× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: b932e16adfc0190e2f0b54a7cc7e1e1ac05afe5986404e4e6c12537adeb577df
File name: VirusShare_5ea646ffdc1e9bc7759fdfc926de7660
Detection ratio: 50 / 57
Analysis date: 2016-03-22 20:51:53 UTC ( 3 months ago )
Antivirus Result Update
ALYac Worm.Kelihos 20160322
AVG PSW.Generic11.FBF 20160322
AVware Trojan.Win32.Winwebsec.mdc (v) 20160322
Ad-Aware Trojan.GenericKDZ.14575 20160322
AegisLab Troj.PSW32.W.Tepfer.ijnk!c 20160322
Yandex Backdoor.Kelihos!eUhGjgcohMM 20160316
AhnLab-V3 Trojan/Win32.Foreign 20160322
Antiy-AVL Trojan[PSW]/Win32.Tepfer 20160322
Arcabit Trojan.Generic.D38EF 20160322
Avast Win32:Crypt-PDH [Trj] 20160322
Avira (no cloud) BDS/Kelihos.JH.10 20160322
Baidu Win32.Trojan.Kryptik.ia 20160322
Baidu-International Trojan.Win32.Kelihos.F 20160322
BitDefender Trojan.GenericKDZ.14575 20160322
CAT-QuickHeal Trojan.Urausy.C 20160322
Comodo TrojWare.Win32.Kryptik.AYWT 20160322
Cyren W32/Trojan.ODEX-0562 20160322
DrWeb BackDoor.Slym.1498 20160322
ESET-NOD32 Win32/Kelihos.F 20160322
Emsisoft Trojan.GenericKDZ.14575 (B) 20160322
F-Prot W32/Trojan2.NVWV 20160322
F-Secure Trojan.GenericKDZ.14575 20160322
Fortinet W32/Kryptik.AGAJ!tr 20160322
GData Trojan.GenericKDZ.14575 20160322
Ikarus Virus.Agent 20160322
K7AntiVirus Password-Stealer ( 0040f30d1 ) 20160322
K7GW Password-Stealer ( 0040f30d1 ) 20160322
Kaspersky HEUR:Trojan.Win32.Generic 20160322
Malwarebytes Trojan.MalPack.EGX 20160322
McAfee Generic-FAGQ!5EA646FFDC1E 20160322
McAfee-GW-Edition BehavesLike.Win32.Dropper.bc 20160322
eScan Trojan.GenericKDZ.14575 20160322
Microsoft Trojan:Win32/Bulta!rfn 20160322
NANO-Antivirus Trojan.Win32.Tepfer.bohlpr 20160322
Panda Adware/SystemTool 20160322
Qihoo-360 HEUR/Malware.QVM20.Gen 20160322
Rising PE:Malware.Generic(Thunder)!1.A1C4 [F] 20160322
SUPERAntiSpyware Trojan.Agent/Gen-Winwebsec 20160322
Sophos Troj/Tepfer-Q 20160322
Symantec Packed.Generic.402 20160322
Tencent Win32.Trojan.Generic.Szvq 20160322
TheHacker Trojan/Kelihos.f 20160321
TotalDefense Win32/Winwebsec.AM!generic 20160322
TrendMicro TROJ_SPNR.35E013 20160322
TrendMicro-HouseCall TROJ_SPNR.35E013 20160322
VBA32 Heur.Trojan.Hlux 20160322
VIPRE Trojan.Win32.Winwebsec.mdc (v) 20160322
ViRobot Trojan.Win32.Agent.819200.F[h] 20160322
Zillya Trojan.Tepfer.Win32.47748 20160322
nProtect Trojan-PWS/W32.Tepfer.815616.P 20160322
Alibaba 20160322
Bkav 20160322
ByteHero 20160322
CMC 20160322
ClamAV 20160319
Jiangmin 20160322
Zoner 20160322
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-01-23 18:06:07
Entry Point 0x00001172
Number of sections 5
PE sections
PE imports
DllGetClassObject
DllRegisterServer
HeapSize
CreatePipe
IsBadWritePtr
GetStdHandle
ReleaseMutex
GetLocaleInfoA
GetModuleHandleA
GetFileAttributesA
CreateDirectoryA
DeleteFileA
GetDriveTypeA
WriteFile
GetPriorityClass
ResetEvent
ReadConsoleW
VirtualProtect
GetCommandLineA
SetLocalTime
RemoveDirectoryA
SetLastError
GetProcessHeap
DwRasUninitialize
SetFocus
wsprintfA
LoadCursorA
DispatchMessageA
GetWindowLongW
DrawIcon
GetWindowTextW
GetCapture
PeekMessageA
DestroyMenu
GetMessageW
GetCaretPos
SetCursor
Number of PE resources by type
RT_ICON 1
Number of PE resources by language
ENGLISH US 1
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2013:01:23 19:06:07+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
3072

LinkerVersion
2.25

Warning
Invalid Version Info block

EntryPoint
0x1172

InitializedDataSize
811008

SubsystemVersion
5.1

ImageVersion
0.0

OSVersion
5.1

UninitializedDataSize
0

File identification
MD5 5ea646ffdc1e9bc7759fdfc926de7660
SHA1 2df0bc409db0ee6d5769627a3f92d6d4f1f8f89b
SHA256 b932e16adfc0190e2f0b54a7cc7e1e1ac05afe5986404e4e6c12537adeb577df
ssdeep
24576:UwFL0v3r/kpD+EsqFqgAQm2APSBcipnf+g6/o0HWx:N1Mr0vsqFaQMPSBpp2Dg02

authentihash fd848134df0cd1877510cd88e9376edcc8292f59677f4495f89451d119f3d596
imphash 9cb34a0a7ed2f8332d162fd47cc52137
File size 796.5 KB ( 815616 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable (generic) (52.7%)
Generic Win/DOS Executable (23.4%)
DOS Executable Generic (23.4%)
VXD Driver (0.3%)
Tags
peexe

VirusTotal metadata
First submission 2013-04-16 23:38:50 UTC ( 3 years, 2 months ago )
Last submission 2016-03-22 20:51:53 UTC ( 3 months ago )
File names VirusShare_5ea646ffdc1e9bc7759fdfc926de7660
b932e16adfc0190e2f0b54a7cc7e1e1ac05afe5986404e4e6c12537adeb577df
vti-rescan
b932e16adfc0190e2f0b54a7cc7e1e1ac05afe5986404e4e6c12537adeb5
5ea646ffdc1e9bc7759fdfc926de7660
boston.avi_______.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Set keys
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
TCP connections