× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: ac283863e1cb8ed3ca656249e14de1502a4e02d16f3d26ca515974027eed937f
File name: D8E116D40089B167370B007E7976C500058F6779.sys
Detection ratio: 35 / 56
Analysis date: 2015-03-19 14:10:03 UTC ( 3 years, 10 months ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Zusy.Elzob.20792 20150319
Yandex Rootkit.Winnti!fYLhiEMdE28 20150319
AhnLab-V3 Backdoor/Win32.Etso 20150319
ALYac Gen:Variant.Zusy.Elzob.20792 20150319
Avast Win32:Winnti-C [Rtk] 20150319
AVG BackDoor.Generic15.AKEJ 20150319
Avira (no cloud) RKIT/Winnti.j 20150319
AVware Trojan.Win32.Generic!BT 20150319
BitDefender Gen:Variant.Zusy.Elzob.20792 20150319
CMC Rootkit.Win32.Winnti!O 20150317
Comodo UnclassifiedMalware 20150319
DrWeb Trojan.NtRootKit.13384 20150319
Emsisoft Gen:Variant.Zusy.Elzob.20792 (B) 20150319
ESET-NOD32 a variant of Win32/Rootkitdrv.A 20150319
F-Secure Gen:Variant.Zusy.Elzob.20792 20150319
Fortinet W32/Dx.B2OP!tr 20150319
GData Gen:Variant.Zusy.Elzob.20792 20150319
Ikarus Rootkit.Win32.Winnti 20150319
K7AntiVirus RootKit ( 00330fc91 ) 20150319
K7GW RootKit ( 00330fc91 ) 20150319
Kaspersky Rootkit.Win32.Winnti.j 20150319
McAfee Artemis!6CE2C3889CF2 20150319
McAfee-GW-Edition BehavesLike.Win32.Trojan.lm 20150319
Microsoft Trojan:Win64/Winnti.A 20150319
eScan Gen:Variant.Zusy.Elzob.20792 20150319
NANO-Antivirus Trojan.Win32.NtRootKit.wqhow 20150319
Norman Suspicious_Gen4.AIJQT 20150319
Panda Trj/CI.A 20150318
Qihoo-360 Win32/RootKit.Rootkit.407 20150319
Sophos AV Mal/Generic-S 20150319
Symantec Hacktool.Rootkit 20150319
Tencent Win32.Rootkit.Winnti.Wtnu 20150319
TheHacker Trojan/Winnti.j 20150319
VIPRE Trojan.Win32.Generic!BT 20150319
ViRobot Trojan.Win32.A.RT-Winnti.14080.A[h] 20150319
AegisLab 20150319
Alibaba 20150319
Antiy-AVL 20150319
Baidu-International 20150319
Bkav 20150319
ByteHero 20150319
CAT-QuickHeal 20150319
ClamAV 20150319
Cyren 20150319
F-Prot 20150319
Kingsoft 20150319
Malwarebytes 20150319
nProtect 20150319
Rising 20150319
SUPERAntiSpyware 20150319
TotalDefense 20150319
TrendMicro 20150319
TrendMicro-HouseCall 20150319
VBA32 20150319
Zillya 20150319
Zoner 20150319
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Native subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-03-28 02:34:25
Entry Point 0x0000303E
Number of sections 5
PE sections
PE imports
KfAcquireSpinLock
KfReleaseSpinLock
KfLowerIrql
KeRaiseIrqlToDpcLevel
RtlInitUnicodeString
ZwQuerySystemInformation
memset
_stricmp
MmMapLockedPagesSpecifyCache
IoRaiseHardError
KeInitializeMutex
RtlUpcaseUnicodeChar
IoCreateDevice
IoDeleteDevice
KeTickCount
NtDeviceIoControlFile
strrchr
MmUnmapLockedPages
KeBugCheckEx
MmBuildMdlForNonPagedPool
IofCompleteRequest
NtBuildNumber
ObReferenceObjectByHandle
ObfDereferenceObject
ExFreePoolWithTag
MmGetSystemRoutineAddress
memcpy
NtSetQuotaInformationFile
IoAllocateMdl
KeReleaseMutex
ZwOpenDirectoryObject
ExAllocatePoolWithTag
MmIsAddressValid
IoAttachDeviceByPointer
KeWaitForSingleObject
ZwClose
IoFreeMdl
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Native

MachineType
Intel 386 or later, and compatibles

TimeStamp
2012:03:28 03:34:25+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
9216

LinkerVersion
9.0

EntryPoint
0x303e

InitializedDataSize
3712

SubsystemVersion
5.1

ImageVersion
6.1

OSVersion
6.1

UninitializedDataSize
0

File identification
MD5 6ce2c3889cf2b8d4276ed9a94fa4383e
SHA1 2646f3cf38fda9d15d2746a4008272b0c238ebbb
SHA256 ac283863e1cb8ed3ca656249e14de1502a4e02d16f3d26ca515974027eed937f
ssdeep
192:l5WYJbamRPUCCOPXHaH/3QGjc/4l19EJZI5t20LNmFm:l8YJGmRPUy6vQ7c19EA5t20LNsm

authentihash aa038fb7677475a6be65f79ef0c5456b09f41ec196c4ddb4cf448bc9c3b8ecd2
imphash 5553d4a9d4c5ea6f6534d67c90f1c0b2
File size 13.8 KB ( 14080 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (native) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.3%)
Win32 Executable (generic) (26.2%)
Clipper DOS Executable (11.7%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe native

VirusTotal metadata
First submission 2012-08-28 07:40:47 UTC ( 6 years, 4 months ago )
Last submission 2012-08-28 07:40:47 UTC ( 6 years, 4 months ago )
File names D8E116D40089B167370B007E7976C500058F6779.sys
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!