× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: ad9357a1905767e4b86aec2b87b341202496f1e3761cc7d6ef26f3713eb52df2
File name: aspnet_wp.exe
Detection ratio: 30 / 54
Analysis date: 2015-11-05 22:06:10 UTC ( 2 years, 10 months ago )
Antivirus Result Update
AhnLab-V3 Trojan/Win32.Upbot 20151107
Antiy-AVL Trojan/Win32.Yakes 20151107
Arcabit Trojan.Generic.D2B4564 20151107
Avast Win32:Malware-gen 20151107
AVG Win32/Cryptor 20151107
Avira (no cloud) TR/Crypt.ZPACK.198197 20151107
AVware Trojan.Win32.Generic!BT 20151107
Baidu-International Trojan.Win32.Zbot.wctn 20151107
BitDefender Trojan.GenericKD.2835812 20151107
ClamAV Win.Trojan.Kazy-2720 20151107
DrWeb Trojan.DownLoader17.34438 20151107
Emsisoft Trojan.GenericKD.2835812 (B) 20151107
ESET-NOD32 a variant of Win32/Kryptik.ECSS 20151107
F-Secure Trojan.GenericKD.2835812 20151107
Fortinet W32/Kryptik.ECSS!tr 20151107
GData Trojan.GenericKD.2835812 20151107
K7AntiVirus Trojan ( 004d56c31 ) 20151107
K7GW Trojan ( 004d56c31 ) 20151107
Kaspersky Trojan-Spy.Win32.Zbot.wctn 20151107
Malwarebytes Trojan.Dropper 20151107
McAfee RDN/Swizzor.gen 20151107
McAfee-GW-Edition BehavesLike.Win32.Sdbot.jh 20151107
Microsoft VirTool:Win32/CeeInject.GF 20151107
eScan Trojan.GenericKD.2835812 20151107
nProtect Trojan.GenericKD.2835812 20151106
Panda Trj/Genetic.gen 20151107
Qihoo-360 HEUR/QVM10.1.Malware.Gen 20151107
Sophos AV Mal/Generic-S 20151107
TrendMicro TROJ_GEN.R021C0FK715 20151107
VIPRE Trojan.Win32.Generic!BT 20151107
AegisLab 20151107
Yandex 20151106
Alibaba 20151106
Bkav 20151107
ByteHero 20151107
CAT-QuickHeal 20151107
CMC 20151106
Comodo 20151107
Cyren 20151107
F-Prot 20151107
Ikarus 20151107
Jiangmin 20151107
NANO-Antivirus 20151107
Rising 20151106
SUPERAntiSpyware 20151107
Symantec 20151106
Tencent 20151107
TheHacker 20151103
TotalDefense 20151107
TrendMicro-HouseCall 20151107
VBA32 20151105
ViRobot 20151107
Zillya 20151105
Zoner 20151107
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Microsoft® .NET Framework
Original name aspnet_wp.exe
Internal name aspnet_wp.exe
File version 2.0.50727.5474 (Win7SP1GDR.050727-5400)
Description aspnet_wp.exe
Comments Flavor=Retail
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-10-29 18:49:28
Entry Point 0x00007E5A
Number of sections 4
PE sections
Overlays
MD5 9de7a62a90107d026c36eb168358424f
File type data
Offset 620032
Size 1837
Entropy 7.84
PE imports
RegDeleteKeyA
RegCloseKey
RegQueryValueA
RegQueryValueExA
RegSetValueExA
RegDeleteValueA
RegCreateKeyExA
RegOpenKeyExA
ImageList_Destroy
PrintDlgA
GetOpenFileNameA
GetFileTitleA
ChooseColorA
CommDlgExtendedError
GetSaveFileNameA
SetMapMode
GetWindowOrgEx
SetTextAlign
GetTextMetricsA
CombineRgn
GetTextExtentPointA
EndDoc
IntersectClipRect
OffsetWindowOrgEx
CreatePalette
EqualRgn
CreateDIBitmap
GetDIBits
ExtCreateRegion
GetEnhMetaFileBits
StretchDIBits
ScaleViewportExtEx
CloseMetaFile
GetKerningPairsA
SetViewportExtEx
SetBkColor
GetBkColor
SetRectRgn
GetDIBColorTable
DeleteEnhMetaFile
GetSystemPaletteEntries
OffsetRgn
GetCurrentPositionEx
TextOutA
CreateFontIndirectA
CreateRectRgnIndirect
LPtoDP
GetPixel
SetWindowExtEx
OffsetViewportOrgEx
SetBkMode
RemoveFontResourceExA
GetRegionData
BitBlt
GetDeviceCaps
MoveToEx
GetArcDirection
ScaleWindowExtEx
PtVisible
GetLogColorSpaceW
SelectPalette
EndPage
GetTextColor
Escape
DeleteObject
AddFontResourceA
GetWindowExtEx
PatBlt
CreatePen
GetClipBox
GetObjectA
CreateDCA
LineTo
DeleteDC
GetMapMode
StartPage
GetCharWidthA
RealizePalette
SetEnhMetaFileBits
SetDIBitsToDevice
RectVisible
GetStockObject
GetPath
PlayEnhMetaFile
ExtTextOutA
GdiFlush
SelectClipRgn
GetTextAlign
GetTextExtentPoint32A
SetWindowOrgEx
GetViewportExtEx
CreatePolygonRgn
GetCharABCWidthsFloatW
Polygon
GetGlyphOutlineW
SaveDC
SetDeviceGammaRamp
GetEnhMetaFilePaletteEntries
RestoreDC
FillPath
CreateBitmap
SetTextColor
CreateFontA
SetViewportOrgEx
GetDCPenColor
CreateCompatibleDC
CreateRectRgn
RemoveFontResourceA
SelectObject
StartDocA
CopyMetaFileW
Ellipse
CreateSolidBrush
DPtoLP
AbortDoc
CreateCompatibleBitmap
DeleteMetaFile
GetStdHandle
GetConsoleOutputCP
FileTimeToSystemTime
GetFileAttributesA
DeactivateActCtx
WaitForSingleObject
GetDriveTypeA
HeapDestroy
CreateTapePartition
IsValidLocale
GetExitCodeProcess
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetCurrentDirectoryA
GetConsoleMode
FreeEnvironmentStringsW
LocalAlloc
lstrcatA
SetErrorMode
VirtualLock
MultiByteToWideChar
GetLocaleInfoW
SetFileAttributesA
GetFileTime
GetTempPathA
GetCPInfo
GetProcAddress
GetStringTypeA
GetSystemTimeAsFileTime
WriteFile
SetStdHandle
HeapReAlloc
GetStringTypeW
GetFullPathNameA
GetOEMCP
LocalFree
ResumeThread
InitializeCriticalSection
LoadResource
GlobalHandle
FindClose
TlsGetValue
FormatMessageA
OutputDebugStringA
SetLastError
GetSystemTime
LocalLock
IsDebuggerPresent
ExitProcess
FlushFileBuffers
GetModuleFileNameA
RaiseException
FreeLibrary
GetVolumeInformationA
GetPrivateProfileStringA
SetThreadPriority
GetUserDefaultLCID
SetHandleCount
UnhandledExceptionFilter
InterlockedDecrement
GlobalFindAtomA
GetLocalTime
CreateMutexA
GetModuleHandleA
HeapAlloc
CreateThread
GlobalAddAtomA
SetUnhandledExceptionFilter
GetProcessPriorityBoost
MulDiv
GetSystemDirectoryA
DecodePointer
PrepareTape
SetEnvironmentVariableA
SetPriorityClass
TerminateProcess
GlobalFlags
WriteConsoleA
GlobalAlloc
LocalFileTimeToFileTime
SetEndOfFile
GetLocaleInfoA
GetVersion
InterlockedIncrement
WriteConsoleW
CreateToolhelp32Snapshot
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
OpenProcess
TerminateThread
lstrcmpiA
SetEvent
QueryPerformanceCounter
GetTickCount
IsBadWritePtr
TlsAlloc
VirtualProtect
GetVersionExA
LoadLibraryA
RtlUnwind
ExitThread
Process32Next
GlobalSize
GetStartupInfoA
UnlockFile
GetFileSize
LCMapStringW
Process32First
GetPrivateProfileIntA
CreateDirectoryA
DeleteFileA
GetWindowsDirectoryA
WaitForMultipleObjects
CompareStringW
GlobalReAlloc
GetFileInformationByHandle
lstrcmpA
FindFirstFileA
lstrcpyA
GetProfileStringA
CompareStringA
CreateFileMappingA
FindNextFileA
GlobalMemoryStatus
DuplicateHandle
GlobalLock
GetTimeZoneInformation
CreateEventA
CopyFileA
GetFileType
TlsSetValue
CreateFileA
GetCurrentThreadId
LocalUnlock
LeaveCriticalSection
GetLastError
LocalReAlloc
DosDateTimeToFileTime
GlobalDeleteAtom
HeapCreate
lstrlenA
GlobalFree
GetConsoleCP
LCMapStringA
GlobalGetAtomNameA
GetThreadLocale
GetEnvironmentStringsW
GlobalUnlock
LockFile
FileTimeToLocalFileTime
GetEnvironmentStrings
WritePrivateProfileStringA
GetCurrentProcessId
LockResource
SetFileTime
WideCharToMultiByte
HeapSize
GetCommandLineA
GetCurrentThread
OpenMutexA
SuspendThread
QueryPerformanceFrequency
MapViewOfFile
TlsFree
SetFilePointer
ReadFile
GetProcessVersion
CloseHandle
lstrcpynA
EnumSystemLocalesA
GetACP
GetModuleHandleW
SizeofResource
CreateProcessA
IsValidCodePage
UnmapViewOfFile
VirtualFree
Sleep
IsBadReadPtr
IsBadCodePtr
LocalShrink
FindResourceA
VirtualAlloc
IsWindowUnicode
GetParent
GetScrollBarInfo
ReleaseDC
PostMessageA
GetInputState
HideCaret
EnumWindows
DrawIcon
GetCapture
KillTimer
ExcludeUpdateRgn
ShowWindow
GetPropA
GetNextDlgGroupItem
SetWindowPos
SetWindowRgn
GetWindowThreadProcessId
GetSystemMetrics
HiliteMenuItem
IsWindow
ReleaseCapture
DispatchMessageA
EnableWindow
SetCapture
SetRectEmpty
DialogBoxParamW
ChildWindowFromPointEx
GetNextDlgTabItem
PeekMessageA
GetWindowRgn
TranslateMessage
GetSysColor
GetMenuItemID
IsCharAlphaNumericA
SetWindowTextA
ShowCaret
GetMenu
GetWindowLongA
SetParent
SetClipboardData
DrawIconEx
GetWindowPlacement
SendMessageA
GetClientRect
CreateWindowExA
BringWindowToTop
CopyAcceleratorTableA
EnableMenuItem
InvalidateRect
GetSubMenu
SetTimer
LoadCursorA
LoadIconA
DefDlgProcA
MonitorFromPoint
WaitForInputIdle
GetDesktopWindow
InflateRect
CallWindowProcA
GetDC
InvalidateRgn
SetCursor
IsDialogMessageA
DestroyWindow
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA
timeKillEvent
waveOutReset
waveInOpen
waveOutUnprepareHeader
waveOutGetDevCapsA
timeSetEvent
mixerGetLineControlsA
mciSendStringA
waveOutGetPosition
mixerGetLineInfoA
mixerGetNumDevs
mixerOpen
waveInPrepareHeader
waveInGetDevCapsA
waveOutGetNumDevs
waveOutClose
waveInAddBuffer
timeGetTime
waveInClose
waveInGetNumDevs
mixerGetDevCapsA
waveOutOpen
mixerSetControlDetails
mixerClose
waveOutPrepareHeader
waveInUnprepareHeader
mciGetErrorStringA
mixerGetControlDetailsA
waveInStart
waveOutWrite
mciSendCommandA
waveInReset
OpenPrinterA
DocumentPropertiesA
ClosePrinter
OleUninitialize
CoUninitialize
CoInitialize
OleInitialize
CoRevokeClassObject
OleFlushClipboard
StgOpenStorageOnILockBytes
CLSIDFromString
CoCreateInstance
CoFreeUnusedLibraries
CLSIDFromProgID
CoGetClassObject
CoRegisterMessageFilter
OleIsCurrentClipboard
StgCreateDocfileOnILockBytes
CoTaskMemFree
CreateILockBytesOnHGlobal
CoTaskMemAlloc
Number of PE resources by type
RT_BITMAP 1
RT_VERSION 1
Number of PE resources by language
NEUTRAL 1
ENGLISH US 1
PE resources
ExifTool file metadata
SubsystemVersion
5.0

Comments
Flavor=Retail

LinkerVersion
9.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
2.0.50727.5474

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
aspnet_wp.exe

CharacterSet
Unicode

InitializedDataSize
534016

EntryPoint
0x7e5a

OriginalFileName
aspnet_wp.exe

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights reserved.

FileVersion
2.0.50727.5474 (Win7SP1GDR.050727-5400)

TimeStamp
2015:10:29 19:49:28+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
aspnet_wp.exe

ProductVersion
2.0.50727.5474

UninitializedDataSize
0

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
84992

ProductName
Microsoft .NET Framework

ProductVersionNumber
2.0.50727.5474

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 9abcd77b3d4c487c59c88511dcf8a719
SHA1 0ae6a0ede9cde9294a935eb2a078d094c4a57e53
SHA256 ad9357a1905767e4b86aec2b87b341202496f1e3761cc7d6ef26f3713eb52df2
ssdeep
12288:tg/tjnG5ZQ97VCm+PI755N0V639zNOCqpht7j5fF1A4dJANfIes:tgxG03Cm+g7N0V2zNGtf5teoAds

authentihash f0fab41261f833720652f1fa4bb2f62bfff29bfe5369332293842d8002dd90c0
imphash 2458464549cbceef32aec89e8978758d
File size 607.3 KB ( 621869 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe overlay

VirusTotal metadata
First submission 2015-10-29 19:08:32 UTC ( 2 years, 11 months ago )
Last submission 2015-10-29 22:05:48 UTC ( 2 years, 11 months ago )
File names aspnet_wp.exe
bot.exe
Advanced heuristic and reputation engines
TrendMicro-HouseCall
TrendMicro's heuristic engine has flagged this file as: TROJ_GEN.R021C0FK715.

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Shell commands
Created mutexes
Opened mutexes
Runtime DLLs