× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: b00c84b5391f0201a54436cb2050ce18d62373e2f1d80d5b3383dfbfc30df56b
File name: cb9aec586858a3e08770ba4bb02f7985fc360374_pdown.ph
Detection ratio: 42 / 56
Analysis date: 2014-11-28 11:04:38 UTC ( 3 years, 7 months ago )
Antivirus Result Update
Ad-Aware Gen:Trojan.Heur.FU.aqW@aqAoT4mc 20141128
Yandex Trojan.DL.Small!pj8HS6Ykqv4 20141128
Avast Win32:Malware-gen 20141128
AVG Downloader.Generic10.LXK 20141128
Avira (no cloud) TR/Spy.10240.58 20141128
AVware Trojan-Downloader.Win32.Small 20141121
Baidu-International Trojan.Win32.Downloader.askR 20141128
BitDefender Gen:Trojan.Heur.FU.aqW@aqAoT4mc 20141128
Bkav W32.ZbotEloradoC.Worm 20141127
ClamAV Trojan.Small-9059 20141128
Comodo TrojWare.Win32.TrojanDownloader.Agent.~GTV 20141128
Cyren W32/Trojan.ZZLL-7620 20141128
DrWeb Trojan.DownLoad2.15064 20141128
Emsisoft Gen:Trojan.Heur.FU.aqW@aqAoT4mc (B) 20141128
ESET-NOD32 Win32/TrojanDownloader.Small.OYQ 20141128
F-Prot W32/Trojan2.NHSJ 20141128
F-Secure Gen:Trojan.Heur.FU.aqW@aqAoT4mc 20141128
Fortinet W32/Agent.52CC!tr 20141128
GData Gen:Trojan.Heur.FU.aqW@aqAoT4mc 20141128
Ikarus Trojan-Downloader.Win32.Small 20141128
Jiangmin TrojanDownloader.Small.asyw 20141127
Kaspersky UDS:DangerousObject.Multi.Generic 20141128
Kingsoft Win32.Malware.Heur_Generic.B.(kcloud) 20141128
McAfee Generic.dx!0EFAAE313C60 20141128
McAfee-GW-Edition Generic.dx!0EFAAE313C60 20141128
Microsoft TrojanDownloader:Win32/Tearspear!gmb 20141128
eScan Gen:Trojan.Heur.FU.aqW@aqAoT4mc 20141128
NANO-Antivirus Trojan.Win32.Small.bqmlc 20141128
Norman Suspicious_Gen2.BWMLX 20141128
nProtect Trojan-Downloader/W32.Small.10240.DY 20141127
Panda Generic Malware 20141127
Qihoo-360 Trojan-Heur/Win32.FU.aqW@aqAoT4mc 20141128
Rising PE:Trojan.Win32.Generic.123A213A!305799482 20141126
Sophos AV Mal/Generic-S 20141128
Symantec Backdoor.Trojan 20141128
Tencent Win32.Trojan-downloader.Small.Kzy 20141128
TotalDefense Win32/FakeAV.CZS 20141127
TrendMicro PAK_Generic.001 20141128
TrendMicro-HouseCall PAK_Generic.001 20141128
VBA32 BScope.Sick.xc 20141127
VIPRE Trojan-Downloader.Win32.Small 20141128
Zillya Downloader.Small.Win32.57160 20141127
AegisLab 20141128
AhnLab-V3 20141128
ALYac 20141128
Antiy-AVL 20141128
ByteHero 20141128
CAT-QuickHeal 20141128
CMC 20141127
K7AntiVirus 20141127
K7GW 20141128
Malwarebytes 20141128
SUPERAntiSpyware 20141127
TheHacker 20141124
ViRobot 20141127
Zoner 20141127
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2010-08-09 18:31:31
Entry Point 0x00001EA3
Number of sections 4
PE sections
PE imports
GetTokenInformation
RegOpenKeyA
RegCloseKey
OpenProcessToken
FreeSid
RegQueryValueExA
AllocateAndInitializeSid
OpenThreadToken
RegSetValueExA
EqualSid
RegCreateKeyA
GetLastError
lstrlenA
GetTickCount
GetVersionExA
LoadLibraryA
QueueUserAPC
GetCurrentProcess
GetPrivateProfileStringA
WritePrivateProfileStringA
lstrcatA
GetPrivateProfileIntA
GetProcAddress
GetCurrentThread
GetTempPathA
CreateThread
GetModuleHandleA
lstrcpyA
CloseHandle
GetTempFileNameA
MoveFileA
VirtualFree
Sleep
ExitProcess
VirtualAlloc
SleepEx
ShowWindow
GetForegroundWindow
CoCreateGuid
CoInitialize
StringFromGUID2
Number of PE resources by type
RT_ICON 1
RT_GROUP_ICON 1
Number of PE resources by language
RUSSIAN 2
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2010:08:09 19:31:31+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
4096

LinkerVersion
8.0

FileAccessDate
2014:11:28 12:04:43+01:00

EntryPoint
0x1ea3

InitializedDataSize
7168

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

FileCreateDate
2014:11:28 12:04:43+01:00

UninitializedDataSize
0

File identification
MD5 0efaae313c6072b29cabdf3fa2bf06dc
SHA1 cb9aec586858a3e08770ba4bb02f7985fc360374
SHA256 b00c84b5391f0201a54436cb2050ce18d62373e2f1d80d5b3383dfbfc30df56b
ssdeep
192:6r9RTlUFY/NIIx+Yq/u47iIxEybPD+65KDnbOs:ObOFY/NZe7jGaPD+65KDbO

authentihash 3af422827ff123c5b8def321fc3382a916889a2f30c10fe2ea91a0592e640d84
imphash 0cfe5f88a29a7a2a50faf25838fbb569
File size 10.0 KB ( 10240 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2010-08-18 21:35:20 UTC ( 7 years, 11 months ago )
Last submission 2014-11-28 11:04:38 UTC ( 3 years, 7 months ago )
File names cb9aec586858a3e08770ba4bb02f7985fc360374_pdown.ph
Vj0A.exe
aa
We91aEa.docx
Behaviour characterization
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Moved files
Created processes
Shell commands
Code injections in the following processes
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Runtime DLLs
Additional details
The file uses the IsDebuggerPresent Windows API function in order to see whether it is being debugged.
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
HTTP requests
DNS requests
TCP connections