× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: b932e16adfc0190e2f0b54a7cc7e1e1ac05afe5986404e4e6c12537adeb577df
File name: b932e16adfc0190e2f0b54a7cc7e1e1ac05afe5986404e4e6c12537adeb577df
Detection ratio: 28 / 46
Analysis date: 2013-04-17 23:07:04 UTC ( 12 months ago )
Antivirus Result Update
AVG PSW.Generic11.FBF 20130417
AhnLab-V3 Trojan/Win32.Foreign 20130417
AntiVir TR/Rogue.14575.23 20130417
BitDefender Trojan.GenericKDZ.14575 20130418
DrWeb BackDoor.Slym.1498 20130418
ESET-NOD32 Win32/Kelihos.F 20130417
Emsisoft Trojan.GenericKDZ.14575 (B) 20130418
F-Secure Trojan.GenericKDZ.14575 20130417
Fortinet W32/Kryptik.X!tr 20130418
GData Trojan.GenericKDZ.14575 20130417
Ikarus Trojan-PWS.Win32.Tepfer 20130417
K7AntiVirus Password-Stealer 20130417
K7GW Trojan 20130417
Kaspersky Trojan-PSW.Win32.Tepfer.ijnk 20130417
Malwarebytes Malware.Packer.EGX7 20130418
McAfee PWS-FASY!5EA646FFDC1E 20130418
McAfee-GW-Edition Heuristic.BehavesLike.Win32.Suspicious-BAY.G 20130417
MicroWorld-eScan Trojan.GenericKDZ.14575 20130418
Microsoft Backdoor:Win32/Kelihos.F 20130418
Norman Hlux.XD 20130417
PCTools HeurEngine.MaliciousPacker 20130417
Panda Trj/Tepfer.B 20130417
SUPERAntiSpyware Trojan.Agent/Gen-Menti 20130417
Sophos Troj/Tepfer-Q 20130417
Symantec Packed.Generic.402 20130417
TrendMicro-HouseCall TROJ_GEN.R47H1DH 20130417
VIPRE Trojan.Win32.Generic!BT 20130418
nProtect Trojan.GenericKDZ.14575 20130417
Agnitum 20130417
Antiy-AVL 20130417
Avast 20130418
ByteHero 20130417
CAT-QuickHeal 20130417
ClamAV 20130417
Commtouch 20130417
Comodo 20130418
F-Prot 20130417
Jiangmin 20130417
Kingsoft 20130415
NANO-Antivirus 20130417
TheHacker 20130417
TotalDefense 20130417
TrendMicro 20130418
VBA32 20130417
ViRobot 20130417
eSafe 20130415
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-01-23 18:06:07
Entry Point 0x00001172
Number of sections 5
PE sections
PE imports
DllGetClassObject
DllRegisterServer
HeapSize
CreatePipe
IsBadWritePtr
GetStdHandle
ReleaseMutex
GetLocaleInfoA
GetModuleHandleA
GetFileAttributesA
CreateDirectoryA
DeleteFileA
GetDriveTypeA
WriteFile
GetPriorityClass
ResetEvent
ReadConsoleW
VirtualProtect
GetCommandLineA
SetLocalTime
RemoveDirectoryA
SetLastError
GetProcessHeap
DwRasUninitialize
SetFocus
wsprintfA
LoadCursorA
DispatchMessageA
GetWindowLongW
DrawIcon
GetWindowTextW
GetCapture
PeekMessageA
DestroyMenu
GetMessageW
GetCaretPos
SetCursor
Number of PE resources by type
RT_ICON 1
Number of PE resources by language
ENGLISH US 1
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2013:01:23 18:06:07+00:00

FileType
Win32 EXE

PEType
PE32

CodeSize
3072

LinkerVersion
2.25

FileAccessDate
2013:04:18 00:07:01+01:00

Warning
Invalid Version Info block

EntryPoint
0x1172

InitializedDataSize
811008

SubsystemVersion
5.1

ImageVersion
0.0

OSVersion
5.1

FileCreateDate
2013:04:18 00:07:01+01:00

UninitializedDataSize
0

File identification
MD5 5ea646ffdc1e9bc7759fdfc926de7660
SHA1 2df0bc409db0ee6d5769627a3f92d6d4f1f8f89b
SHA256 b932e16adfc0190e2f0b54a7cc7e1e1ac05afe5986404e4e6c12537adeb577df
ssdeep
24576:UwFL0v3r/kpD+EsqFqgAQm2APSBcipnf+g6/o0HWx:N1Mr0vsqFaQMPSBpp2Dg02

File size 796.5 KB ( 815616 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable (generic) (61.7%)
Generic Win/DOS Executable (18.9%)
DOS Executable Generic (18.9%)
VXD Driver (0.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe

VirusTotal metadata
First submission 2013-04-16 23:38:50 UTC ( 1 year ago )
Last submission 2013-04-17 23:07:04 UTC ( 12 months ago )
File names b932e16adfc0190e2f0b54a7cc7e1e1ac05afe5986404e4e6c12537adeb577df
vti-rescan
boston.avi_______.exe
b932e16adfc0190e2f0b54a7cc7e1e1ac05afe5986404e4e6c12537adeb5
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Set keys
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
TCP connections