× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: c488fe99ac05f9b9fa721125141012ded3a2c13124b6f70bd5881d082c1ab69b
File name: DDOS pgtlri.exe
Detection ratio: 41 / 56
Analysis date: 2015-09-30 05:25:11 UTC ( 3 years, 7 months ago ) View latest
Antivirus Result Update
Ad-Aware Backdoor.Hupigon.142991 20150930
Yandex Riskware.RemoteAdmin.DI 20150929
ALYac Backdoor.Hupigon.142991 20150930
Antiy-AVL Trojan/BAT.RadminInstaller.s 20150930
Arcabit Backdoor.Hupigon.D22E8F 20150930
Avast BV:Agent-ATU [Trj] 20150930
AVG BAT/Agent 20150930
Avira (no cloud) W32/Pedalac.A 20150929
AVware Virus.Win32.Ramnit.a (v) 20150930
BitDefender Backdoor.Hupigon.142991 20150930
CAT-QuickHeal RemoteAdmin.Agent.r9 (Not a Virus) 20150930
Comodo UnclassifiedMalware 20150930
Cyren W32/Ramnit.B 20150930
DrWeb Trojan.Radmin.127 20150930
Emsisoft Backdoor.Hupigon.142991 (B) 20150930
ESET-NOD32 BAT/RA-based.AG 20150930
F-Prot W32/Ramnit.B 20150929
F-Secure Backdoor.Hupigon.142991 20150930
Fortinet W32/Ramnit.C 20150930
GData Backdoor.Hupigon.142991 20150930
Ikarus Trojan.BAT.RadminInstaller 20150930
Jiangmin Win32/Nimnul.a 20150927
K7AntiVirus Virus ( 002fe95d1 ) 20150929
K7GW Virus ( 002fe95d1 ) 20150930
Kaspersky Trojan.BAT.RadminInstaller.s 20150930
Kingsoft VIRUS_UNKNOWN 20150930
McAfee-GW-Edition BehavesLike.Win32.Virus.wc 20150930
Microsoft Virus:Win32/Ramnit.B 20150930
eScan Backdoor.Hupigon.142991 20150930
NANO-Antivirus Trojan.Script.RadminInstaller.dddiyh 20150930
nProtect Backdoor.Hupigon.142991 20150925
Panda Trj/Genetic.gen 20150929
Qihoo-360 Win32/Trojan.c0a 20150930
Rising PE:Virus.Ramnit!1.9AA5[F1] 20150929
Sophos AV Mal/Generic-S 20150930
Symantec W32.Ramnit!inf 20150929
Tencent Win32.Virus.Nimnul.Hufj 20150930
TrendMicro TROJ_GEN.R00JC0DIH15 20150930
VBA32 Virus.Win32.Nimnul.a 20150929
VIPRE Virus.Win32.Ramnit.a (v) 20150930
ViRobot Trojan.Win32.S.Agent.7984229[h] 20150930
AegisLab 20150929
AhnLab-V3 20150929
Alibaba 20150927
Baidu-International 20150929
Bkav 20150929
ByteHero 20150930
ClamAV 20150929
CMC 20150929
Malwarebytes 20150930
McAfee 20150930
SUPERAntiSpyware 20150930
TheHacker 20150929
TrendMicro-HouseCall 20150930
Zillya 20150929
Zoner 20150930
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
F-PROT appended, 7Z, Unicode
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2011-04-28 11:38:20
Entry Point 0x000121CF
Number of sections 4
PE sections
Overlays
MD5 c0b4fc0c08b695cb244ffd0d331dc2f0
File type data
Offset 444416
Size 7539813
Entropy 8.00
PE imports
GetDeviceCaps
GetCurrentObject
DeleteDC
CreateFontIndirectW
SelectObject
StretchBlt
GetObjectW
SetStretchBltMode
CreateCompatibleDC
DeleteObject
CreateCompatibleBitmap
GetUserDefaultUILanguage
SetThreadLocale
GetLastError
SetCurrentDirectoryW
GetStdHandle
EnterCriticalSection
TerminateThread
lstrlenA
GetModuleFileNameW
GlobalFree
WaitForSingleObject
GetVersionExW
SetEvent
MulDiv
FindNextFileW
SystemTimeToFileTime
FindResourceExA
ExpandEnvironmentStringsW
lstrlenW
GetLocalTime
DeleteCriticalSection
GetStartupInfoA
GetSystemDefaultUILanguage
GetDriveTypeW
SizeofResource
CompareFileTime
GetDiskFreeSpaceExW
GetFileSize
LockResource
SetFileTime
GetCommandLineW
CreateThread
GetSystemDefaultLCID
MultiByteToWideChar
CreateDirectoryW
DeleteFileW
WaitForMultipleObjects
GetLocaleInfoW
SuspendThread
RemoveDirectoryW
GetModuleHandleA
lstrcpyW
SetFileAttributesW
lstrcmpiA
WideCharToMultiByte
SetEnvironmentVariableW
SetFilePointer
GetSystemDirectoryW
ReadFile
GetTempPathW
ResetEvent
GetSystemTimeAsFileTime
FindFirstFileW
GlobalMemoryStatusEx
lstrcmpW
GetModuleHandleW
LoadLibraryA
LocalFree
FormatMessageW
ResumeThread
GetFileAttributesW
CreateEventW
GetExitCodeThread
lstrcmpiW
InitializeCriticalSection
LoadResource
WriteFile
CreateFileW
GlobalAlloc
VirtualFree
FindClose
lstrcatW
Sleep
IsBadReadPtr
SetEndOfFile
CloseHandle
ExitProcess
GetProcAddress
VirtualAlloc
GetEnvironmentVariableW
SetLastError
LeaveCriticalSection
_purecall
__p__fmode
malloc
??1type_info@@UAE@XZ
memset
_wcsnicmp
__dllonexit
_controlfp
_except_handler3
??2@YAPAXI@Z
strncmp
_onexit
_wtol
exit
_XcptFilter
memcmp
__setusermatherr
__p__commode
_acmdln
_CxxThrowException
?_set_new_handler@@YAP6AHI@ZP6AHI@Z@Z
_adjust_fdiv
??3@YAXPAX@Z
free
__getmainargs
_initterm
memmove
memcpy
_beginthreadex
_exit
_EH_prolog
__set_app_type
OleLoadPicture
VariantClear
SysAllocString
SHBrowseForFolderW
ShellExecuteW
SHGetPathFromIDListW
ShellExecuteExW
SHGetFileInfoW
SHGetSpecialFolderPathW
SHGetMalloc
SetFocus
GetParent
EndDialog
DrawTextW
DefWindowProcW
KillTimer
GetMessageW
ShowWindow
MessageBeep
SetWindowPos
GetClassNameA
wvsprintfW
GetSystemMetrics
SetWindowLongW
IsWindow
SendMessageW
GetWindowRect
ClientToScreen
CharUpperW
MessageBoxA
GetSystemMenu
GetWindowDC
GetWindow
GetSysColor
DispatchMessageW
CopyImage
ReleaseDC
GetMenu
GetWindowLongW
DrawIconEx
SetWindowTextW
GetDlgItem
SystemParametersInfoW
LoadImageW
GetDC
ScreenToClient
wsprintfA
SetTimer
CallWindowProcW
DialogBoxIndirectParamW
EnableWindow
GetClientRect
GetWindowTextW
EnableMenuItem
LoadIconW
GetWindowTextLengthW
CreateWindowExW
wsprintfW
GetKeyState
DestroyWindow
CreateStreamOnHGlobal
CoCreateInstance
CoInitialize
Number of PE resources by type
RT_ICON 17
RT_GROUP_ICON 2
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
NEUTRAL 10
RUSSIAN 9
ENGLISH US 2
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
8.0

ImageVersion
0.0

FileSubtype
3145728

FileVersionNumber
114.116.110.105

UninitializedDataSize
0

LanguageCode
Neutral

FileFlagsMask
0x490065

CharacterSet
Unicode

InitializedDataSize
372224

EntryPoint
0x121cf

OriginalFileName
RMS Module

MIMEType
application/octet-stream

LegalCopyright
Copyright 2014 TektonIT. All rights reserved.

FileVersion
5.6

TimeStamp
2011:04:28 12:38:20+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
5.6

FileDescription
RMS Component

OSVersion
4.0

FileOS
Unknown (0x6f)

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
TektonIT

CodeSize
71680

ProductName
RMS

ProductVersionNumber
70.103.108.105

FileTypeExtension
exe

ObjectFileType
Unknown (536)

Execution parents
Compressed bundles
File identification
MD5 95a3f225987e0c9d7d53be67bbc227fb
SHA1 91313916cdf6ebed79775e90239ed6c0a5e9cb1b
SHA256 c488fe99ac05f9b9fa721125141012ded3a2c13124b6f70bd5881d082c1ab69b
ssdeep
196608:5k77SbIok9yvb5VeWJ7OwwrZdl6CsEwpfyTIJjiXaZ:5kfSbIqb5Iw0wXycJjIW

authentihash 042897cebc7117fab84a83ed73935e981b3914f2067edbc24e3216529b080377
imphash c769210c368165fcb9c03d3f832f55eb
File size 7.6 MB ( 7984229 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Generic Win/DOS Executable (49.9%)
DOS Executable Generic (49.8%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)
Tags
peexe overlay

VirusTotal metadata
First submission 2014-09-03 12:47:31 UTC ( 4 years, 8 months ago )
Last submission 2015-09-30 05:25:11 UTC ( 3 years, 7 months ago )
File names DDOS Панель.exe
DDOS pgtlri.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Shell commands
Opened mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
UDP communications