× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: a8caf61ef1dac3a91269c76b98db41530afccbaba81c28d6b2981bbcc8c7d55d
File name: malicious-executable-from-main-firewalls.com.exe
Detection ratio: 15 / 48
Analysis date: 2013-09-29 06:27:14 UTC ( 5 years, 7 months ago ) View latest
Antivirus Result Update
Baidu-International Trojan-Ransom.Win32.Gimemo.bkbd 20130928
BitDefender Gen:Variant.Strictor.41209 20130929
Bkav HW32.CDB.4a31 20130927
DrWeb Trojan.Winlock.9017 20130929
Emsisoft Gen:Variant.Strictor.41209 (B) 20130929
F-Secure Gen:Variant.Strictor.41209 20130929
Fortinet W32/Kryptik.FA!tr 20130929
GData Gen:Variant.Strictor.41209 20130929
Kaspersky Trojan-Ransom.Win32.Gimemo.bkbd 20130929
Malwarebytes Trojan.Ransom.ED 20130929
McAfee Artemis!C8EDABF40C6C 20130929
McAfee-GW-Edition Artemis!C8EDABF40C6C 20130928
eScan Gen:Variant.Strictor.41209 20130929
Sophos AV Mal/Generic-S 20130929
TrendMicro-HouseCall TROJ_GEN.F47V0929 20130929
Yandex 20130928
AhnLab-V3 20130928
AntiVir 20130928
Antiy-AVL 20130929
Avast 20130929
AVG 20130928
ByteHero 20130926
CAT-QuickHeal 20130928
ClamAV 20130929
Commtouch 20130929
Comodo 20130929
ESET-NOD32 20130928
F-Prot 20130929
Ikarus 20130929
Jiangmin 20130903
K7AntiVirus 20130927
K7GW 20130927
Kingsoft 20130829
Microsoft 20130929
NANO-Antivirus 20130929
Norman 20130929
nProtect 20130929
Panda 20130928
PCTools 20130925
Rising 20130929
SUPERAntiSpyware 20130928
Symantec 20130929
TheHacker 20130929
TotalDefense 20130927
TrendMicro 20130929
VBA32 20130927
VIPRE 20130929
ViRobot 20130928
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2004-07-08 12:04:04
Entry Point 0x000065E6
Number of sections 6
PE sections
PE imports
SetDIBits
GetCurrentObject
CreateRectRgn
CreateFontIndirectW
OffsetRgn
EnumFontsW
GetCharWidth32W
CreateEllipticRgnIndirect
GetTextAlign
GetFileSize
GetConsoleScreenBufferInfo
FreeEnvironmentStringsA
LocalAlloc
GlobalCompact
IsValidLanguageGroup
GetVolumeInformationW
GetTickCount
GetFileType
GetLogicalDrives
GetCompressedFileSizeA
GetACP
GetPrivateProfileIntW
SetCurrentDirectoryA
UrlUnescapeW
PathMakePrettyW
PathSkipRootW
PathUnquoteSpacesW
PathIsSameRootW
IsCharAlphaNumericA
ChangeDisplaySettingsW
CharToOemBuffW
GetDoubleClickTime
DefFrameProcW
ImpersonateDdeClientWindow
VkKeyScanA
IsClipboardFormatAvailable
PeekMessageA
GetWindowTextLengthW
MapVirtualKeyW
GetWindow
DdeInitializeW
SetWindowPos
GetDC
GetMenuItemID
Number of PE resources by type
RT_ICON 3
RT_GROUP_ICON 1
Number of PE resources by language
BULGARIAN DEFAULT 4
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2004:07:08 13:04:04+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
40960

LinkerVersion
10.0

FileTypeExtension
exe

InitializedDataSize
119296

SubsystemVersion
5.1

EntryPoint
0x65e6

OSVersion
5.1

ImageVersion
0.0

UninitializedDataSize
0

Execution parents
File identification
MD5 c8edabf40c6cf341916c75f4cea153ca
SHA1 062a8ef7430c61d87a1852e1c503b4781d6789b6
SHA256 a8caf61ef1dac3a91269c76b98db41530afccbaba81c28d6b2981bbcc8c7d55d
ssdeep
3072:SSu4dxCIiogelSEbTL7v93OOiBav+bw5bVIu4iJoC/3JQ7a481mJlUOiO9My:FumxCjBelSML9OOitbw5haiy23Qa48wR

authentihash 43575a81d7a062459ed2d833eb816d5df4c7d153aeee6f55ddcf225f46891b80
imphash 9a2e33c725bd718ae3a334bd5ad556f3
File size 157.5 KB ( 161280 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Tags
peexe

VirusTotal metadata
First submission 2013-09-29 00:59:31 UTC ( 5 years, 7 months ago )
Last submission 2017-06-28 08:36:58 UTC ( 1 year, 11 months ago )
File names malicious-executable-from-main-firewalls.com.exe
malicious-executable-from-main-firewalls.com.exe
dlc.xmm
C754.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Code injections in the following processes
Opened mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
DNS requests