× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: a88e7179e16d5bb5f77c16f7e1fd1c8a8ea4cd6533511db8b6c87f528842a122
File name: 39ad6a2127ad3504cfa87c1e8599437ee4cc5921
Detection ratio: 38 / 57
Analysis date: 2015-05-22 12:10:47 UTC ( 3 years, 10 months ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Kazy.365095 20150522
Yandex Trojan.Kryptik!pY4+sxjGsic 20150521
AhnLab-V3 Backdoor/Win32.Caphaw 20150522
ALYac Gen:Variant.Kazy.365095 20150522
Antiy-AVL Trojan/Win32.SGeneric 20150522
Avast Win32:Malware-gen 20150522
AVG Generic_s.DEM 20150522
Avira (no cloud) TR/Crypt.EPACK.4068 20150522
AVware Backdoor.Win32.Caphaw 20150522
BitDefender Gen:Variant.Kazy.365095 20150522
CAT-QuickHeal Backdoor.Caphaw.A8 20150522
Cyren W32/S-7a533dab!Eldorado 20150522
DrWeb BackDoor.Caphaw.77 20150522
Emsisoft Gen:Variant.Kazy.365095 (B) 20150522
ESET-NOD32 a variant of Win32/Kryptik.BZKT 20150522
F-Prot W32/S-7a533dab!Eldorado 20150522
F-Secure Gen:Variant.Kazy.365095 20150522
Fortinet W32/Kryptik.BTJP!tr 20150522
GData Gen:Variant.Kazy.365095 20150522
Ikarus Trojan.SuspectCRC 20150522
K7AntiVirus Trojan ( 0049881f1 ) 20150522
K7GW Trojan ( 0049881f1 ) 20150522
Kaspersky HEUR:Trojan.Win32.Generic 20150522
Malwarebytes Trojan.Agent.ED 20150522
McAfee BackDoor-FBYT!A5B14803D729 20150522
McAfee-GW-Edition BackDoor-FBYT!A5B14803D729 20150522
Microsoft Backdoor:Win32/Caphaw.A 20150522
eScan Gen:Variant.Kazy.365095 20150522
NANO-Antivirus Trojan.Win32.Caphaw.cxfnrq 20150522
Norman Kryptik.CDOH 20150522
Panda Trj/Dtcontx.L 20150522
Rising PE:Malware.Obscure!1.9C59 20150522
Sophos AV Mal/Generic-S 20150522
Symantec Backdoor.Trojan 20150522
Tencent Trojan.Win32.Qudamah.Gen.6 20150522
VBA32 BScope.Backdoor.Caphaw 20150522
VIPRE Backdoor.Win32.Caphaw 20150522
Zillya Trojan.Yakes.Win32.20627 20150521
AegisLab 20150522
Alibaba 20150522
Baidu-International 20150522
Bkav 20150522
ByteHero 20150522
ClamAV 20150522
CMC 20150520
Comodo 20150522
Jiangmin 20150519
Kingsoft 20150522
nProtect 20150522
Qihoo-360 20150522
SUPERAntiSpyware 20150522
TheHacker 20150521
TotalDefense 20150522
TrendMicro 20150522
TrendMicro-HouseCall 20150522
ViRobot 20150522
Zoner 20150521
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-04-09 13:12:49
Entry Point 0x00002000
Number of sections 5
PE sections
PE imports
CryptAcquireContextW
RegGetKeySecurity
PrivilegedServiceAuditAlarmA
CryptImportKey
SetDCPenColor
SelectObject
CreateICW
GetLastError
WaitForSingleObject
IsDebuggerPresent
GetTickCount
LoadLibraryA
LockFile
RtlUnwind
GetCurrentProcess
UnhandledExceptionFilter
VirtualLock
DeleteFileW
GetProcAddress
SetUnhandledExceptionFilter
DeleteAtom
CloseHandle
WaitForMultipleObjects
GetModuleHandleW
TerminateProcess
CreateEventW
VirtualFree
FindClose
Sleep
CreateMutexW
VirtualAlloc
ICSendMessage
ShowWindow
GetDC
ReleaseDC
auxGetVolume
closesocket
WSAGetLastError
select
CoCreateInstance
CoUninitialize
Number of PE resources by type
RT_BITMAP 5
RT_STRING 1
RT_VERSION 1
Number of PE resources by language
RUSSIAN 7
PE resources
ExifTool file metadata
SubsystemVersion
4.0

InitializedDataSize
606208

ImageVersion
0.0

ProductName
merunsenex

FileVersionNumber
1.0.0.1

UninitializedDataSize
0

LanguageCode
Russian

FileFlagsMask
0x0017

CharacterSet
Unicode

LinkerVersion
8.0

FileTypeExtension
exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

TimeStamp
2014:04:09 14:12:49+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
69, 51,332, 120

FileDescription
mKLOlDps App

OSVersion
4.0

FileOS
Win32

LegalCopyright
LOPlemes 15

MachineType
Intel 386 or later, and compatibles

CodeSize
8192

FileSubtype
0

ProductVersionNumber
1.0.0.1

EntryPoint
0x2000

ObjectFileType
Executable application

File identification
MD5 a5b14803d729b44a3601d772638c6548
SHA1 39ad6a2127ad3504cfa87c1e8599437ee4cc5921
SHA256 a88e7179e16d5bb5f77c16f7e1fd1c8a8ea4cd6533511db8b6c87f528842a122
ssdeep
3072:MzdLx+s3f/qJRtPXQU3GNRIM2XC1rnVvNg7XRMoNS4B5J1:Mx8g/Ij/QU3GNRZVOhMoYqH1

authentihash e2a8130494643106c0604ff7f3404a8d72370fb242dce0d8644a47d83387cdb9
imphash 0ac92e85742ba15ddef90cc1219a6b25
File size 604.0 KB ( 618496 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe

VirusTotal metadata
First submission 2015-05-22 12:10:47 UTC ( 3 years, 10 months ago )
Last submission 2015-05-22 12:10:47 UTC ( 3 years, 10 months ago )
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
HTTP requests
DNS requests
TCP connections
UDP communications