× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: c4c64494b037d8af97f877760453fc87a980413573b760f284a5f42cbcf5ed49
File name: yaxkodila[2].exe
Detection ratio: 5 / 54
Analysis date: 2015-06-23 13:01:13 UTC ( 2 years, 5 months ago ) View latest
Antivirus Result Update
AVware Trojan.Win32.Upatre.buu (v) 20150623
Bkav W32.FanVT.ZbotK.Worm 20150623
TrendMicro TROJ_UPATRE.SM37 20150623
TrendMicro-HouseCall TROJ_UPATRE.SM37 20150623
VIPRE Trojan.Win32.Upatre.buu (v) 20150623
Ad-Aware 20150623
AegisLab 20150623
Yandex 20150622
AhnLab-V3 20150623
Alibaba 20150623
Antiy-AVL 20150623
Arcabit 20150623
Avast 20150623
AVG 20150623
Avira (no cloud) 20150623
Baidu-International 20150623
BitDefender 20150623
ByteHero 20150623
CAT-QuickHeal 20150623
ClamAV 20150623
Comodo 20150623
Cyren 20150623
DrWeb 20150623
Emsisoft 20150623
ESET-NOD32 20150623
F-Prot 20150623
F-Secure 20150623
Fortinet 20150623
GData 20150623
Ikarus 20150623
Jiangmin 20150620
K7AntiVirus 20150623
K7GW 20150623
Kaspersky 20150623
Kingsoft 20150623
Malwarebytes 20150623
McAfee 20150623
McAfee-GW-Edition 20150623
Microsoft 20150623
eScan 20150623
NANO-Antivirus 20150623
nProtect 20150623
Panda 20150623
Qihoo-360 20150623
Rising 20150623
Sophos AV 20150623
SUPERAntiSpyware 20150623
Symantec 20150623
Tencent 20150623
TheHacker 20150622
VBA32 20150622
ViRobot 20150623
Zillya 20150622
Zoner 20150623
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-05-14 02:15:40
Entry Point 0x00005762
Number of sections 4
PE sections
Overlays
MD5 dddcdd8c0d55f19da78e74db2edc8f48
File type ASCII text
Offset 112640
Size 98
Entropy 3.30
PE imports
TextOutA
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
lstrlenA
GetModuleFileNameW
GetConsoleCP
FreeLibrary
QueryPerformanceCounter
IsDebuggerPresent
EncodePointer
TlsAlloc
GetEnvironmentStringsW
FlushFileBuffers
LoadLibraryA
WaitForSingleObjectEx
RtlUnwind
GetModuleFileNameA
IsProcessorFeaturePresent
DeleteCriticalSection
GetCurrentProcess
GetStartupInfoW
DecodePointer
GetCurrentProcessId
WriteProcessMemory
CreateDirectoryA
GetCommandLineW
CreateThread
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
HeapSize
SetFilePointerEx
FreeEnvironmentStringsW
GetCPInfo
GetCommandLineA
GetProcAddress
InitializeSListHead
GetProcessHeap
RaiseException
WideCharToMultiByte
TlsFree
FindFirstFileExA
SetUnhandledExceptionFilter
WriteFile
CloseHandle
GetSystemTimeAsFileTime
FindNextFileA
GetACP
HeapReAlloc
GetStringTypeW
GetModuleHandleW
GetOEMCP
TerminateProcess
IsValidCodePage
OutputDebugStringW
SetLastError
CreateFileW
TlsGetValue
GetFileType
TlsSetValue
HeapAlloc
GetCurrentThreadId
WriteConsoleW
LeaveCriticalSection
SetFocus
GetMessageA
CreateWindowExA
LoadCursorA
LoadIconA
PostQuitMessage
LoadStringA
DispatchMessageA
EndPaint
UpdateWindow
PostMessageA
SendMessageA
BeginPaint
TranslateMessage
DefWindowProcA
ShowWindow
DestroyWindow
RegisterClassExA
WTSEnumerateProcessesA
WTSWaitSystemEvent
WTSLogoffSession
WTSQuerySessionInformationA
Number of PE resources by type
RT_BITMAP 7
RT_STRING 5
RT_GROUP_CURSOR 2
RT_CURSOR 2
RT_DIALOG 1
RT_ICON 1
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NORWEGIAN BOKMAL 15
NEUTRAL 6
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
12.0

ImageVersion
10.0

FileSubtype
0

FileVersionNumber
2.3.0.91

LanguageCode
Unknown (0529)

FileFlagsMask
0x0000

CharacterSet
Unknown (05E0)

InitializedDataSize
73216

EntryPoint
0x5762

MIMEType
application/octet-stream

FileVersion
2.3.0.91

TimeStamp
2013:05:14 03:15:40+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
3.91

SubsystemVersion
5.1

OSVersion
5.1

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Safe-soft

CodeSize
48128

ProductName
SafeScan

ProductVersionNumber
2.3.0.91

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 880ba84222524510c9fe3b3d80429816
SHA1 7f80788e30ce4c2636ad65c0be7a96f8c4e8f199
SHA256 c4c64494b037d8af97f877760453fc87a980413573b760f284a5f42cbcf5ed49
ssdeep
1536:9hJxl/YXk/koFRhrz0Qu9xMb3whxbtKpFBhWNc63rVz1jysWjcdbUkxzhgY893s2:DJc8kgtz0QOxM8hxbk9Yc63xbUkdz9A

authentihash 1ffa876ac0405d0ce0dd1dd48acf364cc475101564b0ff4091cad416520fd0e7
imphash fb205081ca935568918c6c78c3c5e54a
File size 110.1 KB ( 112738 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe overlay

VirusTotal metadata
First submission 2015-06-23 13:01:13 UTC ( 2 years, 5 months ago )
Last submission 2015-06-23 13:01:13 UTC ( 2 years, 5 months ago )
File names yaxkodila[2].exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
HTTP requests
DNS requests
TCP connections