× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: ac9b4f714781b3878ce094f50b085568420bf9f2b3f6ebc74bcc813742d0b5e6
File name: file-7076563_bin
Detection ratio: 9 / 51
Analysis date: 2014-06-05 23:04:17 UTC ( 4 years, 9 months ago ) View latest
Antivirus Result Update
Bkav HW32.Laneul.vcae 20140604
ByteHero Trojan.Malware.Obscu.Gen.004 20140606
ESET-NOD32 a variant of Win32/Kryptik.CDRB 20140605
Ikarus Trojan-Spy.Zbot 20140605
Kaspersky Trojan-Spy.Win32.Zbot.tecw 20140605
Malwarebytes Spyware.Zbot.VXGen 20140605
Rising PE:Malware.XPACK-LNR/Heur!1.5594 20140605
Sophos AV Mal/Generic-S 20140605
TrendMicro-HouseCall TROJ_GEN.F47V0605 20140605
Ad-Aware 20140605
AegisLab 20140605
Yandex 20140605
AhnLab-V3 20140605
AntiVir 20140605
Antiy-AVL 20140605
Avast 20140605
AVG 20140605
Baidu-International 20140605
BitDefender 20140605
CAT-QuickHeal 20140605
ClamAV 20140605
CMC 20140605
Commtouch 20140605
Comodo 20140605
DrWeb 20140605
Emsisoft 20140605
F-Prot 20140605
F-Secure 20140605
Fortinet 20140605
GData 20140605
K7AntiVirus 20140605
K7GW 20140605
Kingsoft 20140606
McAfee 20140605
McAfee-GW-Edition 20140605
Microsoft 20140605
eScan 20140605
NANO-Antivirus 20140605
Norman 20140605
nProtect 20140605
Panda 20140605
Qihoo-360 20140606
SUPERAntiSpyware 20140605
Symantec 20140605
Tencent 20140606
TheHacker 20140602
TotalDefense 20140605
TrendMicro 20140605
VBA32 20140605
VIPRE 20140605
ViRobot 20140605
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright 1987 - 2005

Publisher iMesh, Inc
Product U936273s5u5
Original name R6Y7kFGX.exe
Internal name R6Y7kFGX.exe
File version 8.8.5.6
Description R8D2S0493413
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-06-05 09:13:57
Entry Point 0x000058D0
Number of sections 4
PE sections
PE imports
RegUnLoadKeyA
RegCloseKey
RegSetValueExW
RegQueryValueExA
RegCreateKeyW
RegUnLoadKeyW
RegOpenKeyExA
IsTextUnicode
RegQueryValueExW
ChooseFontW
GetSaveFileNameW
CommDlgExtendedError
GetOpenFileNameW
GetFileTitleW
GetTextMetricsW
SetMapMode
TextOutW
CreateFontIndirectW
EnumFontsW
LPtoDP
GetDeviceCaps
SetAbortProc
DeleteDC
SetBkMode
EndDoc
StartPage
DeleteObject
GetObjectW
CreateDCW
GetTextFaceW
GetTextExtentPoint32W
GetStockObject
StartDocW
EndPage
SelectObject
AbortDoc
SetWindowExtEx
SetViewportExtEx
GetUserDefaultUILanguage
GetLastError
LocalReAlloc
CreateFileMappingW
LoadLibraryA
GlobalFree
QueryPerformanceCounter
GetTimeFormatW
GetTickCount
GlobalUnlock
lstrcmpiW
lstrlenW
GetLocalTime
LocalLock
IsProcessorFeaturePresent
GetStartupInfoA
GetCurrentProcessId
GetDateFormatW
GetCommandLineW
IsDebuggerPresent
UnhandledExceptionFilter
MultiByteToWideChar
GetFileInformationByHandle
DeleteFileW
GetUserDefaultLCID
GetLocaleInfoW
lstrcpynW
CompareStringW
lstrcpyW
WideCharToMultiByte
MapViewOfFile
GetModuleHandleA
ReadFile
SetUnhandledExceptionFilter
WriteFile
GetCurrentProcess
CloseHandle
GetSystemTimeAsFileTime
FindClose
FindFirstFileW
GetACP
GlobalLock
IsBadStringPtrW
LocalFree
FormatMessageW
TerminateProcess
LocalSize
UnmapViewOfFile
CreateFileW
GetFileAttributesW
lstrcatW
SetEndOfFile
GetCurrentThreadId
LocalUnlock
GetProcAddress
lstrcmpW
LocalAlloc
SetLastError
MulDiv
DragAcceptFiles
DragQueryFileW
DragFinish
SetFocus
RegisterWindowMessageW
GetForegroundWindow
GetParent
UpdateWindow
DrawTextExW
EndDialog
PostQuitMessage
DefWindowProcW
CharUpperW
GetMessageW
ShowWindow
MessageBeep
GetDesktopWindow
GetSystemMetrics
IsIconic
MessageBoxW
PeekMessageW
RegisterClassExW
SetWindowPlacement
GetDC
MoveWindow
DialogBoxParamW
SendDlgItemMessageW
LoadIconW
CharLowerW
TranslateMessage
ChildWindowFromPoint
PostMessageW
SetDlgItemTextW
DispatchMessageW
CreateDialogParamW
ReleaseDC
SetScrollPos
GetDlgCtrlID
CheckMenuItem
SendMessageW
DestroyWindow
GetWindowLongW
WinHelpW
GetWindowPlacement
LoadStringW
GetClientRect
GetCursorPos
GetDlgItem
SetCursor
EnableMenuItem
ScreenToClient
SetWindowLongW
InvalidateRect
GetSubMenu
IsClipboardFormatAvailable
OpenClipboard
LoadImageW
IsDialogMessageW
EnableWindow
SetWindowTextW
GetWindowTextW
SetActiveWindow
GetMenuState
GetKeyboardLayout
LoadCursorW
GetSystemMenu
GetFocus
CreateWindowExW
LoadAcceleratorsW
wsprintfW
CloseClipboard
GetDlgItemTextW
CharNextW
GetMenu
TranslateAcceleratorW
GetPrinterDriverW
ClosePrinter
OpenPrinterW
MapAndLoad
Number of PE resources by type
RT_DIALOG 4
RT_ACCELERATOR 2
YZEG0F7 1
DOCSIP89M7 1
EXZYVM 1
HM5N3 1
S9X7046RF2 1
GPM9P656 1
C1449617 1
VOS8T 1
R171UG 1
XB03VGU5 1
FZTLV9475 1
E10TU88 1
KKTE4193A 1
Q4US20 1
S8SYG 1
XLT22T 1
RPL86KE 1
RE87E 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 22
BENGALI *unknown* 1
GREEK *unknown* 1
FRENCH ARABIC BAHRAIN 1
PE resources
ExifTool file metadata
SubsystemVersion
5.1

LinkerVersion
10.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
8.8.5.6

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Windows, Hebrew

InitializedDataSize
1517568

EntryPoint
0x58d0

OriginalFileName
R6Y7kFGX.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright 1987 - 2005

FileVersion
8.8.5.6

TimeStamp
2014:06:05 10:13:57+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
R6Y7kFGX.exe

ProductVersion
8.8.5.6

FileDescription
R8D2S0493413

OSVersion
5.1

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
iMesh, Inc

CodeSize
393728

ProductName
U936273s5u5

ProductVersionNumber
8.8.5.6

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 1dc4c44b13f2052a662d9fd1e2b47c13
SHA1 f6cb7f14984f20becc8bf94052686d9974ecee30
SHA256 ac9b4f714781b3878ce094f50b085568420bf9f2b3f6ebc74bcc813742d0b5e6
ssdeep
12288:7GIuffxCRksk/yTSEWcqXdib5dSDsCysUOcT:7fufMasyqZqXdivEysvcT

authentihash 489d1e9ae82576bd80a50677f930c75a52f1accaa456b3b9498ab7ede3f31324
imphash acccee576e6191e4d05ee36f9783f4e0
File size 534.0 KB ( 546816 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe

VirusTotal metadata
First submission 2014-06-05 13:08:05 UTC ( 4 years, 9 months ago )
Last submission 2014-06-05 23:04:17 UTC ( 4 years, 9 months ago )
File names ac9b4f714781b3878ce094f50b085568420bf9f2b3f6ebc74bcc813742d0b5e6.bin
cssxm.exe
R6Y7kFGX.exe
file-7076563_bin
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Moved files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
HTTP requests
DNS requests
TCP connections
UDP communications