× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: b932e16adfc0190e2f0b54a7cc7e1e1ac05afe5986404e4e6c12537adeb577df
File name: 5ea646ffdc1e9bc7759fdfc926de7660
Detection ratio: 47 / 53
Analysis date: 2014-05-21 11:35:24 UTC ( 1 year, 3 months ago )
Antivirus Result Update
AVG PSW.Generic11.FBF 20140521
Ad-Aware Trojan.GenericKDZ.14575 20140521
AhnLab-V3 Trojan/Win32.Foreign 20140520
AntiVir BDS/Kelihos.JH.10 20140521
Antiy-AVL Trojan[PSW]/Win32.Tepfer 20140521
Avast Win32:Kryptik-LKV [Trj] 20140521
Baidu-International Trojan.Win32.Kelihos.aArd 20140520
BitDefender Trojan.GenericKDZ.14575 20140521
Bkav HW32.CDB.Fa6b 20140520
CAT-QuickHeal Trojan.Urausy.C 20140521
Commtouch W32/Trojan.ODEX-0562 20140521
Comodo TrojWare.Win32.Kryptik.AYWT 20140520
DrWeb BackDoor.Slym.1498 20140521
ESET-NOD32 Win32/Kelihos.F 20140521
Emsisoft Trojan.GenericKDZ.14575 (B) 20140521
F-Prot W32/Trojan2.NVWV 20140521
F-Secure Trojan.GenericKDZ.14575 20140521
Fortinet W32/Kryptik.AGAJ!tr 20140521
GData Trojan.GenericKDZ.14575 20140521
Ikarus Virus.Agent 20140521
K7AntiVirus Password-Stealer ( 0040f30d1 ) 20140520
K7GW Password-Stealer ( 0040f30d1 ) 20140520
Kaspersky HEUR:Trojan.Win32.Generic 20140521
Kingsoft Win32.PSWTroj.Tepfer.ij.(kcloud) 20140521
Malwarebytes Malware.Packer.EGX7 20140521
McAfee Generic-FAGQ!5EA646FFDC1E 20140521
McAfee-GW-Edition Heuristic.BehavesLike.Win32.Suspicious-BAY.G 20140521
MicroWorld-eScan Trojan.GenericKDZ.14575 20140521
Microsoft Backdoor:Win32/Kelihos.F 20140521
NANO-Antivirus Trojan.Win32.Tepfer.bohlpr 20140521
Norman Hlux.XI 20140521
Panda Adware/SystemTool 20140521
Qihoo-360 HEUR/Malware.QVM20.Gen 20140521
Rising PE:Trojan.Win32.Generic.14799885!343513221 20140520
SUPERAntiSpyware Trojan.Agent/Gen-Winwebsec 20140520
Sophos Troj/Tepfer-Q 20140521
Symantec Packed.Generic.402 20140521
Tencent Win32.Trojan.Generic.Szvq 20140521
TheHacker Trojan/Kelihos.f 20140520
TotalDefense Win32/Winwebsec.AM!generic 20140521
TrendMicro TROJ_SPNR.35E013 20140521
TrendMicro-HouseCall TROJ_SPNR.35E013 20140521
VBA32 Heur.Trojan.Hlux 20140520
VIPRE Trojan.Win32.Winwebsec.mdc (v) 20140521
ViRobot Trojan.Win32.Agent.819200.F 20140521
Zillya Trojan.Tepfer.Win32.47748 20140521
nProtect Trojan-PWS/W32.Tepfer.815616.P 20140521
AegisLab 20140521
Agnitum 20140520
ByteHero 20140521
CMC 20140520
ClamAV 20140521
Jiangmin 20140521
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-01-23 18:06:07
Link date 7:06 PM 1/23/2013
Entry Point 0x00001172
Number of sections 5
PE sections
PE imports
DllGetClassObject
DllRegisterServer
HeapSize
CreatePipe
IsBadWritePtr
GetStdHandle
ReleaseMutex
GetLocaleInfoA
GetModuleHandleA
GetFileAttributesA
CreateDirectoryA
DeleteFileA
GetDriveTypeA
WriteFile
GetPriorityClass
ResetEvent
ReadConsoleW
VirtualProtect
GetCommandLineA
SetLocalTime
RemoveDirectoryA
SetLastError
GetProcessHeap
DwRasUninitialize
SetFocus
wsprintfA
LoadCursorA
DispatchMessageA
GetWindowLongW
DrawIcon
GetWindowTextW
GetCapture
PeekMessageA
DestroyMenu
GetMessageW
GetCaretPos
SetCursor
Number of PE resources by type
RT_ICON 1
Number of PE resources by language
ENGLISH US 1
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2013:01:23 19:06:07+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
3072

LinkerVersion
2.25

FileAccessDate
2014:05:21 12:30:14+01:00

Warning
Invalid Version Info block

EntryPoint
0x1172

InitializedDataSize
811008

SubsystemVersion
5.1

ImageVersion
0.0

OSVersion
5.1

FileCreateDate
2014:05:21 12:30:14+01:00

UninitializedDataSize
0

File identification
MD5 5ea646ffdc1e9bc7759fdfc926de7660
SHA1 2df0bc409db0ee6d5769627a3f92d6d4f1f8f89b
SHA256 b932e16adfc0190e2f0b54a7cc7e1e1ac05afe5986404e4e6c12537adeb577df
ssdeep
24576:UwFL0v3r/kpD+EsqFqgAQm2APSBcipnf+g6/o0HWx:N1Mr0vsqFaQMPSBpp2Dg02

imphash 9cb34a0a7ed2f8332d162fd47cc52137
File size 796.5 KB ( 815616 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable (generic) (52.7%)
Generic Win/DOS Executable (23.4%)
DOS Executable Generic (23.3%)
VXD Driver (0.3%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe

VirusTotal metadata
First submission 2013-04-16 23:38:50 UTC ( 2 years, 4 months ago )
Last submission 2014-05-21 11:35:24 UTC ( 1 year, 3 months ago )
File names 5ea646ffdc1e9bc7759fdfc926de7660
b932e16adfc0190e2f0b54a7cc7e1e1ac05afe5986404e4e6c12537adeb577df
vti-rescan
boston.avi_______.exe
b932e16adfc0190e2f0b54a7cc7e1e1ac05afe5986404e4e6c12537adeb5
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Set keys
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
TCP connections