× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: bf552dca64a5a28a76a501ef06ee54841264f8d6af905878e9a502412c0714dd
File name: 0.99_0_Kuluoz_Kuluoz_1__home_logger_ham_tmp.ML__f_document_July-2...
Detection ratio: 26 / 54
Analysis date: 2014-07-29 13:28:32 UTC ( 2 years, 9 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.1782095 20140729
AhnLab-V3 Trojan/Win32.Dofoil 20140729
AntiVir TR/Kuluoz.B.1 20140729
Avast Win32:Malware-gen 20140729
AVware Trojan.Win32.Kuluoz.dad (v) 20140729
BitDefender Trojan.GenericKD.1782095 20140729
Commtouch W32/Trojan.ANDV-6634 20140729
Comodo UnclassifiedMalware 20140729
DrWeb BackDoor.Kuluoz.4 20140729
Emsisoft Trojan-Downloader.Win32.Kuluoz (A) 20140729
ESET-NOD32 a variant of Generik.JNGBRHB 20140729
F-Prot W32/Trojan3.JPT 20140729
GData Trojan.GenericKD.1782095 20140729
Ikarus Trojan-Downloader.Win32.Kuluoz 20140729
Kaspersky Net-Worm.Win32.Aspxor.bqck 20140729
McAfee Packed-BQ!6EDEC50DA554 20140729
McAfee-GW-Edition Packed-BQ!6EDEC50DA554 20140728
eScan Trojan.GenericKD.1782095 20140729
Norman Suspicious_Gen4.GVLGZ 20140729
Panda Trj/CI.A 20140729
Rising PE:Malware.FakeDOC@CV!1.9C3C 20140729
Sophos Mal/Wonton-G 20140729
Symantec Trojan.Asprox.B 20140729
TrendMicro TROJ_MIPC.008575GS14 20140729
TrendMicro-HouseCall TROJ_MIPC.008575GS14 20140729
VIPRE Trojan.Win32.Kuluoz.dad (v) 20140729
AegisLab 20140729
Yandex 20140729
Antiy-AVL 20140729
AVG 20140729
Baidu-International 20140729
Bkav 20140728
ByteHero 20140729
CAT-QuickHeal 20140729
ClamAV 20140729
CMC 20140728
F-Secure 20140729
Fortinet 20140729
Jiangmin 20140725
K7AntiVirus 20140728
K7GW 20140728
Kingsoft 20140729
Malwarebytes 20140729
Microsoft 20140729
NANO-Antivirus 20140729
nProtect 20140729
Qihoo-360 20140729
SUPERAntiSpyware 20140729
Tencent 20140729
TheHacker 20140728
TotalDefense 20140729
VBA32 20140729
ViRobot 20140729
Zoner 20140723
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-07-29 06:11:29
Entry Point 0x00004C45
Number of sections 4
PE sections
PE imports
GetStdHandle
WaitForSingleObject
HeapDestroy
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetLocaleInfoA
FreeEnvironmentStringsW
GetLocaleInfoW
GetCPInfo
GetStringTypeA
InterlockedExchange
WriteFile
GetTimeZoneInformation
HeapReAlloc
GetStringTypeW
FreeLibrary
LocalFree
FormatMessageW
GetEnvironmentVariableA
FindClose
TlsGetValue
SetLastError
InitializeCriticalSection
ExitProcess
GetModuleFileNameA
EnumSystemLocalesA
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
FatalAppExitA
CreateThread
SetEnvironmentVariableA
TerminateProcess
GetVersion
InterlockedIncrement
HeapFree
EnterCriticalSection
SetHandleCount
GetOEMCP
QueryPerformanceCounter
GetTickCount
IsBadWritePtr
TlsAlloc
GetVersionExA
LoadLibraryA
RtlUnwind
GetStartupInfoA
GetStartupInfoW
CreateDirectoryW
GetUserDefaultLCID
GetProcessHeap
CompareStringW
GetCurrentThreadId
CompareStringA
IsValidLocale
GetProcAddress
SetEvent
CreateEventW
CreateFileW
GetFileType
TlsSetValue
HeapAlloc
LeaveCriticalSection
GetLastError
LCMapStringW
LCMapStringA
GetEnvironmentStringsW
lstrlenW
GetEnvironmentStrings
CompareFileTime
GetCurrentProcessId
GetCommandLineW
WideCharToMultiByte
GetCommandLineA
GetCurrentThread
RaiseException
TlsFree
GetModuleHandleA
GetACP
GetModuleHandleW
IsValidCodePage
HeapCreate
VirtualFree
Sleep
VirtualAlloc
ResetEvent
SHFileOperationW
SetForegroundWindow
GetParent
EnableWindow
EndDialog
PostQuitMessage
ShowWindow
SetWindowPos
GetWindowThreadProcessId
GetSysColorBrush
GetSystemMetrics
GetWindowRect
EndPaint
SetRectEmpty
ShowWindowAsync
GetDlgItemTextA
GetWindowDC
TranslateMessage
IsWindowEnabled
GetDlgItemTextW
GetDlgItemInt
GetCursorPos
ReleaseDC
LoadStringA
IsWindowVisible
GetWindowPlacement
SendMessageA
LoadStringW
GetClientRect
SetTimer
GetDlgItem
InvalidateRect
GetWindowLongA
GetWindowTextLengthA
GetDCEx
GetMenuItemCount
GetWindowTextW
GetDesktopWindow
IsWindowUnicode
GetWindowTextLengthW
GetWindowLongW
GetWindowTextA
DestroyWindow
SetCursor
Ord(134)
Number of PE resources by type
RT_ICON 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 2
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2014:07:29 07:11:29+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
53248

LinkerVersion
7.1

EntryPoint
0x4c45

InitializedDataSize
77824

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 6edec50da5540820682387c71434d209
SHA1 e2d830d32fbf7ef543db4e24a3204c29095d43da
SHA256 bf552dca64a5a28a76a501ef06ee54841264f8d6af905878e9a502412c0714dd
ssdeep
3072:o+CIcuI+A0RcBVUgdEvsW6iUbQhjmIxRjwU4UZDrO/F:hHTRA0UiOEvsWG4jJxRkUM

authentihash fb84331bb1a025104a853b442af6bcf08794523407334873e5d93d33290dcdcf
imphash 31bc1663cde1bc7cadd46bbf084f2dae
File size 132.0 KB ( 135168 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2014-07-28 20:25:48 UTC ( 2 years, 10 months ago )
Last submission 2014-07-29 17:13:28 UTC ( 2 years, 9 months ago )
File names 6edec50da5540820682387c71434d209.malware
6edec50da5540820682387c71434d209
bf552dca64a5a28a76a501ef06ee54841264f8d6af905878e9a502412c0714dd.exe.000
0.99_0_Kuluoz_Kuluoz_1__home_logger_ham_tmp.ML__f_document_July-28-2014.exe.cld
Copy_of_document_July-28-2014.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Created processes
Created mutexes
Opened mutexes
Runtime DLLs
DNS requests