections
PE imports
GetShortPathNameW
InterlockedCompareExchange
RemoveDirectoryW
lstrlen
SetErrorMode
GetVolumePathNamesForVolumeNameA
SetHandleInformation
SetInformationJobObject
DeleteFormA
WTSShutdownSystem
WTSOpenServerW
WTSVirtualChannelRead
FoldStringA
SetThreadLocale
LoadLibraryA
CreateWaitableTimerW
GetFileSize
CopyFileExA
SetTapePosition
SetInformationJobObject
CreateNamedPipeW
CreateSemaphoreW
lstrcpynW
DebugBreak
ClearCommError
GetVersion
WaitForMultipleObjects
EnumCalendarInfoExA
lstrcpyn
WritePrivateProfileStringW
GetAltTabInfoA
DrawFrameControl
GetWindowTextW
DEVICEMODE
GetFormA
ConfigurePortW
PrinterProperties
SetPrinterDataExA
GetDefaultPrinterA
WTSRegisterSessionNotification
WTSOpenServerW
WTSEnumerateSessionsW
WTSEnumerateServersA
Number of PE resources by type
RT_ICON 3
RT_MANIFEST 1
RT_VERSION 1
RT_RCDATA 1
RT_GROUP_ICON 1
Number of PE resources by language
RUSSIAN 7
PE resources
ExifTool file metadata
SubsystemVersion
4.0

InitializedDataSize
23552

ImageVersion
0.0

ProductName
Downloader

FileVersionNumber
1.0.0.0

UninitializedDataSize
0

LanguageCode
Russian

FileFlagsMask
0x003f

CharacterSet
Windows, Cyrillic

LinkerVersion
2.25

OriginalFilename
Downloader.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
1, 0, 0, 0

TimeStamp
1992:06:19 23:22:17+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Downloader

FileAccessDate
2014:03:22 11:14:46+01:00

ProductVersion
1, 0, 0, 0

FileDescription
Downloader

OSVersion
4.0

FileCreateDate
2014:03:22 11:14:46+01:00

FileOS
Win32

LegalCopyright
Copyright 2013

MachineType
Intel 386 or later, and compatibles

CodeSize
97280

FileSubtype
0

ProductVersionNumber
1.0.0.0

EntryPoint
0x18884

ObjectFileType
Executable application

File identification
MD5 fddb6c6b9e959240f931ea30a9ea386c
SHA1 cf91e82cb1b8f51f2a2a05beb297c399139ef8e5
SHA256 a8700c7f65b443f4a6e4f5c2276f2ef21eb015f2650ddb2cb79fd1b5f8d556a3
ssdeep
3072:01Sr6PkEyttARSxRvKTWjn7Nu4Chr0JhOUvwrhUN9P+/v:2SWPkEyblfKTWj84YIDy

imphash 9e498b1d9fb9d9c012c3c6e8bb6d27c0
File size 138.9 KB ( 142224 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.3%)
Win32 Executable (generic) (26.2%)
Win16/32 Executable Delphi generic (12.0%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe signed

VirusTotal metadata
First submission 2014-03-22 10:20:46 UTC ( 4 years, 2 months ago )
Last submission 2014-03-22 10:20:46 UTC ( 4 years, 2 months ago )
File names fddb6c6b9e959240f931ea30a9ea386c
Downloader.exe
Downloader
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Copied files
Created processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
HTTP requests
DNS requests
TCP connections