× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: bbe55148946af2f198c1c967de23e3a82c0aacf64d871bc926895ef6c92cf32a
File name: vt-upload-4t377
Detection ratio: 4 / 47
Analysis date: 2013-11-23 00:53:11 UTC ( 4 months, 4 weeks ago )
Antivirus Result Update
Comodo Heur.Suspicious 20131122
DrWeb Trojan.Crossrider.9 20131123
ESET-NOD32 Win32/Packed.ScrambleWrapper.C 20131123
Malwarebytes PUP.Optional.CrossRider 20131122
AVG 20131122
Agnitum 20131122
AhnLab-V3 20131122
AntiVir 20131123
Antiy-AVL 20131122
Avast 20131123
Baidu-International 20131122
BitDefender 20131123
Bkav 20131122
ByteHero 20131118
CAT-QuickHeal 20131122
ClamAV 20131123
Commtouch 20131122
Emsisoft 20131123
F-Prot 20131122
F-Secure 20131122
Fortinet 20131123
GData 20131123
Ikarus 20131122
Jiangmin 20131122
K7AntiVirus 20131122
K7GW 20131122
Kaspersky 20131123
Kingsoft 20130829
McAfee 20131123
McAfee-GW-Edition 20131122
MicroWorld-eScan 20131123
Microsoft 20131123
NANO-Antivirus 20131122
Norman 20131122
Panda 20131122
Rising 20131122
SUPERAntiSpyware 20131122
Sophos 20131123
Symantec 20131123
TheHacker 20131122
TotalDefense 20131122
TrendMicro 20131123
TrendMicro-HouseCall 20131122
VBA32 20131122
VIPRE 20131123
ViRobot 20131122
nProtect 20131122
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block
Copyright
Mxbrwkscfzbde

Publisher Brightcircle Investments Limited
Product Haywpey
File version 1.1.1.1
Description Xxnteoqar
Signature verification Signed file, verified signature
Signing date 1:53 AM 11/23/2013
Signers
[+] Brightcircle Investments Limited
Status Valid
Valid from 2:33 PM 3/8/2013
Valid to 2:33 PM 3/8/2016
Valid usage Code Signing
Algorithm SHA1
Thumbrint DBD0F7B4E369AA0E616E644A13B3BE650B8E8221
Serial number 04 7F 36 48 3D C8 4C
[+] Go Daddy Secure Certification Authority
Status Valid
Valid from 2:54 AM 11/16/2006
Valid to 2:54 AM 11/16/2026
Valid usage All
Algorithm SHA1
Thumbrint 7C4656C3061F7F4C0D67B319A855F60EBC11FC44
Serial number 03 01
[+] Go Daddy Class 2 Certification Authority
Status Valid
Valid from 6:06 PM 6/29/2004
Valid to 6:06 PM 6/29/2034
Valid usage Server Auth, Client Auth, Email Protection, Code Signing
Algorithm SHA1
Thumbrint 2796BAE63F1801E277261BA0D77770028F20EEE4
Serial number 00
Packers identified
F-PROT NSIS
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2010-01-05 12:09:32
Entry Point 0x00004044
Number of sections 7
PE sections
PE imports
RegDeleteKeyA
RegCloseKey
RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
RegDeleteValueA
RegCreateKeyExA
RegEnumKeyA
RegEnumValueA
ImageList_Create
InitCommonControls
ImageList_Destroy
ImageList_AddMasked
GetDeviceCaps
SelectObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetBkColor
DeleteObject
SetTextColor
GetLastError
ReadFile
lstrlenA
GetFileAttributesA
GlobalFree
WaitForSingleObject
GetExitCodeProcess
CopyFileA
ExitProcess
SetFileTime
GlobalUnlock
GetModuleFileNameA
LoadLibraryA
GetShortPathNameA
GetCurrentProcess
LoadLibraryExA
CompareFileTime
GetPrivateProfileStringA
WritePrivateProfileStringA
GetFileSize
lstrcatA
CreateDirectoryA
DeleteFileA
GetWindowsDirectoryA
SetErrorMode
MultiByteToWideChar
GetCommandLineA
GetProcAddress
SetFileAttributesA
SetFilePointer
GetTempPathA
CreateThread
lstrcmpiA
GetModuleHandleA
lstrcmpA
FindFirstFileA
WriteFile
CloseHandle
GetTempFileNameA
lstrcpynA
FindNextFileA
RemoveDirectoryA
GetSystemDirectoryA
GetDiskFreeSpaceA
ExpandEnvironmentStringsA
GetFullPathNameA
FreeLibrary
MoveFileA
CreateProcessA
GlobalAlloc
GlobalLock
SearchPathA
FindClose
Sleep
CreateFileA
GetTickCount
GetVersion
SetCurrentDirectoryA
MulDiv
CoTaskMemFree
OleUninitialize
CoCreateInstance
OleInitialize
SHGetFileInfoA
SHGetSpecialFolderLocation
SHBrowseForFolderA
SHGetPathFromIDListA
ShellExecuteA
SHFileOperationA
CharPrevA
GetMessagePos
EmptyClipboard
EndDialog
BeginPaint
PostQuitMessage
DefWindowProcA
GetClassInfoA
SetClassLongA
LoadBitmapA
SetWindowPos
GetSystemMetrics
IsWindow
AppendMenuA
GetWindowRect
DispatchMessageA
EnableWindow
SetDlgItemTextA
MessageBoxIndirectA
LoadImageA
GetDlgItemTextA
ScreenToClient
PeekMessageA
SetWindowLongA
DialogBoxParamA
GetSysColor
CheckDlgButton
GetDC
DrawTextA
SystemParametersInfoA
CreatePopupMenu
wsprintfA
ShowWindow
SetClipboardData
IsWindowVisible
SendMessageA
IsWindowEnabled
GetClientRect
SetTimer
GetDlgItem
SetForegroundWindow
CreateDialogParamA
SetCursor
EnableMenuItem
RegisterClassA
InvalidateRect
GetWindowLongA
FindWindowExA
CreateWindowExA
LoadCursorA
TrackPopupMenu
SetWindowTextA
FillRect
SendMessageTimeoutA
CharNextA
CallWindowProcA
GetSystemMenu
EndPaint
CloseClipboard
OpenClipboard
ExitWindowsEx
DestroyWindow
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA
Number of PE resources by type
RT_ICON 7
RT_DIALOG 3
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 13
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
2.56

ImageVersion
6.0

FileSubtype
0

FileVersionNumber
1.1.1.1

UninitializedDataSize
110592

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

CharacterSet
ASCII

InitializedDataSize
14848

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
1.1.1.1

TimeStamp
2010:01:05 13:09:32+01:00

FileType
Win32 EXE

PEType
PE32

FileDescription
Xxnteoqar

OSVersion
4.0

FileOS
Win32

LegalCopyright
Mxbrwkscfzbde

MachineType
Intel 386 or later, and compatibles

CompanyName
Xseeobiicmf

CodeSize
33792

ProductName
Haywpey

ProductVersionNumber
1.1.1.1

EntryPoint
0x4044

ObjectFileType
Executable application

File identification
MD5 a9198d21f5dacafa274b14dca257ea12
SHA1 977c522b3668f9c4a3ae4d80a4c332ac699fc4d4
SHA256 bbe55148946af2f198c1c967de23e3a82c0aacf64d871bc926895ef6c92cf32a
ssdeep
98304:3X0zI7OnFL+CideDhdbeNm/I3WJpJZ8LQPA+9Hpc0O8bu:H0cKfidsZLAGULiHjOH

File size 4.7 MB ( 4936984 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID NSIS - Nullsoft Scriptable Install System (91.9%)
Win32 Executable MS Visual C++ (generic) (3.3%)
Win64 Executable (generic) (3.0%)
Win32 Dynamic Link Library (generic) (0.7%)
Win32 Executable (generic) (0.4%)
Tags
nsis peexe signed

VirusTotal metadata
First submission 2013-06-13 04:13:05 UTC ( 10 months, 1 week ago )
Last submission 2013-06-13 04:13:05 UTC ( 10 months, 1 week ago )
File names vt-upload-4t377
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Moved files
Deleted files
Set keys
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
Additional details
The file uses the IsDebuggerPresent Windows API function in order to see whether it is being debugged.
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
HTTP requests
DNS requests
TCP connections
UDP communications