× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: ab05a5706d1584dfb097487dde8fb75e512892a3508fa6339ea10963992bb901
File name: Samp(34)_11.vir0.rename
Detection ratio: 53 / 67
Analysis date: 2018-10-25 00:42:11 UTC ( 6 months, 3 weeks ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKD.1662939 20181024
AhnLab-V3 Trojan/Win32.Bunitu.R108742 20181024
ALYac Trojan.Bunitu 20181024
Antiy-AVL Trojan[Backdoor]/Win32.Symmi 20181023
Arcabit Trojan.Generic.D195FDB 20181024
Avast Win32:Crypt-REO [Trj] 20181024
AVG Win32:Crypt-REO [Trj] 20181024
Avira (no cloud) HEUR/AGEN.1006639 20181024
BitDefender Trojan.GenericKD.1662939 20181025
CAT-QuickHeal TrojanDropper.Bunitu.S4 20181024
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20181022
Cybereason malicious.699cd0 20180225
Cylance Unsafe 20181025
Cyren W32/Backdoor.FWDK-7909 20181025
DrWeb Trojan.DownLoader27.12302 20181024
Emsisoft Trojan.GenericKD.1662939 (B) 20181024
Endgame malicious (high confidence) 20180730
ESET-NOD32 a variant of Win32/TrojanProxy.Agent.NWV 20181025
F-Prot W32/Backdoor2.HUTC 20181024
F-Secure Trojan.GenericKD.1662939 20181024
Fortinet W32/Symmi.QOI!tr.bdr 20181025
GData Trojan.GenericKD.1662939 20181024
Ikarus Trojan-Dropper.Win32.Bunitu 20181024
Sophos ML heuristic 20180717
Jiangmin Backdoor/Symmi.fo 20181024
K7AntiVirus Proxy-Program ( 004e906e1 ) 20181024
K7GW Proxy-Program ( 004e906e1 ) 20181024
Kaspersky HEUR:Trojan.Win32.Generic 20181024
Malwarebytes Backdoor.Bot.ED 20181025
MAX malware (ai score=100) 20181025
McAfee Generic.dx!2387377699CD 20181025
McAfee-GW-Edition BehavesLike.Win32.Upatre.lz 20181024
Microsoft TrojanDropper:Win32/Bunitu.G 20181024
eScan Trojan.GenericKD.1662939 20181025
NANO-Antivirus Trojan.Win32.Symmi.dbravz 20181025
Palo Alto Networks (Known Signatures) generic.ml 20181025
Panda Trj/Genetic.gen 20181024
Qihoo-360 Win32/Backdoor.165 20181025
Rising Dropper.Bunitu!8.A59 (CLOUD) 20181025
SentinelOne (Static ML) static engine - malicious 20181011
Sophos AV Mal/Generic-S 20181024
SUPERAntiSpyware Questionable.Resource 20181022
Symantec Trojan.Gen.MBT 20181025
Tencent Win32.Backdoor.Symmi.Hqbv 20181025
TrendMicro TROJ_SPNR.14HL14 20181024
TrendMicro-HouseCall TROJ_SPNR.14HL14 20181024
VBA32 Backdoor.Symmi 20181024
VIPRE Trojan.Win32.Generic!BT 20181024
ViRobot Backdoor.Win32.S.Symmi.74240 20181024
Webroot W32.Malware.Gen 20181025
Yandex Backdoor.Symmi!/RXSeSaWA2w 20181024
Zillya Backdoor.Symmi.Win32.247 20181024
ZoneAlarm by Check Point HEUR:Trojan.Win32.Generic 20181024
AegisLab 20181024
Alibaba 20180921
Avast-Mobile 20181024
Babable 20180918
Baidu 20181024
Bkav 20181024
ClamAV 20181024
CMC 20181024
eGambit 20181025
Kingsoft 20181025
Symantec Mobile Insight 20181001
TACHYON 20181025
TheHacker 20181024
TotalDefense 20181024
Zoner 20181024
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-04-30 17:07:27
Entry Point 0x00001000
Number of sections 4
PE sections
PE imports
GetTokenInformation
OpenProcessToken
SelectObject
DragQueryFileA
SetFocus
UpdateWindow
DefWindowProcA
ShowWindow
DispatchMessageA
SetMenu
PostMessageA
AppendMenuW
DialogBoxParamA
SetActiveWindow
RegisterClassExA
SetWindowTextA
SendMessageW
IsWindowVisible
SendMessageA
SetForegroundWindow
GetClientRect
CreateMenu
wsprintfA
CreateWindowExA
GetKeyboardState
TranslateAcceleratorA
LoadImageA
GetWindowTextLengthW
GetMenuStringA
GetWindowTextA
GetSaveFileNameA
GetLastError
GetStdHandle
FileTimeToDosDateTime
LoadLibraryW
GlobalFree
ExitProcess
GetModuleFileNameA
LoadLibraryA
OpenFile
lstrcatA
FindClose
GetCommandLineW
GetWindowsDirectoryA
CreateThread
ReadFile
WriteFile
FindFirstFileA
GetTimeFormatA
ExitThread
PrepareTape
GlobalAlloc
FindAtomA
Sleep
GetVersion
CloseHandle
RtlInitializeCriticalSection
NtOpenJobObject
NtTerminateJobObject
RtlAssert
Number of PE resources by type
RT_DIALOG 2
RT_BITMAP 1
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 4
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

SubsystemVersion
4.0

MachineType
Intel 386 or later, and compatibles

TimeStamp
2014:04:30 18:07:27+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
20992

LinkerVersion
5.12

FileTypeExtension
exe

InitializedDataSize
79872

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

EntryPoint
0x1000

OSVersion
4.0

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 2387377699cd0bbe891a1377e4302a28
SHA1 cdc41d2a5157e37fdb3e25aa46cc2455fd230a7f
SHA256 ab05a5706d1584dfb097487dde8fb75e512892a3508fa6339ea10963992bb901
ssdeep
768:SDYI56IhdK/tNCTslmVlOIN/9VeMEN1obIM0q:Sp56mk/tlmVlMM

authentihash 2250262c736c7c9cc16c1c44fa071e3aa04307d3c9b21d2116adc39a7367c74f
imphash 483d2be1612f12985be84532f9855e23
File size 72.5 KB ( 74240 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ 4.x (59.6%)
Win32 Executable MS Visual C++ (generic) (13.8%)
Win64 Executable (generic) (12.2%)
Windows screen saver (5.8%)
Win32 Dynamic Link Library (generic) (2.9%)
Tags
peexe

VirusTotal metadata
First submission 2014-04-30 20:13:50 UTC ( 5 years ago )
Last submission 2018-10-25 00:42:11 UTC ( 6 months, 3 weeks ago )
File names ~+jf60524.tmp
YOzf.dll
QgE5Gd.tar.bz2
Samp(34)_11.vir.rename
Samp(34)_11.vir0.rename
2014-05-01-Angler-EK-malware-payload.dll
file-7121241_
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
Behaviour characterization
Zemana
dll-injection

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Written files
Created mutexes
Opened mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
DNS requests
TCP connections
UDP communications