× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: bd56609c386a6b5bc18254c7327d221af182193eee5008f6e405ab5c1215b070
File name: ?b28b06f01e219d58efba9fe0d1fe1bb3
Detection ratio: 41 / 57
Analysis date: 2015-03-23 02:02:12 UTC ( 2 months ago )
Antivirus Result Update
ALYac Gen:Variant.Sirefef.433 20150323
AVG Crypt2.BRAU 20150323
AVware Trojan.Win32.Kryptik.yc (v) 20150320
Ad-Aware Gen:Variant.Sirefef.433 20150323
Agnitum Backdoor.ZAccess!JHmwZMsi+Qs 20150322
AhnLab-V3 Win-Trojan/Inject.239104 20150322
Antiy-AVL Trojan[Backdoor]/Win32.ZAccess 20150322
Avast Win32:Malware-gen 20150323
Avira BDS/ZAccess.2396164 20150322
Baidu-International Adware.Win32.iBryte.BNMB 20150322
BitDefender Gen:Variant.Sirefef.433 20150323
Bkav W32.MeylieLTG.Trojan 20150321
CAT-QuickHeal Backdoor.ZAccess.r6 20150321
Comodo TrojWare.Win32.Kryptik.BMYG 20150323
DrWeb Trojan.Siggen5.60587 20150323
ESET-NOD32 a variant of Win32/Kryptik.BNMB 20150322
Emsisoft Gen:Variant.Sirefef.433 (B) 20150323
F-Secure Gen:Variant.Sirefef.433 20150322
Fortinet W32/Kryptik.Y!tr 20150323
GData Gen:Variant.Sirefef.433 20150323
Ikarus Trojan.Win32.Sirefef 20150323
K7AntiVirus Trojan ( 0048d1981 ) 20150322
K7GW Trojan ( 0048d1981 ) 20150322
Kaspersky HEUR:Trojan.Win32.Generic 20150323
Malwarebytes Trojan.FakeApach 20150323
McAfee ZeroAccess-FEC!18F4D13F7670 20150323
McAfee-GW-Edition ZeroAccess-FEC!18F4D13F7670 20150323
MicroWorld-eScan Gen:Variant.Sirefef.433 20150323
Microsoft Trojan:Win32/Sirefef.P 20150323
NANO-Antivirus Trojan.Win32.Siggen5.csigzc 20150322
Norman Kryptik.CCRL 20150322
Qihoo-360 Win32/Trojan.e6d 20150323
SUPERAntiSpyware Trojan.Agent/Gen-FalComp 20150321
Sophos Mal/EncPk-AKS 20150323
Symantec Trojan.Zeroaccess.C 20150323
Tencent Trojan.Win32.Qudamah.Gen.2 20150323
TheHacker Trojan/Kryptik.bnmb 20150322
TrendMicro BKDR_SIREFEF.PHP 20150323
TrendMicro-HouseCall BKDR_SIREFEF.PHP 20150323
VBA32 Backdoor.ZAccess 20150322
VIPRE Trojan.Win32.Kryptik.yc (v) 20150323
AegisLab 20150323
Alibaba 20150323
ByteHero 20150323
CMC 20150317
ClamAV 20150323
Cyren 20150323
F-Prot 20150323
Jiangmin 20150322
Kingsoft 20150323
Panda 20150318
Rising 20150322
TotalDefense 20150322
ViRobot 20150323
Zillya 20150322
Zoner 20150320
nProtect 20150320
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Developer metadata
Copyright
Copyright 2012 The Apashe Software Foundation.

Publisher Crash Software Foundazion
Original name ab.exe
Internal name ac.exe
File version 2.4.3
Description ApacheBench command line utility
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-10-22 19:15:03
Link date 8:15 PM 10/22/2013
Entry Point 0x00002404
Number of sections 6
PE sections
PE imports
RegCreateKeyExW
SetSecurityDescriptorDacl
RegCloseKey
GetUserNameW
RegQueryValueExA
RegOpenKeyExW
InitializeSecurityDescriptor
RegOpenKeyExA
RegQueryValueExW
RegSetValueExW
_TrackMouseEvent
GetDeviceCaps
SelectObject
RoundRect
CreateFontIndirectW
DeleteObject
CreatePen
GetPixel
CreateSolidBrush
BitBlt
CreateCompatibleDC
GetTextExtentPoint32W
CreateCompatibleBitmap
GetLayout
WaitForSingleObject
HeapDestroy
GetFileAttributesW
VerifyVersionInfoW
DeleteCriticalSection
GetCurrentProcess
LocalAlloc
SetErrorMode
WideCharToMultiByte
InterlockedExchange
FindResourceExW
GetSystemTimeAsFileTime
Thread32First
HeapReAlloc
FreeLibrary
LocalFree
FormatMessageW
GetExitCodeProcess
InitializeCriticalSection
OutputDebugStringW
GetLogicalDriveStringsW
FindClose
InterlockedDecrement
QueryDosDeviceW
GetFullPathNameW
SetLastError
DeviceIoControl
LoadResource
GetModuleFileNameW
IsDebuggerPresent
HeapAlloc
VerSetConditionMask
HeapSetInformation
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
GetSystemDirectoryW
SetUnhandledExceptionFilter
MulDiv
IsProcessorFeaturePresent
TerminateProcess
GetVersion
SetCurrentDirectoryW
GlobalAlloc
SetEndOfFile
GetCurrentThreadId
InterlockedIncrement
CreateToolhelp32Snapshot
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
LoadLibraryW
GetVersionExW
SetEvent
QueryPerformanceCounter
GetTickCount
LoadLibraryA
GetFileSize
OpenProcess
GetStartupInfoW
GetProcAddress
GetPrivateProfileIntW
GetProcessHeap
WriteFile
ResetEvent
Thread32Next
DuplicateHandle
WaitForMultipleObjects
ExpandEnvironmentStringsA
CreateEventW
CreateFileW
LeaveCriticalSection
GetLastError
GlobalFree
OpenEventW
GlobalUnlock
Process32NextW
SizeofResource
GetCurrentProcessId
LockResource
HeapSize
InterlockedCompareExchange
Process32FirstW
RaiseException
SetFilePointer
ReadFile
CloseHandle
GlobalLock
GetModuleHandleW
GetFileAttributesExW
HeapCreate
FindResourceW
CreateProcessW
Sleep
DragQueryFileW
SHGetSpecialFolderPathW
ShellExecuteExW
DragFinish
SHAppBarMessage
RegisterWindowMessageW
GetForegroundWindow
GetParent
EqualRect
OffsetRect
FindWindowW
TrackMouseEvent
CreatePopupMenu
DrawStateW
FillRect
LoadMenuW
GetSystemMetrics
MessageBoxW
DestroyIcon
GetWindowRect
InflateRect
EnableWindow
UnhookWindowsHookEx
LoadIconW
DrawIcon
IsMenu
PostMessageW
InvalidateRect
SendMessageW
GetMenuItemID
GetKeyState
ReleaseDC
GetIconInfo
GetMenu
GetSubMenu
GetLastActivePopup
wsprintfW
DrawIconEx
LoadStringW
GetClientRect
SystemParametersInfoW
BringWindowToTop
IsWindow
IsIconic
ScreenToClient
DeleteMenu
CallNextHookEx
DrawFocusRect
AppendMenuW
SetTimer
LoadImageW
GetActiveWindow
GetMenuItemCount
CopyRect
SetWindowsHookExW
LoadCursorW
GetSystemMenu
GetFocus
GetDC
GetWindowLongW
SetForegroundWindow
SetCursor
IsChild
TranslateAcceleratorW
auxGetVolume
CoInitializeEx
CoTaskMemAlloc
CreateStreamOnHGlobal
Number of PE resources by type
RT_BITMAP 1
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 3
ExifTool file metadata
SubsystemVersion
5.0

LinkerVersion
9.0

ImageVersion
0.0

FileVersionNumber
2.4.3.0

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

CharacterSet
Unicode

InitializedDataSize
68608

OriginalFilename
ab.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright 2012 The Apashe Software Foundation.

FileVersion
2.4.3

TimeStamp
2013:10:22 20:15:03+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
ac.exe

ProductVersion
2.4.3

FileDescription
ApacheBench command line utility

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Crash Software Foundazion

CodeSize
188928

FileSubtype
0

ProductVersionNumber
2.4.3.0

EntryPoint
0x2404

ObjectFileType
Executable application

Compressed bundles
PCAP parents
File identification
MD5 18f4d13f7670866f96822e4683137dd6
SHA1 bf72e602f6499e604e5c14c7a63300c6aff84fde
SHA256 bd56609c386a6b5bc18254c7327d221af182193eee5008f6e405ab5c1215b070
ssdeep
3072:tlz0BlTB7Re/5P9px58egfy6gM/TVNpWYODmsW58wce1ijbkUE0kUE1lVF1lVF2:3z0DFAPEeqJnyDY58wce1

authentihash 05684a09d7737d1cd15a4bc8668b90589c857f9bb0049b51f4b219b4605b994d
imphash adeb135f7aa0dae9d5b40d7978614ac3
File size 233.5 KB ( 239104 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2013-10-24 18:24:33 UTC ( 1 year, 7 months ago )
Last submission 2015-03-23 02:02:12 UTC ( 2 months ago )
File names 715.exe
13.exe_
index.html.1F881E17[1].html
index.html.1F881E17[2].html
e602f6499e604e5c14c7a63300c6aff84fde
?b28b06f01e219d58efba9fe0d1fe1bb3
index.html.1F881E17.html.exe
zeroaccess
ab.exe
ac.exe
sus4
index.html.1F881E17.html
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!