× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: ac70dd5fb22ffdb267194f6d7bc43dd8d57769d21f1374a25a49b6610daff61e
File name: {04db920b-6fa4-db47-4ffb-55416ab0330d}.exe
Detection ratio: 18 / 55
Analysis date: 2014-09-17 21:11:07 UTC ( 3 years, 1 month ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Kazy.456936 20140917
Antiy-AVL Trojan[Downloader]/Win32.Hyteod 20140917
Avast Win32:Malware-gen 20140917
AVG Crypt_s.HLF 20140917
Avira (no cloud) TR/Crypt.ZPACK.68339 20140917
BitDefender Gen:Variant.Kazy.456936 20140917
Bkav HW32.Paked.5015 20140916
Emsisoft Gen:Variant.Kazy.456936 (B) 20140917
ESET-NOD32 Win32/Kovter.A 20140917
F-Secure Gen:Variant.Kazy.456936 20140917
GData Gen:Variant.Kazy.456936 20140917
Kaspersky Trojan-Downloader.Win32.Hyteod.qeq 20140917
Microsoft Trojan:Win32/Kovter.C 20140917
eScan Gen:Variant.Kazy.456936 20140917
Panda Trj/Chgt.G 20140917
Rising PE:Malware.XPACK-HIE/Heur!1.9C48 20140917
Sophos AV Mal/Generic-S 20140917
Symantec W32.Imaut.CN 20140917
AegisLab 20140917
Yandex 20140917
AhnLab-V3 20140917
AVware 20140917
Baidu-International 20140917
ByteHero 20140917
CAT-QuickHeal 20140917
ClamAV 20140917
CMC 20140917
Comodo 20140917
Cyren 20140917
DrWeb 20140917
F-Prot 20140917
Fortinet 20140917
Ikarus 20140917
Jiangmin 20140917
K7AntiVirus 20140917
K7GW 20140917
Kingsoft 20140917
Malwarebytes 20140917
McAfee 20140917
McAfee-GW-Edition 20140917
NANO-Antivirus 20140917
Norman 20140917
nProtect 20140917
Qihoo-360 20140917
SUPERAntiSpyware 20140917
Tencent 20140917
TheHacker 20140917
TotalDefense 20140917
TrendMicro 20140917
TrendMicro-HouseCall 20140917
VBA32 20140917
VIPRE 20140917
ViRobot 20140917
Zillya 20140917
Zoner 20140916
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-09-04 02:05:47
Entry Point 0x0001076E
Number of sections 4
PE sections
Overlays
MD5 22a05a50928eba3d7aaef1549ba7f251
File type data
Offset 184832
Size 44
Entropy 5.32
PE imports
MsiUseFeatureW
MsiViewGetColumnInfo
GetPrivateProfileSectionNamesA
ReplaceFileA
GetStdHandle
GetConsoleAliasA
SetVDMCurrentDirectories
VerifyVersionInfoA
SetSystemTime
FileTimeToSystemTime
QueryInformationJobObject
GetFileAttributesA
SetupComm
SetEvent
ClearCommBreak
PurgeComm
lstrlen
EnumUILanguagesA
ProcessIdToSessionId
GetBinaryType
GetDateFormatA
GetMailslotInfo
GetTimeFormatA
SystemTimeToTzSpecificLocalTime
GetProcessId
FreeEnvironmentStringsA
CreatePipe
GetCurrentProcess
FileTimeToDosDateTime
SetConsoleCursor
GetConsoleMode
LocalAlloc
lstrcatA
GetConsoleCursorInfo
SetFilePointer
IsValidLanguageGroup
lstrcat
OpenFileMappingA
SetErrorMode
GetLogicalDrives
GetFileInformationByHandle
SetProcessPriorityBoost
GetThreadContext
LZSeek
ReadFileScatter
FindResourceExA
GetFullPathNameA
GetFileTime
GetConsoleWindow
GetTempPathA
GetProfileSectionA
GetShortPathNameA
GetStringTypeA
WriteConsoleOutputA
IsSystemResumeAutomatic
WritePrivateProfileStructA
FindResourceExW
_lopen
GetSystemTimeAsFileTime
SetConsoleCursorInfo
GetThreadTimes
GetConsoleHardwareState
SetComputerNameA
ConnectNamedPipe
SetFileAttributesA
GetExitCodeProcess
QueryDosDeviceA
MoveFileA
TransmitCommChar
GetThreadPriority
GetLogicalDriveStringsA
GetEnvironmentVariableA
LoadResource
GlobalCompact
GetStringTypeExW
SetComputerNameExW
HeapDestroy
DeleteTimerQueue
QueueUserWorkItem
GetCurrentThread
BeginUpdateResourceA
SetLastError
GetVolumePathNameA
MapViewOfFileEx
GetSystemTime
OpenThread
ReadConsoleInputA
BuildCommDCBAndTimeoutsA
SystemTimeToFileTime
GetNamedPipeInfo
GetConsoleSelectionInfo
FindNextVolumeA
GlobalAddAtomA
EnumResourceLanguagesA
CreateSemaphoreA
SetLocaleInfoA
GlobalFindAtomA
DeleteTimerQueueEx
GetPrivateProfileStructA
RemoveDirectoryA
SetConsoleOutputCP
SetConsoleScreenBufferSize
UpdateResourceA
HeapSetInformation
SetProcessWorkingSetSize
GetPriorityClass
OpenWaitableTimerA
GetPrivateProfileStringA
SetThreadPriority
Heap32First
WriteProfileStringA
SetInformationJobObject
Module32First
LoadLibraryExW
MultiByteToWideChar
TerminateJobObject
SetFilePointerEx
DeleteTimerQueueTimer
GetCalendarInfoA
FlushInstructionCache
GetProfileIntA
LZRead
GetVolumeNameForVolumeMountPointA
_lclose
SetCalendarInfoA
SetConsoleLocalEUDC
DisconnectNamedPipe
EnumSystemLanguageGroupsA
Module32Next
CreateDirectoryExA
GetProcessPriorityBoost
WaitForSingleObjectEx
SetSystemPowerState
IsProcessorFeaturePresent
TermsrvAppInstallMode
GetSystemTimes
GetSystemDirectoryA
SetHandleInformation
SetEnvironmentVariableA
SetPriorityClass
SetThreadContext
WaitForMultipleObjectsEx
GetDiskFreeSpaceExA
EnumSystemLocalesA
SetProcessShutdownParameters
GetNumberFormatA
GlobalAlloc
GetCurrentConsoleFont
SearchPathA
ChangeTimerQueueTimer
SetEndOfFile
SetWaitableTimer
GetProcAddress
SleepEx
GetModuleHandleA
ReadConsoleOutputA
SetThreadAffinityMask
SetLastConsoleEventActive
SetHandleCount
WriteConsoleInputA
GetUserGeoID
LZOpenFileA
GetPrivateProfileIntA
lstrcmp
QueryPerformanceCounter
SetConsoleTextAttribute
GetCommMask
UnlockFileEx
GetVersionExA
WriteConsoleOutputAttribute
EndUpdateResourceA
GetDevicePowerState
ExitThread
GlobalSize
SetFileApisToANSI
GetProcessIoCounters
Heap32ListFirst
ExitVDM
GetFileSize
WriteProcessMemory
Process32First
GetNamedPipeHandleStateA
DeleteFileA
GetWindowsDirectoryA
SetCommMask
GetSystemRegistryQuota
SetThreadPriorityBoost
GetUserDefaultLCID
GetConsoleScreenBufferInfo
GetConsoleAliasesA
VirtualProtectEx
GetProcessHeap
CreateFileMappingW
lstrlenA
GetVolumePathNamesForVolumeNameA
ExpungeConsoleCommandHistoryA
GlobalReAlloc
VirtualLock
FindFirstFileExA
FormatMessageA
GetDllDirectoryA
GetThreadSelectorEntry
GetProfileStringA
GetEnvironmentStringsA
ReadConsoleA
CreateFileMappingA
Thread32Next
FindFirstVolumeMountPointW
LZCloseFile
ExpandEnvironmentStringsA
GetBinaryTypeA
EscapeCommFunction
GetProcessAffinityMask
DuplicateConsoleHandle
LocalSize
EnumTimeFormatsA
GetCurrencyFormatA
SetFileApisToOEM
SetConsoleInputExeNameA
CreateEventA
IsDebuggerPresent
GetFileType
GetPrivateProfileSectionA
GetDriveTypeA
GetProcessTimes
ReadConsoleOutputAttribute
OpenJobObjectA
GetSystemWindowsDirectoryA
GetConsoleAliasesLengthA
WriteConsoleA
SetConsoleNumberOfCommandsA
GetSystemInfo
SetCommState
GetCommModemStatus
GetConsoleCP
SetConsolePalette
LCMapStringA
LocalFileTimeToFileTime
DefineDosDeviceA
GetThreadLocale
GlobalUnlock
QueryPerformanceFrequency
GetCommState
GetModuleFileNameA
WinExec
GetVolumeInformationA
GetComputerNameA
GetCommTimeouts
FileTimeToLocalFileTime
SizeofResource
LZStart
HeapSize
GetCurrentProcessId
GetFileSizeEx
CopyFileExA
SetTapePosition
GetProcessHeaps
HeapQueryInformation
GetCurrentDirectoryA
GetProcessWorkingSetSize
GetCPInfoExA
GetConsoleInputExeNameA
GetConsoleCharType
GetComPlusPackageInstallStatus
RaiseException
GetConsoleTitleA
GetCommandLineA
GetDefaultCommConfigA
OpenMutexA
RegisterWaitForSingleObjectEx
IsBadStringPtrA
CompareStringA
ReleaseSemaphore
FlushConsoleInputBuffer
MapViewOfFile
GetFileAttributesExA
GetConsoleCursorMode
SetConsoleFont
ReadFile
SetConsoleCursorMode
GlobalFlags
PulseEvent
ClearCommError
CloseHandle
EnumSystemCodePagesA
UnlockFile
PeekConsoleInputA
ReadConsoleOutputCharacterA
GetVersion
ShowConsoleCursor
GetDiskFreeSpaceA
OpenEventA
IsBadHugeWritePtr
GetConsoleAliasExesLengthA
WriteConsoleOutputCharacterW
GetLocalTime
IsValidCodePage
HeapCreate
OpenSemaphoreA
SetFileTime
WriteConsoleOutputCharacterA
GetConsoleAliasExesLengthW
FlushViewOfFile
IsBadReadPtr
ReleaseMutex
ReadFileEx
GetProcessVersion
LocalShrink
SetMailslotInfo
GlobalHandle
VirtualAlloc
ResetEvent
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2014:09:04 03:05:47+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
64000

LinkerVersion
29.11

EntryPoint
0x1076e

InitializedDataSize
119808

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 8f43247ec11fe237471020bf65bd00aa
SHA1 2c349f27bbf9ab0821dc9a4c91a484ff1a7ec58c
SHA256 ac70dd5fb22ffdb267194f6d7bc43dd8d57769d21f1374a25a49b6610daff61e
ssdeep
3072:+NnuL5IKlFxQPzOf24Qe8R7CxCWkCCpCia0tFORHnxESuxxeLuEkaHtMhwAjb:3Tak24Qj7CAWigxESWfra2hzb

authentihash 0bb289de230e679d97d95c9059f3545698a7a9ce81c9b3217a8289116936aa28
imphash 69d65c9f371fdadedfc995b0e4792deb
File size 180.5 KB ( 184876 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.3%)
Win32 Executable (generic) (26.2%)
Win16/32 Executable Delphi generic (12.0%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe overlay

VirusTotal metadata
First submission 2014-09-17 21:11:07 UTC ( 3 years, 1 month ago )
Last submission 2014-09-17 21:11:07 UTC ( 3 years, 1 month ago )
File names {04db920b-6fa4-db47-4ffb-55416ab0330d}.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Created processes
Opened mutexes
Runtime DLLs
UDP communications