× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: c2ef2b5009419e824b2b775a65e7ea599693daae9e7340804256222ac3732425
File name: malw_4.ex_
Detection ratio: 41 / 57
Analysis date: 2015-02-25 17:05:33 UTC ( 3 years, 12 months ago )
Antivirus Result Update
Ad-Aware Gen:Trojan.Heur.AutoIT.2 20150225
Yandex Trojan.AutoIT.ZU 20150225
AhnLab-V3 HEUR/Fakon.mwf 20150225
Avast Win32:Agent-AVDF [Trj] 20150225
AVG Worm/AutoRun.PH 20150225
Avira (no cloud) TR/Patched.Ren.Gen 20150225
AVware Trojan.Win32.Generic!SB.0 20150225
Baidu-International Worm.Win32.Sohanad.pw 20150225
BitDefender Gen:Trojan.Heur.AutoIT.2 20150225
Bkav W32.YahLoverQKB.Trojan 20150225
CAT-QuickHeal Worm.AutoIt.Sohanad.AU 20150225
Comodo Worm.Win32.Sohanad.NCB 20150225
Cyren W32/AutoIt.AF.gen!Eldorado 20150225
DrWeb Trojan.Siggen3.25319 20150225
Emsisoft Gen:Trojan.Heur.AutoIT.2 (B) 20150225
ESET-NOD32 Win32/Sohanad.NCB 20150225
F-Prot W32/AutoIt.AF.gen!Eldorado 20150225
F-Secure Gen:Trojan.Heur.AutoIT.2 20150225
GData Gen:Trojan.Heur.AutoIT.2 20150225
Ikarus Worm.Win32.Sohanad 20150225
K7AntiVirus NetWorm ( 0022429c1 ) 20150225
K7GW NetWorm ( 0022429c1 ) 20150225
Kaspersky IM-Worm.Win32.Sohanad.pw 20150225
Malwarebytes Worm.Autorun 20150225
McAfee W32/YahLover.worm.gen 20150225
McAfee-GW-Edition BehavesLike.Win32.Yahlover.th 20150225
Microsoft Worm:Win32/Nuqel.Z 20150225
eScan Gen:Trojan.Heur.AutoIT.2 20150225
NANO-Antivirus Trojan.Win32.AutoRun.hcfwq 20150225
Norman Obfuscated.H5!genr 20150225
Panda Trj/Autoit.gen 20150225
Rising PE:Malware.FakeFolder@CV!1.6AA9 20150224
Sophos AV Mal/Sohana-A 20150225
Symantec W32.Imaut!gen1 20150225
TotalDefense Win32/SillyAutorun.DQF 20150225
TrendMicro WORM_SOHAND.SM 20150225
TrendMicro-HouseCall WORM_SOHAND.SM 20150225
VBA32 Trojan-Downloader.Autoit.gen 20150225
VIPRE Trojan.Win32.Generic!SB.0 20150225
Zillya Worm.Sohanad.Win32.3409 20150224
Zoner I-Worm.Sohanad.NFS 20150223
AegisLab 20150225
Alibaba 20150225
ALYac 20150225
Antiy-AVL 20150225
ByteHero 20150225
ClamAV 20150225
CMC 20150223
Fortinet 20150225
Jiangmin 20150224
Kingsoft 20150225
nProtect 20150225
Qihoo-360 20150225
SUPERAntiSpyware 20150225
Tencent 20150225
TheHacker 20150225
ViRobot 20150225
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1996-06-04 02:37:50
Entry Point 0x00053E3D
Number of sections 8
PE sections
PE imports
RegCreateKeyExW
CloseServiceHandle
RegEnumValueW
RegConnectRegistryW
RegCloseKey
OpenProcessToken
GetUserNameW
RegSetValueExW
OpenSCManagerW
RegDeleteValueW
LockServiceDatabase
RegEnumKeyExW
AdjustTokenPrivileges
LookupPrivilegeValueW
RegOpenKeyExW
RegDeleteKeyW
UnlockServiceDatabase
RegQueryValueExW
ImageList_BeginDrag
ImageList_Destroy
ImageList_Create
ImageList_Remove
ImageList_SetDragCursorImage
ImageList_DragMove
ImageList_DragLeave
InitCommonControlsEx
ImageList_ReplaceIcon
ImageList_DragEnter
ImageList_EndDrag
GetStockObject
CreatePen
EndPath
StrokeAndFillPath
GetPixel
Rectangle
PolyDraw
LineTo
DeleteDC
SetBkMode
SetPixel
CreateDCW
DeleteObject
GetObjectW
AngleArc
CreateDIBSection
SetTextColor
GetDeviceCaps
GetTextFaceW
MoveToEx
BitBlt
SetViewportOrgEx
StrokePath
GetDIBits
RoundRect
PolyBezierTo
CreateFontW
CloseFigure
SelectObject
CreateCompatibleBitmap
CreateSolidBrush
ExtCreatePen
SetBkColor
BeginPath
GetTextExtentPoint32W
Ellipse
CreateCompatibleDC
GetStdHandle
GetDriveTypeW
GetConsoleOutputCP
FileTimeToSystemTime
WaitForSingleObject
HeapDestroy
GetPrivateProfileSectionNamesW
GetFileAttributesW
GetLocalTime
FreeEnvironmentStringsA
CreatePipe
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
UnhandledExceptionFilter
SetErrorMode
FreeEnvironmentStringsW
SetStdHandle
WideCharToMultiByte
GetStringTypeA
GetDiskFreeSpaceW
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
GetOEMCP
FormatMessageW
ResumeThread
InitializeCriticalSection
LoadResource
FindClose
InterlockedDecrement
MoveFileW
SetFileAttributesW
GetEnvironmentVariableW
SetLastError
PeekNamedPipe
DeviceIoControl
TlsGetValue
CopyFileW
WriteProcessMemory
OutputDebugStringW
RemoveDirectoryW
Beep
ExitProcess
GetVersionExA
GetModuleFileNameA
LoadLibraryA
QueryPerformanceFrequency
SetProcessWorkingSetSize
WritePrivateProfileSectionW
GetVolumeInformationW
LoadLibraryExW
MultiByteToWideChar
GetPrivateProfileStringW
SetFilePointer
GetFullPathNameW
CreateThread
SetEnvironmentVariableW
GetSystemDirectoryW
DeleteCriticalSection
SetUnhandledExceptionFilter
SetSystemPowerState
ExitThread
SetEnvironmentVariableA
SetPriorityClass
GlobalMemoryStatus
WriteConsoleA
SetCurrentDirectoryW
GlobalAlloc
LocalFileTimeToFileTime
SetEndOfFile
GetCurrentThreadId
LeaveCriticalSection
WriteConsoleW
HeapFree
EnterCriticalSection
SetHandleCount
LoadLibraryW
GetVersionExW
GetExitCodeProcess
QueryPerformanceCounter
GetTickCount
TlsAlloc
FlushFileBuffers
lstrcmpiW
RtlUnwind
FreeLibrary
GlobalFindAtomW
GetStartupInfoA
GetWindowsDirectoryW
GetFileSize
LCMapStringW
OpenProcess
GetStartupInfoW
ReadProcessMemory
CreateDirectoryW
DeleteFileW
GlobalLock
GetProcessHeap
GetTempFileNameW
GetComputerNameW
EnumResourceNamesW
CompareStringW
GetModuleFileNameW
FindNextFileW
CompareStringA
FindFirstFileW
TerminateProcess
DuplicateHandle
GetProcAddress
SetVolumeLabelW
GetPrivateProfileSectionW
GetTimeZoneInformation
CreateFileW
GetFileType
TlsSetValue
CreateFileA
HeapAlloc
InterlockedIncrement
GetLastError
SystemTimeToFileTime
CreateFileMappingW
GetShortPathNameW
UnmapViewOfFile
GetSystemInfo
GlobalFree
GetConsoleCP
FindResourceW
LCMapStringA
GetEnvironmentStringsW
GlobalUnlock
VirtualFree
FileTimeToLocalFileTime
SizeofResource
GetCurrentDirectoryW
GetCurrentProcessId
LockResource
SetFileTime
GetCommandLineW
GetCPInfo
HeapSize
GetCommandLineA
WritePrivateProfileStringW
RaiseException
MapViewOfFile
TlsFree
GetModuleHandleA
ReadFile
CloseHandle
GetACP
GetModuleHandleW
GetEnvironmentStrings
IsValidCodePage
HeapCreate
GetTempPathW
CreateProcessW
Sleep
VirtualAlloc
WNetGetConnectionW
WNetCancelConnection2W
WNetUseConnectionW
WNetAddConnection2W
LoadRegTypeLib
VariantCopy
SafeArrayAccessData
VariantTimeToSystemTime
SafeArrayDestroyDescriptor
SafeArrayUnaccessData
VarR4FromDec
SafeArrayDestroyData
VariantClear
SysAllocString
GetActiveObject
SafeArrayAllocDescriptorEx
VariantInit
OleLoadPicture
SafeArrayAllocData
DragQueryFileW
SHBrowseForFolderW
SHFileOperationW
ShellExecuteW
SHGetPathFromIDListW
DragQueryPoint
ExtractIconExW
ShellExecuteExW
SHGetDesktopFolder
Shell_NotifyIconW
SHGetMalloc
DragFinish
RedrawWindow
GetForegroundWindow
UnregisterHotKey
DrawTextW
DestroyMenu
PostQuitMessage
SetWindowPos
IsWindow
EndPaint
VkKeyScanA
WindowFromPoint
CharUpperBuffW
SetMenuItemInfoW
SetActiveWindow
DispatchMessageW
GetCursorPos
ReleaseDC
GetMenuStringW
GetMenu
GetClientRect
SetMenuDefaultItem
GetNextDlgTabItem
IsClipboardFormatAvailable
LoadImageW
GetKeyboardState
keybd_event
ClientToScreen
GetActiveWindow
RegisterHotKey
OpenClipboard
GetWindowTextW
LockWindowUpdate
GetWindowTextLengthW
CopyImage
DestroyWindow
GetParent
SetClassLongW
EnumWindows
GetMessageW
ShowWindow
GetCaretPos
DrawFrameControl
CreateIconFromResourceEx
IsCharAlphaW
PeekMessageW
EnableWindow
CharUpperW
TranslateMessage
IsWindowEnabled
GetWindow
SetClipboardData
IsZoomed
LoadStringW
DrawMenuBar
IsCharLowerW
IsIconic
TrackPopupMenuEx
DrawFocusRect
CreateMenu
IsDialogMessageW
FillRect
EnumThreadWindows
CopyRect
GetSysColorBrush
CreateWindowExW
GetWindowLongW
CharNextW
IsChild
SetFocus
RegisterWindowMessageW
GetKeyboardLayoutNameA
BeginPaint
OffsetRect
DefWindowProcW
GetKeyboardLayoutNameW
KillTimer
MapVirtualKeyW
CheckMenuRadioItem
GetClipboardData
GetSystemMetrics
SetWindowLongW
GetWindowRect
InflateRect
SetCapture
ReleaseCapture
EnumChildWindows
SendDlgItemMessageW
PostMessageW
GetCursor
CreatePopupMenu
GetSubMenu
PtInRect
SetWindowTextW
SetTimer
GetDlgItem
SystemParametersInfoW
ScreenToClient
SetKeyboardState
CountClipboardFormats
GetMenuItemCount
AttachThreadInput
GetDesktopWindow
LoadCursorW
LoadIconW
FindWindowExW
GetMenuItemID
FlashWindow
SetForegroundWindow
ExitWindowsEx
GetMenuItemInfoW
GetAsyncKeyState
CharLowerBuffW
EndDialog
FindWindowW
GetDlgCtrlID
MessageBeep
GetWindowThreadProcessId
MessageBoxW
SendMessageW
RegisterClassExW
SetMenu
MoveWindow
DialogBoxParamW
MessageBoxA
IsCharUpperW
GetWindowDC
AdjustWindowRectEx
mouse_event
GetClassWord
GetFocus
GetSysColor
GetKeyState
DestroyIcon
wsprintfW
IsWindowVisible
EmptyClipboard
SubtractRect
IsCharAlphaNumericW
GetDC
FrameRect
SetRect
DeleteMenu
InvalidateRect
GetClassNameW
CreateIcon
IsMenu
SendMessageTimeoutW
InsertMenuItemW
CloseClipboard
SetCursor
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW
waveOutSetVolume
mciSendStringW
timeGetTime
__WSAFDIsSet
gethostname
socket
gethostbyname
recv
WSAStartup
sendto
inet_addr
send
ioctlsocket
recvfrom
WSACleanup
WSAGetLastError
ntohs
connect
accept
bind
htons
closesocket
select
listen
GetSaveFileNameW
GetOpenFileNameW
CreateStreamOnHGlobal
OleUninitialize
CoUninitialize
CoInitialize
CoTaskMemAlloc
CreateBindCtx
OleSetContainedObject
StringFromIID
CoCreateInstance
CoInitializeSecurity
CLSIDFromProgID
CLSIDFromString
OleSetMenuDescriptor
CoCreateInstanceEx
StringFromCLSID
IIDFromString
MkParseDisplayName
CoTaskMemFree
CoSetProxyBlanket
OleInitialize
Number of PE resources by type
RT_ICON 11
RT_STRING 6
RT_GROUP_ICON 3
RT_DIALOG 1
RT_MANIFEST 1
RT_MENU 1
RT_VERSION 1
Number of PE resources by language
ENGLISH UK 24
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
8.0

ImageVersion
0.0

FileVersionNumber
0.0.0.0

LanguageCode
English (British)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
141824

MIMEType
application/octet-stream

TimeStamp
1996:06:04 03:37:50+01:00

FileType
Win32 EXE

PEType
PE32

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Windows 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
414208

FileSubtype
3

ProductVersionNumber
0.0.0.0

EntryPoint
0x53e3d

ObjectFileType
Dynamic link library

File identification
MD5 551ffac6131489faf84e7ed72a060ebe
SHA1 a115f2197d6e42972db3cd76cfcbd1962dbc2362
SHA256 c2ef2b5009419e824b2b775a65e7ea599693daae9e7340804256222ac3732425
ssdeep
24576:SJeJfAqkjp98zHpieTXqDsj1dE1BcJ9nPx/igr:IeJfAJGpLrqDe1W1snP8

authentihash 02296bba033c529ba059047c9f2479fe11c42a8806bdba538a6854d783a2c999
imphash fa2ce92b03d6ad0da8b5b4c269fef40a
File size 1.3 MB ( 1399296 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable (generic) (52.9%)
Generic Win/DOS Executable (23.5%)
DOS Executable Generic (23.5%)
Tags
peexe

VirusTotal metadata
First submission 2015-02-25 17:05:33 UTC ( 3 years, 12 months ago )
Last submission 2015-02-25 17:05:33 UTC ( 3 years, 12 months ago )
File names malw_4.ex_
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
Additional details
The file uses the IsDebuggerPresent Windows API function in order to see whether it is being debugged.
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
HTTP requests
DNS requests
TCP connections