× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: bd56609c386a6b5bc18254c7327d221af182193eee5008f6e405ab5c1215b070
File name: index.html.1F881E17.html
Detection ratio: 43 / 56
Analysis date: 2014-12-14 03:52:44 UTC ( 2 months, 3 weeks ago )
Antivirus Result Update
ALYac Gen:Variant.Sirefef.433 20141214
AVG Crypt2.BRAU 20141213
AVware Trojan.Win32.Kryptik.yc (v) 20141214
Ad-Aware Gen:Variant.Sirefef.433 20141214
Agnitum Backdoor.ZAccess!JHmwZMsi+Qs 20141213
AhnLab-V3 Win-Trojan/Inject.239104 20141213
Antiy-AVL Trojan[Backdoor]/Win32.ZAccess 20141212
Avast Win32:Malware-gen 20141214
Avira BDS/ZAccess.2396164 20141213
Baidu-International Trojan.Win32.Kryptik.BBNMB 20141213
BitDefender Gen:Variant.Sirefef.433 20141214
Bkav W32.MeylieLTG.Trojan 20141212
CAT-QuickHeal Backdoor.ZAccess.r6 20141213
Comodo TrojWare.Win32.Kryptik.BMYG 20141214
DrWeb Trojan.Siggen5.60587 20141214
ESET-NOD32 a variant of Win32/Kryptik.BNMB 20141213
Emsisoft Gen:Variant.Sirefef.433 (B) 20141214
F-Secure Gen:Variant.Sirefef.433 20141214
Fortinet W32/Kryptik.Y!tr 20141213
GData Gen:Variant.Sirefef.433 20141214
Ikarus Trojan.Win32.Sirefef 20141213
K7AntiVirus Trojan ( 0048d1981 ) 20141212
K7GW Trojan ( 0048d1981 ) 20141213
Kaspersky HEUR:Trojan.Win32.Generic 20141214
Kingsoft Win32.Hack.ZAccess.en.(kcloud) 20141214
Malwarebytes Trojan.FakeApach 20141214
McAfee ZeroAccess-FEC!18F4D13F7670 20141214
McAfee-GW-Edition ZeroAccess-FEC!18F4D13F7670 20141213
MicroWorld-eScan Gen:Variant.Sirefef.433 20141214
Microsoft Trojan:Win32/Sirefef.P 20141214
NANO-Antivirus Trojan.Win32.Siggen5.csigzc 20141214
Norman Kryptik.CCRL 20141213
Panda Trj/Genetic.gen 20141213
Qihoo-360 Win32/Trojan.e6d 20141214
SUPERAntiSpyware Trojan.Agent/Gen-FalComp 20141213
Sophos Mal/EncPk-AKS 20141214
Symantec Trojan.Zeroaccess.C 20141214
Tencent Win32.Trojan.Generic.Ebrg 20141214
TheHacker Trojan/Kryptik.bnmb 20141212
TrendMicro BKDR_SIREFEF.PHP 20141214
TrendMicro-HouseCall BKDR_SIREFEF.PHP 20141214
VBA32 Backdoor.ZAccess 20141212
VIPRE Trojan.Win32.Kryptik.yc (v) 20141214
AegisLab 20141214
ByteHero 20141214
CMC 20141212
ClamAV 20141214
Cyren 20141214
F-Prot 20141214
Jiangmin 20141213
Rising 20141213
TotalDefense 20141213
ViRobot 20141214
Zillya 20141212
Zoner 20141210
nProtect 20141212
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Developer metadata
Copyright
Copyright 2012 The Apashe Software Foundation.

Publisher Crash Software Foundazion
Original name ab.exe
Internal name ac.exe
File version 2.4.3
Description ApacheBench command line utility
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-10-22 19:15:03
Link date 8:15 PM 10/22/2013
Entry Point 0x00002404
Number of sections 6
PE sections
PE imports
RegCreateKeyExW
SetSecurityDescriptorDacl
RegCloseKey
GetUserNameW
RegQueryValueExA
RegOpenKeyExW
InitializeSecurityDescriptor
RegOpenKeyExA
RegQueryValueExW
RegSetValueExW
_TrackMouseEvent
GetDeviceCaps
SelectObject
RoundRect
CreateFontIndirectW
DeleteObject
CreatePen
GetPixel
CreateSolidBrush
BitBlt
CreateCompatibleDC
GetTextExtentPoint32W
CreateCompatibleBitmap
GetLayout
WaitForSingleObject
HeapDestroy
GetFileAttributesW
VerifyVersionInfoW
DeleteCriticalSection
GetCurrentProcess
LocalAlloc
SetErrorMode
WideCharToMultiByte
InterlockedExchange
FindResourceExW
GetSystemTimeAsFileTime
Thread32First
HeapReAlloc
FreeLibrary
LocalFree
FormatMessageW
GetExitCodeProcess
InitializeCriticalSection
OutputDebugStringW
GetLogicalDriveStringsW
FindClose
InterlockedDecrement
QueryDosDeviceW
GetFullPathNameW
SetLastError
DeviceIoControl
LoadResource
GetModuleFileNameW
IsDebuggerPresent
HeapAlloc
VerSetConditionMask
HeapSetInformation
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
GetSystemDirectoryW
SetUnhandledExceptionFilter
MulDiv
IsProcessorFeaturePresent
TerminateProcess
GetVersion
SetCurrentDirectoryW
GlobalAlloc
SetEndOfFile
GetCurrentThreadId
InterlockedIncrement
CreateToolhelp32Snapshot
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
LoadLibraryW
GetVersionExW
SetEvent
QueryPerformanceCounter
GetTickCount
LoadLibraryA
GetFileSize
OpenProcess
GetStartupInfoW
GetProcAddress
GetPrivateProfileIntW
GetProcessHeap
WriteFile
ResetEvent
Thread32Next
DuplicateHandle
WaitForMultipleObjects
ExpandEnvironmentStringsA
CreateEventW
CreateFileW
LeaveCriticalSection
GetLastError
GlobalFree
OpenEventW
GlobalUnlock
Process32NextW
SizeofResource
GetCurrentProcessId
LockResource
HeapSize
InterlockedCompareExchange
Process32FirstW
RaiseException
SetFilePointer
ReadFile
CloseHandle
GlobalLock
GetModuleHandleW
GetFileAttributesExW
HeapCreate
FindResourceW
CreateProcessW
Sleep
DragQueryFileW
SHGetSpecialFolderPathW
ShellExecuteExW
DragFinish
SHAppBarMessage
RegisterWindowMessageW
GetForegroundWindow
GetParent
EqualRect
OffsetRect
FindWindowW
TrackMouseEvent
CreatePopupMenu
DrawStateW
FillRect
LoadMenuW
GetSystemMetrics
MessageBoxW
DestroyIcon
GetWindowRect
InflateRect
EnableWindow
UnhookWindowsHookEx
LoadIconW
DrawIcon
IsMenu
PostMessageW
InvalidateRect
SendMessageW
GetMenuItemID
GetKeyState
ReleaseDC
GetIconInfo
GetMenu
GetSubMenu
GetLastActivePopup
wsprintfW
DrawIconEx
LoadStringW
GetClientRect
SystemParametersInfoW
BringWindowToTop
IsWindow
IsIconic
ScreenToClient
DeleteMenu
CallNextHookEx
DrawFocusRect
AppendMenuW
SetTimer
LoadImageW
GetActiveWindow
GetMenuItemCount
CopyRect
SetWindowsHookExW
LoadCursorW
GetSystemMenu
GetFocus
GetDC
GetWindowLongW
SetForegroundWindow
SetCursor
IsChild
TranslateAcceleratorW
auxGetVolume
CoInitializeEx
CoTaskMemAlloc
CreateStreamOnHGlobal
Number of PE resources by type
RT_BITMAP 1
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 3
ExifTool file metadata
SubsystemVersion
5.0

LinkerVersion
9.0

ImageVersion
0.0

FileVersionNumber
2.4.3.0

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

CharacterSet
Unicode

InitializedDataSize
68608

FileOS
Win32

MIMEType
application/octet-stream

LegalCopyright
Copyright 2012 The Apashe Software Foundation.

FileVersion
2.4.3

TimeStamp
2013:10:22 20:15:03+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
ac.exe

FileAccessDate
2014:12:14 04:52:59+01:00

ProductVersion
2.4.3

FileDescription
ApacheBench command line utility

OSVersion
5.0

FileCreateDate
2014:12:14 04:52:59+01:00

OriginalFilename
ab.exe

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Crash Software Foundazion

CodeSize
188928

FileSubtype
0

ProductVersionNumber
2.4.3.0

EntryPoint
0x2404

ObjectFileType
Executable application

Compressed bundles
PCAP parents
File identification
MD5 18f4d13f7670866f96822e4683137dd6
SHA1 bf72e602f6499e604e5c14c7a63300c6aff84fde
SHA256 bd56609c386a6b5bc18254c7327d221af182193eee5008f6e405ab5c1215b070
ssdeep
3072:tlz0BlTB7Re/5P9px58egfy6gM/TVNpWYODmsW58wce1ijbkUE0kUE1lVF1lVF2:3z0DFAPEeqJnyDY58wce1

authentihash 05684a09d7737d1cd15a4bc8668b90589c857f9bb0049b51f4b219b4605b994d
imphash adeb135f7aa0dae9d5b40d7978614ac3
File size 233.5 KB ( 239104 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2013-10-24 18:24:33 UTC ( 1 year, 4 months ago )
Last submission 2014-12-14 03:52:44 UTC ( 2 months, 3 weeks ago )
File names 715.exe
13.exe_
index.html.1F881E17[1].html
ac.exe
e602f6499e604e5c14c7a63300c6aff84fde
?b28b06f01e219d58efba9fe0d1fe1bb3
index.html.1F881E17.html.exe
zeroaccess
ab.exe
index.html.1F881E17[2].html
sus4
index.html.1F881E17.html
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!