× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: ad56397df7708724bbbc9f520d6995151c30f3fdf0c880c9e06320143fa4094d
File name: tmp.exe.txt
Detection ratio: 38 / 55
Analysis date: 2015-06-30 11:01:23 UTC ( 3 years, 8 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.2511957 20150630
AhnLab-V3 Trojan/Win32.Agent 20150630
ALYac Trojan.GenericKD.2511957 20150630
Antiy-AVL Trojan[PSW]/Win32.Fareit 20150630
Arcabit Trojan.Generic.D265455 20150630
Avast Win32:Malware-gen 20150630
AVG Zbot.AEIU 20150630
Avira (no cloud) TR/Crypt.Xpack.163234 20150630
AVware Trojan.Win32.Generic!BT 20150630
Baidu-International Trojan.Win32.InfoStealer.bajr 20150630
BitDefender Trojan.GenericKD.2511957 20150630
CAT-QuickHeal TrojanPSW.Fareit.r5 20150630
Comodo TrojWare.Win32.PSW.Fareit.~A 20150630
DrWeb Trojan.PWS.Stealer.4118 20150630
Emsisoft Trojan-PSW.Win32.Fareit (A) 20150630
ESET-NOD32 Win32/PSW.Fareit.A 20150630
F-Secure Trojan.GenericKD.2511957 20150630
Fortinet W32/Fareit.A!tr.pws 20150630
GData Trojan.GenericKD.2511957 20150630
Ikarus Trojan.Win32.PSW 20150630
K7AntiVirus Password-Stealer ( 004b89e61 ) 20150630
K7GW Password-Stealer ( 004b89e61 ) 20150630
Kaspersky Trojan-PSW.Win32.Fareit.bajr 20150630
Malwarebytes Spyware.Password 20150630
McAfee RDN/Generic PWS.y!b2j 20150630
McAfee-GW-Edition RDN/Generic PWS.y!b2j 20150630
Microsoft PWS:Win32/Fareit 20150630
eScan Trojan.GenericKD.2511957 20150630
NANO-Antivirus Trojan.Win32.Fareit.dtdvpy 20150630
nProtect Trojan-PWS/W32.Fareit.176130 20150630
Panda Trj/Chgt.O 20150630
Qihoo-360 HEUR/QVM10.1.Malware.Gen 20150630
Sophos AV Troj/DwnLdr-MQK 20150630
Symantec Trojan.Gen 20150630
Tencent Win32.Trojan.Crypt.Swba 20150630
VIPRE Trojan.Win32.Generic!BT 20150630
ViRobot Trojan.Win32.PSW-Fareit.176130[h] 20150630
Zillya Trojan.Fareit.Win32.10151 20150630
AegisLab 20150630
Yandex 20150629
Alibaba 20150630
Bkav 20150629
ByteHero 20150630
ClamAV 20150630
Cyren 20150630
F-Prot 20150630
Jiangmin 20150629
Kingsoft 20150630
Rising 20150630
SUPERAntiSpyware 20150630
TheHacker 20150630
TrendMicro 20150630
TrendMicro-HouseCall 20150630
VBA32 20150630
Zoner 20150630
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-06-24 11:44:48
Entry Point 0x000041AE
Number of sections 5
PE sections
Overlays
MD5 81051bcc2cf1bedf378224b0a93e2877
File type ASCII text
Offset 176128
Size 2
Entropy 1.00
PE imports
PrintDlgA
CertGetNameStringA
GetDeviceCaps
GetObjectA
FillRgn
SetMapMode
DeleteDC
CreateEllipticRgn
RestoreDC
SelectObject
GetStockObject
SaveDC
CreateRectRgn
DPtoLP
CombineRgn
BitBlt
SetBkColor
TextOutA
CreateCompatibleDC
DeleteObject
CreateCompatibleBitmap
SetTextColor
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
IsProcessorFeaturePresent
EnterCriticalSection
LCMapStringW
SetHandleCount
LoadLibraryW
GlobalFree
GetOEMCP
QueryPerformanceCounter
IsDebuggerPresent
GetTickCount
TlsAlloc
GetEnvironmentStringsW
GetModuleFileNameA
RtlUnwind
LoadLibraryA
GetStdHandle
DeleteCriticalSection
GetCurrentProcess
DecodePointer
GetCurrentProcessId
GetModuleHandleW
WideCharToMultiByte
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
HeapSize
FreeEnvironmentStringsW
GetCommandLineA
lstrcatW
EncodePointer
GetStartupInfoW
ExitProcess
RaiseException
GetCPInfo
GetModuleFileNameW
TlsFree
HeapSetInformation
SetUnhandledExceptionFilter
WriteFile
GetSystemTimeAsFileTime
GetACP
HeapReAlloc
GetStringTypeW
GetProcAddress
LocalFree
TerminateProcess
IsValidCodePage
HeapCreate
GlobalAlloc
InterlockedDecrement
Sleep
GetFileType
TlsSetValue
HeapAlloc
GetCurrentThreadId
LeaveCriticalSection
LocalAlloc
SetLastError
InterlockedIncrement
OleCreateFontIndirect
OleLoadPicture
DragFinish
DragQueryPoint
DragQueryFileA
StrChrW
StrToIntExA
SHCreateShellPalette
QuerySecurityPackageInfoA
AcquireCredentialsHandleA
EnumerateSecurityPackagesA
EmptyClipboard
GetParent
UpdateWindow
BeginPaint
KillTimer
PostQuitMessage
DefWindowProcA
GetWindowContextHelpId
EnumDisplayMonitors
GetSystemMetrics
IsWindow
EnableWindow
WindowFromPoint
DialogBoxParamA
GetWindow
CopyImage
GetDlgCtrlID
SetWindowTextA
GetMenu
SendDlgItemMessageA
SendMessageA
GetClientRect
GetDlgItem
InvalidateRect
GetSubMenu
SetTimer
GetMenuState
CallWindowProcA
EndPaint
RegisterClassExA
DestroyWindow
GdipDisposeImage
GdipSaveImageToFile
GdiplusStartup
GdipCreateBitmapFromHBITMAP
CreatePointerMoniker
Number of PE resources by type
RT_GROUP_CURSOR 19
RT_DIALOG 13
RT_STRING 8
RT_RCDATA 4
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 45
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2015:06:24 12:44:48+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
51712

LinkerVersion
10.0

FileTypeExtension
exe

InitializedDataSize
123392

SubsystemVersion
5.1

EntryPoint
0x41ae

OSVersion
5.1

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 50e254dbb86d1f5a86e8d946919ec1e5
SHA1 15611e30016412f7f1af69b74005b8928dbbfd3a
SHA256 ad56397df7708724bbbc9f520d6995151c30f3fdf0c880c9e06320143fa4094d
ssdeep
3072:3n9Bh8KqKmuVB+xsBiEq7png68shM9JpOm3vkPhMORQRDHgGLwC:3n9Bhm9uGgRq7pZ+OSl

authentihash 54d1821a2221d6c722c722ac691145a9eac7a04a2c1bb5175bbdc6a9270df419
imphash cdab862ebfd7f377bc867a1ea84f7eb7
File size 172.0 KB ( 176130 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe overlay

VirusTotal metadata
First submission 2015-06-24 14:31:00 UTC ( 3 years, 9 months ago )
Last submission 2015-06-30 11:01:23 UTC ( 3 years, 8 months ago )
File names tmp.exe.txt
tmp.exe
KKOIbh.tar.bz2
ad56397df7708724bbbc9f520d6995151c30f3fdf0c880c9e06320143fa4094d.bin
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Shell commands
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
HTTP requests
DNS requests
TCP connections
UDP communications