× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: b666f545c669cd5967edc6dbe5bdcb0c9111ca8283eb903720391b1db4496f42
File name: 630607f3d2170e007973560d9a6318e5560cafe6
Detection ratio: 29 / 57
Analysis date: 2015-09-01 21:59:22 UTC ( 3 years, 6 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.2683895 20150901
Yandex Trojan.DR.Injector!dekIYTz17DM 20150901
ALYac Trojan.GenericKD.2683895 20150901
Antiy-AVL Trojan[Dropper]/Win32.Injector 20150901
Arcabit Trojan.Generic.D28F3F7 20150901
Avast Win32:Trojan-gen 20150901
AVG Zbot.AGHZ 20150901
Avira (no cloud) TR/Crypt.ZPACK.15195 20150901
AVware Trojan.Win32.Generic!BT 20150901
BitDefender Trojan.GenericKD.2683895 20150901
DrWeb Trojan.PWS.Siggen1.40936 20150901
Emsisoft Trojan.GenericKD.2683895 (B) 20150901
ESET-NOD32 Win32/Spy.Zbot.ABW 20150901
F-Secure Trojan.GenericKD.2683895 20150901
Fortinet W32/Zbot.ABW!tr.spy 20150901
GData Trojan.GenericKD.2683895 20150901
Kaspersky Trojan-Dropper.Win32.Injector.nfbw 20150901
Malwarebytes Backdoor.Bot 20150901
McAfee Artemis!464418A29C0E 20150901
McAfee-GW-Edition Artemis 20150901
eScan Trojan.GenericKD.2683895 20150901
NANO-Antivirus Trojan.Win32.Injector.dvuayg 20150901
nProtect Trojan.GenericKD.2683895 20150901
Panda Generic Suspicious 20150901
Qihoo-360 HEUR/QVM07.1.Malware.Gen 20150901
Rising PE:Malware.XPACK-HIE/Heur!1.9C48[F1] 20150901
Sophos AV Troj/Zbot-KAR 20150901
TrendMicro TROJ_GEN.R00JC0VHV15 20150901
VIPRE Trojan.Win32.Generic!BT 20150901
AegisLab 20150901
AhnLab-V3 20150901
Alibaba 20150901
Baidu-International 20150901
Bkav 20150901
ByteHero 20150901
CAT-QuickHeal 20150901
ClamAV 20150901
CMC 20150831
Comodo 20150901
Cyren 20150901
F-Prot 20150901
Ikarus 20150901
Jiangmin 20150901
K7AntiVirus 20150901
K7GW 20150901
Kingsoft 20150901
Microsoft 20150901
SUPERAntiSpyware 20150829
Symantec 20150901
Tencent 20150901
TheHacker 20150831
TotalDefense 20150901
TrendMicro-HouseCall 20150901
VBA32 20150901
ViRobot 20150901
Zillya 20150901
Zoner 20150901
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2008-05-25 20:58:30
Entry Point 0x00059A80
Number of sections 4
PE sections
PE imports
RegReplaceKeyA
GetStartupInfoA
GetModuleHandleA
LoadLibraryExW
_except_handler3
__p__fmode
_acmdln
_exit
__p__commode
_controlfp
exit
_XcptFilter
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__set_app_type
PathRemoveBackslashA
PathIsDirectoryA
PathIsRootA
PathIsRelativeW
PathMakePrettyW
SHRegGetBoolUSValueW
StrCSpnA
SHDeleteValueA
PathMakePrettyA
StrCSpnW
SHRegGetBoolUSValueA
SHEnumKeyExA
StrToIntA
SHRegGetUSValueW
StrIsIntlEqualW
PathSetDlgItemPathW
SHEnumKeyExW
SHRegOpenUSKeyW
PathFindFileNameW
PathQuoteSpacesA
PathRemoveBlanksA
PathQuoteSpacesW
SHRegOpenUSKeyA
SHDeleteEmptyKeyA
PathRemoveArgsA
PathIsContentTypeW
PathFindExtensionA
StrPBrkA
PathIsUNCA
SHRegEnumUSKeyW
PathIsUNCW
PathFindExtensionW
PathRemoveArgsW
SHRegDeleteUSValueA
SHGetValueW
StrCSpnIW
StrToIntExW
SHRegGetUSValueA
SHEnumValueW
PathRelativePathToA
PathAddBackslashW
StrToIntExA
PathBuildRootW
PathRelativePathToW
SHDeleteKeyW
PathIsUNCServerShareA
PathIsFileSpecW
PathIsUNCServerW
PathIsFileSpecA
PathIsUNCServerShareW
SHRegEnumUSValueW
PathRemoveFileSpecA
StrCmpW
PathAddExtensionA
PathGetArgsA
PathAddExtensionW
PathIsPrefixA
StrSpnW
SHSetValueW
PathGetDriveNumberA
PathCombineA
PathCompactPathA
PathStripToRootW
PathMakeSystemFolderW
PathCombineW
PathStripPathW
SHRegSetUSValueA
SHRegDeleteEmptyUSKeyA
SHRegSetUSValueW
PathCommonPrefixA
SHRegQueryUSValueW
PathStripPathA
SHRegCloseUSKey
PathUnquoteSpacesW
PathIsURLA
SHRegWriteUSValueA
PathUnquoteSpacesA
PathIsURLW
StrDupA
PathMatchSpecA
SHSetValueA
SHRegWriteUSValueW
StrFormatByteSizeA
StrNCatW
StrNCatA
StrFormatByteSizeW
StrTrimW
PathFindOnPathW
PathFindOnPathA
SHOpenRegStreamA
StrTrimA
SHRegCreateUSKeyW
PathRenameExtensionW
ChrCmpIW
SHRegCreateUSKeyA
PathRenameExtensionA
StrFromTimeIntervalW
ChrCmpIA
PathIsRootW
SHQueryValueExW
PathSkipRootW
PathSearchAndQualifyA
InternetSetCookieA
HttpOpenRequestA
InternetCrackUrlW
InternetUnlockRequestFile
CreateUrlCacheEntryA
InternetOpenA
FtpFindFirstFileW
InternetErrorDlg
RetrieveUrlCacheEntryFileW
InternetQueryDataAvailable
InternetOpenUrlW
HttpEndRequestA
HttpOpenRequestW
InternetSetOptionExW
GetUrlCacheEntryInfoA
InternetGetCookieW
UnlockUrlCacheEntryFile
FtpRenameFileA
InternetGetLastResponseInfoA
FtpDeleteFileW
InternetReadFileExW
GopherOpenFileW
GetUrlCacheEntryInfoW
RetrieveUrlCacheEntryStreamW
InternetDial
InternetGetLastResponseInfoW
FtpRenameFileW
HttpQueryInfoW
GopherCreateLocatorW
InternetFindNextFileW
InternetLockRequestFile
InternetTimeToSystemTime
FtpGetFileW
CommitUrlCacheEntryW
GopherGetLocatorTypeW
CommitUrlCacheEntryA
FindCloseUrlCache
FtpCreateDirectoryW
FtpGetCurrentDirectoryA
FtpPutFileA
FindFirstUrlCacheEntryA
FtpOpenFileA
FtpGetCurrentDirectoryW
InternetSetOptionW
HttpSendRequestW
RetrieveUrlCacheEntryStreamA
Number of PE resources by type
RT_ICON 8
RT_GROUP_ICON 4
RT_VERSION 1
Number of PE resources by language
GALICIAN DEFAULT 7
ENGLISH JAMAICA 4
MACEDONIAN DEFAULT 2
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
6.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
0.113.170.168

UninitializedDataSize
0

LanguageCode
Neutral

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
4288512

EntryPoint
0x59a80

OriginalFileName
Damage.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright 2083

FileVersion
0.181.16.114

TimeStamp
2008:05:25 21:58:30+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Directing

FileDescription
Exists

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
WhiteCanyon Inc.

CodeSize
364544

ProductName
Colder Diverting

ProductVersionNumber
0.161.20.133

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 464418a29c0e0764f13c72e241c7b46f
SHA1 630607f3d2170e007973560d9a6318e5560cafe6
SHA256 b666f545c669cd5967edc6dbe5bdcb0c9111ca8283eb903720391b1db4496f42
ssdeep
12288:3AbKY/Bd0lUPqF8rz0FH6diTNDa4K83PFrMvSk7681zMzF:VgFs8rzS0iTNa4K8/FMvSk7h1zMp

authentihash 0e1ed6fce6ffd97a92917a2493374bd06a185340dac06bb51fd57e0d9edc8cb2
imphash fe50b24b587d7f43c161ae3465bb8f64
File size 404.0 KB ( 413696 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2015-09-01 21:59:22 UTC ( 3 years, 6 months ago )
Last submission 2015-09-01 21:59:22 UTC ( 3 years, 6 months ago )
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Shell commands
Created mutexes
Opened mutexes
Opened service managers
Runtime DLLs