× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: ba67a48beb5042cc65343db9954a4739efe8f8cf4e4b0a1694618929c80d8938
File name: home.php
Detection ratio: 4 / 55
Analysis date: 2016-03-22 17:28:08 UTC ( 3 years ago ) View latest
Antivirus Result Update
Bkav HW32.Packed.6691 20160322
Kaspersky UDS:DangerousObject.Multi.Generic 20160322
Qihoo-360 QVM07.1.Malware.Gen 20160322
Rising PE:Malware.XPACK-HIE/Heur!1.9C48 [F] 20160322
Ad-Aware 20160322
AegisLab 20160322
Yandex 20160316
AhnLab-V3 20160322
Alibaba 20160322
ALYac 20160322
Antiy-AVL 20160322
Arcabit 20160322
Avast 20160322
AVG 20160321
Avira (no cloud) 20160322
AVware 20160322
Baidu 20160322
Baidu-International 20160322
BitDefender 20160322
ByteHero 20160322
CAT-QuickHeal 20160322
ClamAV 20160319
CMC 20160322
Comodo 20160322
Cyren 20160322
DrWeb 20160322
Emsisoft 20160322
ESET-NOD32 20160322
F-Prot 20160322
F-Secure 20160322
Fortinet 20160322
GData 20160322
Ikarus 20160322
Jiangmin 20160322
K7AntiVirus 20160322
K7GW 20160322
Malwarebytes 20160322
McAfee 20160322
McAfee-GW-Edition 20160322
Microsoft 20160322
eScan 20160322
NANO-Antivirus 20160322
nProtect 20160322
Panda 20160322
SUPERAntiSpyware 20160322
Symantec 20160322
Tencent 20160322
TheHacker 20160321
TrendMicro 20160322
TrendMicro-HouseCall 20160322
VBA32 20160322
VIPRE 20160322
ViRobot 20160322
Zillya 20160322
Zoner 20160322
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2005-02-28 23:39:52
Entry Point 0x00025E92
Number of sections 4
PE sections
PE imports
CreateToolbarEx
DestroyPropertySheetPage
FlatSB_SetScrollRange
ImageList_LoadImageA
ImageList_Replace
FlatSB_GetScrollProp
ImageList_DragMove
PropertySheetA
CreatePropertySheetPageA
Ord(5)
ImageRvaToVa
ImageDirectoryEntryToData
StackWalk
ImageNtHeader
ImageRvaToSection
CheckSumMappedFile
SymGetLineNext
SymGetSearchPath
ImageGetDigestStream
UnMapAndLoad
SymEnumerateModules
SymGetSymFromAddr
UnDecorateSymbolName
SearchTreeForFile
ImageEnumerateCertificates
SymLoadModule
RemoveRelocations
SymFunctionTableAccess
SymGetSymFromName
SymGetLineFromAddr
SymUnloadModule
ImagehlpApiVersionEx
FindDebugInfoFile
BindImageEx
MakeSureDirectoryPathExists
SymUnDName
CreateFileMappingW
HeapCompact
GetPriorityClass
GetPrivateProfileSectionW
GetModuleHandleA
GetConsoleTitleW
GetLargestConsoleWindowSize
GetMailslotInfo
GetStringTypeExA
Thread32First
FindFirstChangeNotificationW
VarBstrFromCy
VarDateFromR4
VarI2FromI4
SysAllocStringLen
QueryPathOfRegTypeLib
VarDecFromCy
VarUI4FromI2
SafeArrayGetRecordInfo
OleLoadPictureFile
OleSavePictureFile
VarCyFromDec
VarUI4FromDate
SafeArrayGetElemsize
VarUI4FromR4
SafeArrayAllocData
VarBoolFromI1
VarUI1FromDec
Number of PE resources by type
RT_ICON 9
RT_GROUP_ICON 9
RT_DIALOG 8
RT_MENU 6
RT_ACCELERATOR 2
RT_BITMAP 1
RT_VERSION 1
Number of PE resources by language
TURKISH DEFAULT 36
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
8.0

ImageVersion
0.0

FileVersionNumber
0.157.78.54

UninitializedDataSize
0

LanguageCode
Neutral

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
229376

EntryPoint
0x25e92

OriginalFileName
Malefactions.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright 2010

FileVersion
227, 236, 88, 198

TimeStamp
2005:03:01 00:39:52+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Fringes

ProductVersion
69, 0, 191, 190

FileDescription
Legendary

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

CompanyName
SSH Communications Security

CodeSize
155648

FileSubtype
0

ProductVersionNumber
0.2.197.187

FileTypeExtension
exe

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 83aa88d92faf69b635a62a66747ed938
SHA1 dc28b7d3af67639ec0cdb0be9bfdd203af9a6299
SHA256 ba67a48beb5042cc65343db9954a4739efe8f8cf4e4b0a1694618929c80d8938
ssdeep
6144:DYmJoq/9iht6ODrb6gLrVvukQ9vo79KW7UpKjLhf:DRJRA6ODn6glEowWnh

authentihash 3cf6a7c83fccaab053e2d6b8a13e52bc9a34737622d2cefc40372f5c1bcb69c1
imphash 09392d6d83904003a3aeae8fe1a1b2ce
File size 264.0 KB ( 270336 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2016-03-22 15:09:52 UTC ( 3 years ago )
Last submission 2016-12-15 23:01:30 UTC ( 2 years, 4 months ago )
File names cdsadd.exe.3290293682.DROPPED
83aa88d92faf69b635a62a66747ed938.spm
svc.spm.exe
suspicious.exe
svc.exe
svc.spm
connect.businesshelpaz.exe
2926_ba67a48beb5042cc65343db9954a4739efe8f8cf4e4b0a1694618929c80d8938
home.php
gotpage.BIN
home.php.exe
cdsadd.exe
home.exe
cdsadd.exe.1416.dr
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created mutexes
Opened mutexes
Opened service managers
Runtime DLLs
UDP communications