× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: c4930198e6dac55310a0791cda65838f468c1ca25fd717ef07b71f78a857b386
File name: c4930198e6dac55310a0791cda65838f468c1ca25fd717ef07b71f78a857b386.bin
Detection ratio: 22 / 56
Analysis date: 2015-04-09 12:13:43 UTC ( 3 years, 11 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.2281958 20150409
Avast Win32:Malware-gen 20150409
AVG Crypt4.KSQ 20150409
BitDefender Trojan.GenericKD.2281958 20150409
Emsisoft Trojan.GenericKD.2281958 (B) 20150409
ESET-NOD32 a variant of Win32/Kryptik.DEKQ 20150409
F-Secure Trojan.GenericKD.2281958 20150409
GData Trojan.GenericKD.2281958 20150409
Ikarus Trojan.Win32.Crypt 20150409
K7AntiVirus Trojan ( 004bc8641 ) 20150409
K7GW Trojan ( 004bc8641 ) 20150409
Kaspersky Trojan-Spy.Win32.Zbot.vhpb 20150409
Malwarebytes Trojan.Agent.ED 20150409
McAfee Artemis!5097F4644D4E 20150409
eScan Trojan.GenericKD.2281958 20150409
Norman Kryptik.CFBX 20150409
Panda Generic Suspicious 20150408
Qihoo-360 HEUR/QVM10.1.Malware.Gen 20150409
Sophos AV Mal/Generic-S 20150409
Symantec Trojan.Zbot 20150409
TrendMicro TROJ_FORUCON.BMC 20150409
TrendMicro-HouseCall TROJ_FORUCON.BMC 20150409
AegisLab 20150409
Yandex 20150408
AhnLab-V3 20150408
Alibaba 20150409
ALYac 20150409
Antiy-AVL 20150409
AVware 20150409
Baidu-International 20150409
Bkav 20150409
ByteHero 20150409
CAT-QuickHeal 20150409
ClamAV 20150409
CMC 20150408
Comodo 20150409
Cyren 20150409
DrWeb 20150409
F-Prot 20150409
Fortinet 20150409
Jiangmin 20150408
Kingsoft 20150409
McAfee-GW-Edition 20150409
Microsoft 20150409
NANO-Antivirus 20150409
nProtect 20150409
Rising 20150409
SUPERAntiSpyware 20150409
Tencent 20150409
TheHacker 20150408
TotalDefense 20150409
VBA32 20150408
VIPRE 20150409
ViRobot 20150409
Zillya 20150408
Zoner 20150407
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © 2015 Burnaware. All rights reserved.

Product Device module
Internal name Device module
File version 4.9.0.2
Description Device module
Comments Device module
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-04-07 19:07:41
Entry Point 0x00002C65
Number of sections 6
PE sections
PE imports
GetTraceEnableLevel
ImageList_Create
GetOpenFileNameA
GetDeviceCaps
ExcludeClipRect
RestoreDC
SelectObject
GetTextExtentPoint32A
CreateFontA
GetStockObject
SaveDC
TextOutA
CreateSolidBrush
SelectClipRgn
DeleteObject
CreateFontW
SetTextColor
ImmAssociateContext
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
SetHandleCount
LoadLibraryW
GetConsoleCP
GetOEMCP
QueryPerformanceCounter
IsDebuggerPresent
GetTickCount
TlsAlloc
GlobalUnlock
GetEnvironmentStringsW
FlushFileBuffers
GetModuleFileNameA
WaitForSingleObject
RtlUnwind
IsProcessorFeaturePresent
DeleteCriticalSection
GetCurrentProcess
GetStartupInfoW
GetConsoleMode
DecodePointer
GetCurrentProcessId
WideCharToMultiByte
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
HeapSize
FreeEnvironmentStringsW
GetCommandLineA
WaitForMultipleObjects
EncodePointer
GetFileType
SetStdHandle
GetModuleHandleA
InitializeCriticalSection
GetCPInfo
GetModuleFileNameW
TlsFree
SetFilePointer
CreatePipe
HeapSetInformation
SetUnhandledExceptionFilter
WriteFile
CloseHandle
GetSystemTimeAsFileTime
GetACP
HeapReAlloc
GetStringTypeW
GetModuleHandleW
GetFullPathNameA
HeapAlloc
TerminateProcess
GetProcAddress
IsValidCodePage
HeapCreate
lstrcpyA
CreateFileW
GlobalLock
CreateEventA
InterlockedDecrement
Sleep
SetLastError
TlsSetValue
ExitProcess
GetCurrentThreadId
InterlockedIncrement
LocalAlloc
WriteConsoleW
LeaveCriticalSection
NetGetJoinInformation
OleLoadPicture
DragQueryFileA
SetFocus
GetParent
UpdateWindow
EndDialog
GetMessageW
CheckRadioButton
PostQuitMessage
DefWindowProcA
ShowWindow
GetClipboardData
GetSystemMetrics
MessageBoxW
GetWindowRect
EndPaint
SetMenu
SetDlgItemTextA
MessageBoxA
GetWindowDC
TranslateMessage
IsWindowEnabled
GetWindow
DispatchMessageW
ReleaseDC
BeginPaint
SetWindowTextA
UnregisterClassA
SendMessageA
GetClientRect
GetDlgItem
DrawTextW
EnableMenuItem
ScreenToClient
SetRect
InvalidateRect
wsprintfA
IsClipboardFormatAvailable
CreateWindowExA
LoadCursorA
LoadIconA
ClientToScreen
FillRect
CharLowerBuffA
IsDlgButtonChecked
GetSystemMenu
GetFocus
GetDC
EnableWindow
CloseClipboard
OpenClipboard
DestroyWindow
waveOutGetNumDevs
PE exports
Number of PE resources by type
RT_CURSOR 19
RT_DIALOG 17
RT_GROUP_CURSOR 17
RT_BITMAP 14
RT_MENU 4
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 73
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

Comments
Device module

LinkerVersion
10.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
4.9.0.2

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
272384

EntryPoint
0x2c65

MIMEType
application/octet-stream

LegalCopyright
Copyright 2015 Burnaware. All rights reserved.

FileVersion
4.9.0.2

TimeStamp
2015:04:07 20:07:41+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Device module

SubsystemVersion
5.1

ProductVersion
4.9.0.2

FileDescription
Device module

OSVersion
5.1

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Burnaware

CodeSize
49152

ProductName
Device module

ProductVersionNumber
4.9.0.2

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 5097f4644d4e9c79a43ed8e7520c4850
SHA1 7d45d15dccbc2351579624e0bd4a0352f985b57f
SHA256 c4930198e6dac55310a0791cda65838f468c1ca25fd717ef07b71f78a857b386
ssdeep
6144:iw2xc1BNO+JEQ5qx2WpID7L4+zerZsFQ7Mf/s1km1blBCIjut:i5c1BNzEaB4IHL4+yuFWM81k6s1t

authentihash d43775df1996f974516ccf2f5fb8db76fac1bbfb8567e2f9c7da6725c9e4c1b6
imphash 0882d2c4d1818e6bf13b2b9e1c207737
File size 315.0 KB ( 322560 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit system file

TrID Win64 Executable (generic) (64.6%)
Win32 Dynamic Link Library (generic) (15.4%)
Win32 Executable (generic) (10.5%)
Generic Win/DOS Executable (4.6%)
DOS Executable Generic (4.6%)
Tags
peexe

VirusTotal metadata
First submission 2015-04-08 13:25:16 UTC ( 3 years, 11 months ago )
Last submission 2017-10-17 22:42:21 UTC ( 1 year, 5 months ago )
File names Device module
5097f4644d4e9c79a43ed8e7520c4850.virobj
C4930198E6DAC55310A0791CDA65838F468C1CA25FD717EF07B71F78A857B386.EXE
c4930198e6dac55310a0791cda65838f468c1ca25fd717ef07b71f78a857b386.bin
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.