× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: ad1e6f371dedf15f6f8b91049ab83cbd719672d645b27c62b1e765f83fafea90
File name: CSgdGJA.exe
Detection ratio: 41 / 57
Analysis date: 2015-04-10 18:24:35 UTC ( 3 years, 10 months ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Symmi.47805 20150410
AhnLab-V3 Trojan/Win32.MDA 20150410
ALYac Gen:Variant.Symmi.47805 20150410
Avast Win32:Injector-CEH [Trj] 20150410
AVG Inject2.BDCB 20150410
Avira (no cloud) TR/Agent.268800.44 20150410
AVware Backdoor.IRCBot 20150410
Baidu-International Worm.Win32.Dorkbot.B 20150410
BitDefender Gen:Variant.Symmi.47805 20150410
Bkav W32.RbotiaJ.Trojan 20150410
CAT-QuickHeal TrojanRansom.Crowti.A4 20150410
Comodo UnclassifiedMalware 20150410
Cyren W32/S-50161fd2!Eldorado 20150410
DrWeb BackDoor.IRC.NgrBot.42 20150410
Emsisoft Gen:Variant.Symmi.47805 (B) 20150410
ESET-NOD32 Win32/Dorkbot.B 20150410
F-Prot W32/S-50161fd2!Eldorado 20150410
F-Secure Gen:Variant.Symmi.47805 20150410
Fortinet W32/Injector.BOIM!tr 20150410
GData Gen:Variant.Symmi.47805 20150410
Ikarus Backdoor.Win32.Androm 20150410
Jiangmin Trojan/Yakes.awsj 20150409
K7AntiVirus Trojan ( 004b04c61 ) 20150410
K7GW Trojan ( 004b04c61 ) 20150410
Kaspersky HEUR:Trojan.Win32.Generic 20150410
Malwarebytes Trojan.Ransom.ED 20150410
McAfee Ransom-FPA!9B2A8383413A 20150410
McAfee-GW-Edition BehavesLike.Win32.Dropper.dm 20150410
Microsoft Worm:Win32/Dorkbot.I 20150410
eScan Gen:Variant.Symmi.47805 20150410
NANO-Antivirus Trojan.Win32.Yakes.dihulm 20150410
Norman Kryptik.CEOC 20150410
Panda Trj/Genetic.gen 20150410
Qihoo-360 HEUR/QVM10.1.Malware.Gen 20150410
Sophos AV Mal/Wonton-Z 20150410
Symantec W32.IRCBot.NG 20150410
Tencent Win32.Trojan.Yakes.Htly 20150410
TrendMicro TROJ_SPNR.03KB14 20150410
TrendMicro-HouseCall TROJ_SPNR.03KB14 20150410
VBA32 Trojan.Yakes 20150410
VIPRE Backdoor.IRCBot 20150410
AegisLab 20150410
Yandex 20150409
Alibaba 20150410
Antiy-AVL 20150410
ByteHero 20150410
ClamAV 20150410
CMC 20150410
Kingsoft 20150410
nProtect 20150410
Rising 20150410
SUPERAntiSpyware 20150410
TheHacker 20150410
TotalDefense 20150409
ViRobot 20150410
Zillya 20150409
Zoner 20150410
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-11-04 16:10:46
Entry Point 0x0000B742
Number of sections 5
PE sections
PE imports
GetTokenInformation
CloseServiceHandle
RegFlushKey
RegCloseKey
OpenServiceA
OpenProcessToken
QueryServiceStatus
RegQueryValueExA
AllocateAndInitializeSid
OpenThreadToken
RegSetValueExA
StartServiceA
EqualSid
RegCreateKeyExA
FreeSid
RegOpenKeyExA
OpenSCManagerA
ImageList_BeginDrag
ImageList_SetBkColor
ImageList_Replace
Ord(17)
ImageList_SetDragCursorImage
ImageList_Read
ImageList_DragMove
ImageList_Create
ImageList_GetDragImage
ImageList_DrawEx
ImageList_SetIconSize
ImageList_Write
ImageList_GetImageCount
ImageList_Destroy
ImageList_Draw
ImageList_GetIconSize
ImageList_DragLeave
ImageList_GetBkColor
ImageList_ReplaceIcon
ImageList_DragEnter
ImageList_Add
ImageList_DragShowNolock
ImageList_Remove
ImageList_EndDrag
GetBitmapBits
DeleteEnhMetaFile
Polygon
GetSystemPaletteEntries
PatBlt
GetClipBox
GetCurrentPositionEx
SaveDC
CreateHalftonePalette
CreateFontIndirectA
GetPaletteEntries
MaskBlt
SetStretchBltMode
GetEnhMetaFilePaletteEntries
GetPixel
Rectangle
GetObjectA
GetBrushOrgEx
ExcludeClipRect
LineTo
DeleteDC
RestoreDC
GetTextExtentPointA
GetWindowOrgEx
SetPixel
GetTextMetricsA
CreateSolidBrush
IntersectClipRect
BitBlt
CreateDIBSection
CopyEnhMetaFileA
RealizePalette
SetTextColor
GetDeviceCaps
RectVisible
SetEnhMetaFileBits
CreateBitmap
MoveToEx
CreatePalette
CreateBrushIndirect
CreateDIBitmap
GetStockObject
SelectPalette
ExtTextOutA
UnrealizeObject
GetDIBits
GetDIBColorTable
GetEnhMetaFileBits
SetROP2
GetDCOrgEx
PlayEnhMetaFile
StretchBlt
SetBrushOrgEx
SelectObject
GetTextExtentPoint32A
GetWinMetaFileBits
SetDIBColorTable
GetEnhMetaFileHeader
SetWindowOrgEx
Polyline
CreatePenIndirect
SetViewportOrgEx
SetBkMode
SetBkColor
SetWinMetaFileBits
DeleteObject
CreateCompatibleBitmap
CreateCompatibleDC
GetStdHandle
GetFileAttributesA
WaitForSingleObject
HeapDestroy
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetLocaleInfoA
lstrcatA
UnhandledExceptionFilter
FreeEnvironmentStringsW
EnumResourceLanguagesW
GetTempPathA
WideCharToMultiByte
GetStringTypeA
GetSystemTimeAsFileTime
WriteFile
SetStdHandle
GetDiskFreeSpaceA
GetStringTypeW
SetFileAttributesA
FreeLibrary
LoadResource
FindClose
TlsGetValue
FormatMessageA
SetLastError
IsDebuggerPresent
HeapAlloc
GetModuleFileNameA
SetComputerNameExA
GetPrivateProfileStringA
GetSystemDefaultLCID
InterlockedDecrement
MultiByteToWideChar
GetModuleHandleA
CreateSemaphoreA
CreateThread
SetUnhandledExceptionFilter
MulDiv
GetSystemDirectoryA
SetEnvironmentVariableA
TerminateProcess
WriteConsoleA
LocalFileTimeToFileTime
GetVersion
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetStartupInfoA
GetFileSize
CreateDirectoryA
DeleteFileA
GetWindowsDirectoryA
WaitForMultipleObjects
CompareStringW
lstrcmpA
FindFirstFileA
GetCurrentThreadId
lstrcpyA
CompareStringA
GetTempFileNameA
CreateFileMappingA
FindNextFileA
GetProcAddress
GetTimeZoneInformation
GetFileType
TlsSetValue
CreateFileA
ExitProcess
InterlockedIncrement
GetLastError
DosDateTimeToFileTime
LCMapStringW
UnmapViewOfFile
lstrlenA
LCMapStringA
HeapReAlloc
GetEnvironmentStringsW
RemoveDirectoryA
GetEnvironmentStrings
GetCurrentProcessId
LockResource
SetFileTime
GetCPInfo
HeapSize
GetCommandLineA
MapViewOfFile
TlsFree
SetFilePointer
HeapUnlock
ReadFile
CloseHandle
lstrcpynA
GetACP
GetModuleHandleW
CreateProcessA
IsValidCodePage
HeapCreate
PostQueuedCompletionStatus
VirtualFree
Sleep
FindResourceA
VirtualAlloc
SHGetFileInfoA
ShellExecuteExA
SHChangeNotify
SHGetSpecialFolderLocation
SHGetDesktopFolder
SHGetPathFromIDListA
SHGetMalloc
ShellExecuteA
MapWindowPoints
GetMessagePos
RedrawWindow
DrawStateA
EnableScrollBar
DestroyMenu
PostQuitMessage
GetForegroundWindow
LoadBitmapA
SetWindowPos
IsWindow
SetTimer
DispatchMessageA
ScreenToClient
SetMenuItemInfoA
CharUpperBuffA
WindowFromPoint
DrawIcon
SetActiveWindow
GetMenuItemID
GetCursorPos
ReleaseDC
GetClassInfoA
GetMenu
UnregisterClassA
SendMessageA
GetClientRect
CharLowerBuffA
SetScrollPos
CallNextHookEx
GetKeyboardState
GetTopWindow
ShowCursor
ShowCaret
ScrollWindow
GetWindowTextA
GetKeyState
PtInRect
DrawEdge
GetParent
UpdateWindow
SetPropA
EqualRect
EnumWindows
DefMDIChildProcA
ShowWindow
SetClassLongA
GetPropA
GetDesktopWindow
TranslateMDISysAccel
EnableWindow
SetWindowPlacement
PeekMessageA
ChildWindowFromPoint
TranslateMessage
IsWindowEnabled
GetWindow
ActivateKeyboardLayout
InsertMenuItemA
GetIconInfo
MsgWaitForMultipleObjects
LoadStringA
SetParent
SetClipboardData
GetSystemMetrics
IsZoomed
GetWindowPlacement
GetKeyboardLayoutList
DrawMenuBar
IsIconic
RegisterClassA
GetMenuItemCount
GetWindowLongA
CreateWindowExA
OemToCharA
GetActiveWindow
ShowOwnedPopups
FillRect
EnumThreadWindows
CharNextA
EndPaint
DestroyWindow
IsChild
IsDialogMessageA
SetFocus
CharPrevA
MapVirtualKeyA
SetCapture
BeginPaint
OffsetRect
GetScrollPos
KillTimer
RegisterWindowMessageA
DefWindowProcA
DrawFocusRect
GetClipboardData
CharLowerA
EnableMenuItem
SetScrollRange
GetWindowRect
InflateRect
PostMessageA
ReleaseCapture
GetScrollRange
SetWindowLongA
RemovePropA
CreatePopupMenu
CheckMenuItem
GetSubMenu
GetLastActivePopup
DrawIconEx
CreateMenu
ClientToScreen
InsertMenuA
LoadCursorA
LoadIconA
TrackPopupMenu
SetWindowsHookExA
GetMenuStringA
GetMenuState
GetKeyboardLayout
GetSystemMenu
GetDC
SetForegroundWindow
ExitWindowsEx
OpenClipboard
EmptyClipboard
DrawTextA
IntersectRect
GetScrollInfo
HideCaret
GetCapture
WaitMessage
FindWindowA
SetWindowTextA
MessageBeep
RemoveMenu
GetWindowThreadProcessId
ShowScrollBar
DrawFrameControl
UnhookWindowsHookEx
RegisterClipboardFormatA
IsRectEmpty
MessageBoxA
GetClassNameA
GetWindowDC
DestroyCursor
AdjustWindowRectEx
LoadKeyboardLayoutA
GetSysColor
SetScrollInfo
GetMenuItemInfoA
SystemParametersInfoA
DestroyIcon
GetKeyNameTextA
IsWindowVisible
GetDCEx
WinHelpA
FrameRect
SetRect
DeleteMenu
InvalidateRect
DefFrameProcA
SendMessageTimeoutA
CreateIcon
CallWindowProcA
GetCursor
GetFocus
CloseClipboard
GetKeyboardType
SetMenu
SetCursor
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA
sndPlaySoundA
SymGetSymFromName
StackWalk64
SymEnumerateSymbols
SymGetModuleInfo
SymGetSymNext64
SymCleanup
SymUnDName
CoCreateInstance
CoUninitialize
CoInitialize
OleInitialize
OleUninitialize
Number of PE resources by type
RT_STRING 3
RT_BITMAP 1
PNG 1
Number of PE resources by language
HEBREW DEFAULT 3
ARABIC SYRIA 1
ENGLISH US 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2014:11:04 17:10:46+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
79360

LinkerVersion
9.0

EntryPoint
0xb742

InitializedDataSize
188416

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
0

File identification
MD5 9b2a8383413a0f3217c98fbbee6c1ee9
SHA1 8eae3cb6e9fa1630f3bbbeba75f1211c6650a544
SHA256 ad1e6f371dedf15f6f8b91049ab83cbd719672d645b27c62b1e765f83fafea90
ssdeep
3072:1YPzP/wVurm2HCyfMnJuQf7PuEH9ePHuTsuEbkBHYc7q5/7s/:1YbPdQPuq9ePXuEQY75zU

authentihash e878ea8bffba84125216015b422416d38da2a3328d85b6803377db444723227e
imphash 6240c427fd6b9b37350b5420aaf4b7eb
File size 262.5 KB ( 268800 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2014-11-04 17:08:15 UTC ( 4 years, 3 months ago )
Last submission 2014-11-05 21:19:58 UTC ( 4 years, 3 months ago )
File names CSgdGJA.exe
hemxccapep.exe
ad1e6f371dedf15f6f8b91049ab83cbd719672d645b27c62b1e765f83fafea90.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Runtime DLLs