× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: be77981ab682ad856e5e4034f37c77e0c882a4d88850e5b84c3fe1bcd3a78661
File name: Alcxmntr
Detection ratio: 51 / 54
Analysis date: 2014-07-10 14:15:05 UTC ( 3 years, 7 months ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Kazy.285 20140710
Yandex Trojan.DL.Refroso.Gen.2 20140710
AhnLab-V3 Trojan/Win32.Refroso 20140710
AntiVir TR/Kazy.T.1 20140710
Antiy-AVL Trojan[PSW]/Win32.Dybalom 20140710
Avast Win32:Lethic-B [Trj] 20140710
AVG Downloader.Generic10.OFE 20140710
Baidu-International Trojan.Win32.Ddox.AkW 20140710
BitDefender Gen:Variant.Kazy.285 20140710
Bkav W32.LethicTP.Trojan 20140710
CAT-QuickHeal Trojan.Lethic.B 20140710
ClamAV Trojan.Downloader-101233 20140710
CMC Trojan.Win32.Ddox!O 20140710
Commtouch W32/Troj_Obfusc.N.gen!Eldorado 20140710
Comodo TrojWare.Win32.Trojan.Generic.45956320 20140710
DrWeb Trojan.Packed.21141 20140710
Emsisoft Gen:Variant.Kazy.285 (B) 20140710
ESET-NOD32 a variant of Win32/Lethic.AD 20140710
F-Prot W32/Troj_Obfusc.N.gen!Eldorado 20140710
F-Secure Gen:Variant.Kazy.285 20140710
Fortinet W32/Injector.IA!tr 20140710
GData Gen:Variant.Kazy.285 20140710
Ikarus Virus.Win32.CeeInject 20140710
Jiangmin TrojanDownloader.Refroso.ap 20140710
K7AntiVirus Backdoor ( 00001d701 ) 20140710
K7GW Backdoor ( 00001d701 ) 20140710
Kaspersky Trojan.Win32.Ddox.jyh 20140710
Kingsoft Win32.Troj.Ddox.um.(kcloud) 20140710
Malwarebytes Trojan.Refroso.Gen 20140710
McAfee BackDoor-EBI.gen 20140710
McAfee-GW-Edition Heuristic.BehavesLike.Win32.Suspicious-BAY.K 20140710
Microsoft Trojan:Win32/Lethic.B 20140710
eScan Gen:Variant.Kazy.285 20140710
NANO-Antivirus Trojan.Win32.Refroso.cahve 20140710
Norman Lethic.BB 20140710
nProtect Trojan-Downloader/W32.Refroso.44544 20140710
Panda Trj/Refroso.O 20140710
Qihoo-360 Win32/Trojan.a87 20140710
Rising PE:Trojan.Win32.Generic.12426A19!306342425 20140710
Sophos AV Mal/Lethic-B 20140710
SUPERAntiSpyware Trojan.Agent/Gen-Trashal 20140710
Symantec Downloader 20140710
Tencent Win32.Trojan.Ddox.Dzuk 20140710
TheHacker Trojan/Downloader.Refroso.bbc 20140708
TotalDefense Win32/Refroso.CE 20140710
TrendMicro TROJ_LETHIC.SMF 20140710
TrendMicro-HouseCall Suspicious_GEN.F47V0708 20140710
VBA32 BScope.Injector.Trash 20140710
VIPRE Net-Worm.Win32.Kolab.ehp (v) 20140710
ViRobot Trojan.Win32.Downloader.44544.FX 20140710
Zillya Downloader.Refroso.Win32.124 20140710
AegisLab 20140710
ByteHero 20140710
Zoner 20140708
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (c) 2004 Realtek Semiconductor Corp.

Publisher Realtek Semiconductor Corp.
Product Realtek AC97 Audio - Event Monitor
Original name Alcxmntr.exe
Internal name Alcxmntr
File version 1.6.0.2
Description Realtek Azalia Audio - Event Monitor
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Entry Point 0x000043FD
Number of sections 4
PE sections
PE imports
GetDeviceCaps
CreateThread
GetStartupInfoA
GetModuleHandleA
Sleep
MulDiv
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?replace@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IIABV12@II@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
__p__fmode
malloc
_acmdln
memset
strcat
_stricmp
strlen
_except_handler3
??2@YAPAXI@Z
__p__commode
exit
_XcptFilter
__setusermatherr
_controlfp
sprintf
__CxxFrameHandler
_adjust_fdiv
getenv
__getmainargs
memcpy
memmove
_initterm
_exit
_EH_prolog
strcmp
__set_app_type
SetFocus
GetMessageA
CreateWindowExA
LoadCursorA
UnregisterClassA
DispatchMessageA
TranslateMessage
SendMessageA
DefWindowProcA
MessageBoxA
PostQuitMessage
GetWindowTextA
ShowWindow
RegisterClassExA
GetDC
DestroyWindow
CoInitialize
Number of PE resources by type
RT_ICON 4
RT_GROUP_CURSOR 1
RT_VERSION 1
RT_RCDATA 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 6
NEUTRAL 2
PE resources
ExifTool file metadata
SubsystemVersion
4.0

InitializedDataSize
27136

ImageVersion
0.0

ProductName
Realtek AC97 Audio - Event Monitor

FileVersionNumber
1.6.0.2

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

LinkerVersion
0.0

OriginalFilename
Alcxmntr.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
1.6.0.2

TimeStamp
0000:00:00 00:00:00

FileType
Win32 EXE

PEType
PE32

InternalName
Alcxmntr

FileAccessDate
2014:07:10 15:17:40+01:00

ProductVersion
1.6.0.2

FileDescription
Realtek Azalia Audio - Event Monitor

OSVersion
0.0

FileCreateDate
2014:07:10 15:17:40+01:00

FileOS
Windows NT 32-bit

LegalCopyright
Copyright (c) 2004 Realtek Semiconductor Corp.

MachineType
Intel 386 or later, and compatibles

CompanyName
Realtek Semiconductor Corp.

CodeSize
0

FileSubtype
0

ProductVersionNumber
1.6.0.2

EntryPoint
0x43fd

ObjectFileType
Executable application

File identification
MD5 199eeed3bf9f925d37ff5423c83076c1
SHA1 51ddc6961edc7ce8a961d021ee5c7dd6c2c75b59
SHA256 be77981ab682ad856e5e4034f37c77e0c882a4d88850e5b84c3fe1bcd3a78661
ssdeep
768:sRvgutJnI2hXzuBs92vBuRzgZYE4Xbg+zIXX+zVrEzsNVFRx9z1VKVwO0C+6:mvgutJnjhXzss92vWzgqblEzsNVLDeC6

imphash 9eaa76e871da9a7f2f0e65ee80eecca6
File size 43.5 KB ( 44544 bytes )
File type Win32 EXE
Magic literal
MS-DOS executable, MZ for MS-DOS

TrID Win32 Executable (generic) (52.6%)
Generic Win/DOS Executable (23.3%)
DOS Executable Generic (23.3%)
VXD Driver (0.3%)
Sybase iAnywhere database files (0.2%)
Tags
peexe

VirusTotal metadata
First submission 2010-09-12 23:21:19 UTC ( 7 years, 5 months ago )
Last submission 2010-09-22 16:58:15 UTC ( 7 years, 5 months ago )
File names Alcxmntr
Nxm9.chm
Alcxmntr.exe
psYu84.xlt
aa
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Created processes
Code injections in the following processes
Opened mutexes
Searched windows
Runtime DLLs