× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: ba8c73524d23a879ccae22ae005fd6b85675553b17ae01195373e419bf976d5c
File name: e2ac99705ef1979c7c11f129fb37b4e43c96f034
Detection ratio: 13 / 57
Analysis date: 2015-05-19 22:01:58 UTC ( 3 years, 10 months ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Kazy.614882 20150519
ALYac Gen:Variant.Kazy.614882 20150519
BitDefender Gen:Variant.Kazy.614882 20150519
Emsisoft Gen:Variant.Kazy.614882 (B) 20150519
ESET-NOD32 a variant of Win32/Kryptik.DIHC 20150519
F-Secure Gen:Variant.Kazy.614882 20150519
GData Gen:Variant.Kazy.614882 20150519
Malwarebytes Trojan.Injector.CD 20150519
McAfee Artemis!B60453E519BE 20150519
McAfee-GW-Edition Artemis 20150519
eScan Gen:Variant.Kazy.614882 20150519
Rising PE:Malware.XPACK-LNR/Heur!1.5594 20150519
Tencent Trojan.Win32.Qudamah.Gen.1 20150519
AegisLab 20150519
Yandex 20150519
AhnLab-V3 20150519
Alibaba 20150519
Antiy-AVL 20150519
Avast 20150519
AVG 20150519
Avira (no cloud) 20150519
AVware 20150519
Baidu-International 20150519
Bkav 20150519
ByteHero 20150519
CAT-QuickHeal 20150519
ClamAV 20150519
CMC 20150518
Comodo 20150519
Cyren 20150519
DrWeb 20150519
F-Prot 20150519
Fortinet 20150519
Ikarus 20150519
Jiangmin 20150519
K7AntiVirus 20150519
K7GW 20150519
Kaspersky 20150519
Kingsoft 20150519
Microsoft 20150519
NANO-Antivirus 20150519
Norman 20150519
nProtect 20150519
Panda 20150519
Qihoo-360 20150519
Sophos AV 20150519
SUPERAntiSpyware 20150519
Symantec 20150519
TheHacker 20150519
TotalDefense 20150519
TrendMicro 20150519
TrendMicro-HouseCall 20150519
VBA32 20150519
VIPRE 20150519
ViRobot 20150519
Zillya 20150519
Zoner 20150518
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2005-06-15 04:08:59
Entry Point 0x00001000
Number of sections 5
PE sections
PE imports
EnumSystemCodePagesW
WriteProfileSectionA
WriteConsoleOutputA
GetDriveTypeW
FileTimeToDosDateTime
CopyFileExA
GetStringTypeA
GetNumberFormatA
HeapUnlock
GetDiskFreeSpaceW
ContinueDebugEvent
Module32Next
HeapAlloc
FreeEnvironmentStringsW
IsBadCodePtr
DeleteFileW
SetThreadIdealProcessor
Number of PE resources by type
RT_RCDATA 1
RT_VERSION 1
Number of PE resources by language
NEUTRAL DEFAULT 2
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2005:06:15 05:08:59+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
172544

LinkerVersion
0.0

FileTypeExtension
exe

InitializedDataSize
143896

SubsystemVersion
4.1

EntryPoint
0x1000

OSVersion
4.0

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 b60453e519be8298bc97bc0f62fd443a
SHA1 f10753c34d23aa10d66f8ea469cc296e8067a724
SHA256 ba8c73524d23a879ccae22ae005fd6b85675553b17ae01195373e419bf976d5c
ssdeep
1536:oAMd+B4YsjgOVm2rO2iOC2Mrv8I/0YfLYsnKML64FKJTR/0zbrIP3Fg:0XjhI2jO5rv3fLztXaTyYP3Fg

authentihash f4005423d3df4840418b0e3924a09fbb0c8c84bfcd333d3d51a91ba773dafe33
imphash 51c2b024904d3582f9bdc52bd1356454
File size 310.0 KB ( 317440 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable (generic) (42.4%)
Win16/32 Executable Delphi generic (19.5%)
Generic Win/DOS Executable (18.8%)
DOS Executable Generic (18.8%)
VXD Driver (0.2%)
Tags
peexe

VirusTotal metadata
First submission 2015-05-19 22:01:58 UTC ( 3 years, 10 months ago )
Last submission 2015-05-19 22:01:58 UTC ( 3 years, 10 months ago )
File names e2ac99705ef1979c7c11f129fb37b4e43c96f034
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Moved files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.