× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: b1b537f767ce0a0cbf00141f97d5f814ecb9f2ae058895c9c85b3375b7d0e59e
File name: Label_8827712794.exe
Detection ratio: 6 / 46
Analysis date: 2013-03-26 15:39:04 UTC ( 6 years, 1 month ago ) View latest
Antivirus Result Update
AhnLab-V3 Trojan/Win32.Zbot 20130326
Comodo Heur.Packed.Unknown 20130326
Ikarus Trojan-PWS.Win32.Fareit 20130326
Kaspersky UDS:DangerousObject.Multi.Generic 20130326
Malwarebytes Malware.Packer.SGX5 20130326
Microsoft PWS:Win32/Fareit.gen!I 20130326
Yandex 20130326
AntiVir 20130326
Antiy-AVL 20130326
Avast 20130326
AVG 20130326
BitDefender 20130326
ByteHero 20130322
CAT-QuickHeal 20130326
ClamAV 20130326
Commtouch 20130326
DrWeb 20130326
Emsisoft 20130326
eSafe 20130324
ESET-NOD32 20130326
F-Prot 20130326
F-Secure 20130326
Fortinet 20130326
GData 20130326
Jiangmin 20130326
K7AntiVirus 20130325
Kingsoft 20130325
McAfee 20130326
McAfee-GW-Edition 20130326
eScan 20130326
NANO-Antivirus 20130326
Norman 20130326
nProtect 20130326
Panda 20130326
PCTools 20130326
Rising 20130322
Sophos AV 20130326
SUPERAntiSpyware 20130326
Symantec 20130326
TheHacker 20130326
TotalDefense 20130326
TrendMicro 20130326
TrendMicro-HouseCall 20130326
VBA32 20130326
VIPRE 20130326
ViRobot 20130326
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-01-23 18:06:11
Entry Point 0x0000112F
Number of sections 4
PE sections
PE imports
IsValidSid
DllUnregisterServer
DllGetClassObject
DllCanUnloadNow
DllRegisterServer
GetDriveTypeW
GetFileAttributesA
HeapDestroy
GetVolumePathNameA
VirtualProtect
GetModuleFileNameA
GetConsoleMode
CreateDirectoryA
DeleteFileW
GetProcessHeap
OpenMutexA
GetFileTime
SetFilePointer
GetModuleHandleA
InterlockedExchange
GlobalFlags
PulseEvent
LocalFree
CreateFileW
FindAtomA
GetCurrentThreadId
OpenEventA
LeaveCriticalSection
GetWindowLongA
LoadCursorA
wsprintfA
DispatchMessageA
IsZoomed
GetWindowTextA
MessageBoxA
PeekMessageA
GetWindowDC
IsWindowEnabled
GetSysColor
GetKeyState
Number of PE resources by type
RT_ICON 1
Number of PE resources by language
ENGLISH US 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2013:01:23 19:06:11+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
5120

LinkerVersion
7.0

EntryPoint
0x112f

InitializedDataSize
129024

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
0

Compressed bundles
File identification
MD5 c87f7ceeec9a9caa5e095b509d678f5e
SHA1 5bf2783f268966e42a1f7bd77ee4f331fa242b3a
SHA256 b1b537f767ce0a0cbf00141f97d5f814ecb9f2ae058895c9c85b3375b7d0e59e
ssdeep
1536:MBXI8HrjBAzgrgJbESVYIaZHvoNy++5A/06NhOrjbNuMK/t0RpLlhfq80Uwh05QC:MBXczZBEwaZHvpCNOrjBhT0OGnU

authentihash 784654c34b9b35e9ab42655689c1a700609c709ab76bbe696e09c501b3c5f815
imphash 27e10d24401a87204518795977cffef6
File size 132.0 KB ( 135168 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Generic Win/DOS Executable (50.0%)
DOS Executable Generic (49.9%)
Tags
peexe

VirusTotal metadata
First submission 2013-03-26 14:11:25 UTC ( 6 years, 1 month ago )
Last submission 2017-12-06 18:39:47 UTC ( 1 year, 5 months ago )
File names 005165906
Label_8827712794.ex
c87f7ceeec9a9caa5e095b509d678f5e
file-5304599_exe
Label_8827712794.exe
c87f7ceeec9a9caa5e095b509d678f5e.virus
c87f7ceeec9a9caa5e095b509d678f5e.exe
Label_8827712794.exe
Label_8827712794.ex_
Label_8827712794.vir
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Set keys
Created processes
Shell commands
Code injections in the following processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Hooking activity
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.
HTTP requests
DNS requests
TCP connections