× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: c5f29eee2bafdb4ea50af66e01b31d9597bf146a186fa420bd9c069c00a437f9
File name: nana.exe
Detection ratio: 5 / 52
Analysis date: 2014-05-28 08:01:12 UTC ( 4 years, 9 months ago ) View latest
Antivirus Result Update
BitDefender Gen:Variant.Symmi.42526 20140528
Bkav HW32.CDB.8638 20140527
CMC Trojan.Win32.Krap.2!O 20140526
Qihoo-360 Malware.QVM20.Gen 20140528
Rising PE:Malware.XPACK-LNR/Heur!1.5594 20140527
Ad-Aware 20140528
AegisLab 20140528
Yandex 20140527
AhnLab-V3 20140527
AntiVir 20140528
Antiy-AVL 20140528
Avast 20140528
AVG 20140528
Baidu-International 20140528
ByteHero 20140528
CAT-QuickHeal 20140527
ClamAV 20140528
Commtouch 20140528
Comodo 20140528
DrWeb 20140528
Emsisoft 20140528
ESET-NOD32 20140528
F-Prot 20140528
F-Secure 20140528
Fortinet 20140528
GData 20140528
Ikarus 20140528
Jiangmin 20140528
K7AntiVirus 20140527
K7GW 20140527
Kaspersky 20140528
Kingsoft 20140528
Malwarebytes 20140528
McAfee 20140528
McAfee-GW-Edition 20140528
Microsoft 20140528
eScan 20140528
NANO-Antivirus 20140528
Norman 20140528
nProtect 20140527
Panda 20140527
Sophos AV 20140528
SUPERAntiSpyware 20140528
Symantec 20140528
Tencent 20140527
TheHacker 20140528
TotalDefense 20140527
TrendMicro 20140528
TrendMicro-HouseCall 20140528
VBA32 20140527
VIPRE 20140528
ViRobot 20140528
Zillya 20140528
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Publisher Tall Emu
Original name Xuhltxqima.exe
Internal name Jifase
File version 7, 6, 9
Description Onanobi Epoqof Icoqeny
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2011-04-26 13:28:50
Entry Point 0x00022236
Number of sections 4
PE sections
PE imports
CryptUnregisterOIDFunction
CryptGetMessageCertificates
CertAddCertificateLinkToStore
CertVerifyCRLTimeValidity
CertSetStoreProperty
CryptMsgDuplicate
CertEnumCRLContextProperties
CertAddEnhancedKeyUsageIdentifier
CertAddStoreToCollection
CryptMemAlloc
CertGetCertificateChain
CryptGetDefaultOIDDllList
CryptRegisterDefaultOIDFunction
PFXImportCertStore
CryptGetOIDFunctionAddress
CryptDecodeMessage
PFXVerifyPassword
CryptCreateKeyIdentifierFromCSP
CryptVerifyDetachedMessageHash
CryptEnumOIDFunction
CryptImportPKCS8
CryptEnumKeyIdentifierProperties
CryptSetOIDFunctionValue
CryptMsgSignCTL
CertSetCRLContextProperty
CertAddEncodedCertificateToSystemStoreA
CryptSignAndEncryptMessage
CertAddSerializedElementToStore
CertAddCTLContextToStore
CryptMemFree
CertUnregisterPhysicalStore
InternalSetIpForwardEntry
GetTcpTable
GetBestInterface
NhGetInterfaceNameFromGuid
InternalSetIpNetEntry
GetIcmpStatistics
GetUniDirectionalAdapterInfo
InternalGetIpNetTable
EnableRouter
InternalGetTcpTable
UnenableRouter
CreateProxyArpEntry
CreateIpNetEntry
InternalGetIpForwardTable
SendARP
GetFriendlyIfIndex
SetAdapterIpAddress
SetIpForwardEntry
NTTimeToNTPTime
FlushIpNetTable
NTPTimeToNTFileTime
InternalDeleteIpForwardEntry
IpReleaseAddress
PeekNamedPipe
DeviceIoControl
CreateNamedPipeW
PurgeComm
EnumUILanguagesW
GetCommMask
FlushFileBuffers
GlobalUnfix
GetFileAttributesW
FindNextVolumeMountPointA
GetCurrentProcess
OpenWaitableTimerA
WritePrivateProfileStringA
WriteFileGather
FindVolumeMountPointClose
GetThreadContext
CancelIo
IsBadStringPtrA
ReleaseSemaphore
GlobalAddAtomA
GlobalFlags
lstrcpyA
GetMailslotInfo
GetStringTypeW
LocalUnlock
SetFileAttributesA
FindAtomW
LoadResource
Sleep
EnumDateFormatsA
CreateFileA
PrepareTape
GetThreadLocale
CreateProfileFromLogColorSpaceA
SelectCMM
SetColorProfileElementSize
GenerateCopyFilePaths
InstallColorProfileA
CheckColors
GetColorProfileElementTag
CreateDeviceLinkProfile
GetStandardColorSpaceProfileW
SetStandardColorSpaceProfileA
InternalGetPS2ColorSpaceArray
DeleteColorTransform
IsColorProfileTagPresent
EnumColorProfilesW
DisassociateColorProfileFromDeviceA
GetCMMInfo
SetColorProfileElementReference
CreateColorTransformW
DsReplicaUpdateRefsW
DsMapSchemaGuidsA
DsUnquoteRdnValueW
DsFreeNameResultW
DsRemoveDsServerA
DsGetSpnA
DsListServersInSiteA
DsMakeSpnW
DsGetDomainControllerInfoW
DsBindWithSpnW
DsGetSpnW
DsMakePasswordCredentialsA
DsListServersInSiteW
DsMakeSpnA
DsFreeSchemaGuidMapA
DsReplicaModifyA
DsListDomainsInSiteW
DsClientMakeSpnForTargetServerA
DsQuoteRdnValueW
DsListDomainsInSiteA
DsUnBindA
DsClientMakeSpnForTargetServerW
DsServerRegisterSpnA
DsReplicaAddW
DsBindW
DsFreeDomainControllerInfoW
DsReplicaAddA
DsListSitesW
DsReplicaFreeInfo
GetDeviceDriverFileNameA
GetModuleBaseNameA
EnumProcesses
GetProcessMemoryInfo
GetMappedFileNameA
GetDeviceDriverFileNameW
EmptyWorkingSet
GetModuleFileNameExW
EnumDeviceDrivers
GetWsChanges
GetModuleBaseNameW
ResUtilGetAllProperties
ResUtilGetDwordProperty
ResUtilSetPropertyTable
ResUtilSetPropertyTableEx
ResUtilSetDwordValue
ResUtilVerifyService
ResUtilSetResourceServiceStartParameters
ResUtilGetSzValue
ResUtilCreateDirectoryTree
ResUtilGetResourceDependentIPAddressProps
ResUtilGetResourceDependency
ResUtilSetResourceServiceEnvironment
ResUtilStopResourceService
ResUtilFindSzProperty
ResUtilGetSzProperty
ResUtilGetResourceNameDependency
ResUtilIsResourceClassEqual
ResUtilResourcesEqual
ResUtilFindLongProperty
ResUtilGetBinaryValue
ResUtilSetMultiSzValue
ResUtilGetPrivateProperties
ResUtilExpandEnvironmentStrings
ResUtilSetExpandSzValue
ResUtilDupString
ResUtilPropertyListFromParameterBlock
ResUtilFreeEnvironment
EmptyClipboard
UpdateWindow
SwitchDesktop
SetMenuItemBitmaps
VkKeyScanExA
BroadcastSystemMessageA
RegisterWindowMessageA
ShowWindow
GetCaretPos
FlashWindowEx
SetScrollRange
SetDeskWallpaper
SetMenu
SetCapture
SetRectEmpty
SetWindowLongA
VkKeyScanW
GetMenuDefaultItem
LoadMenuA
GetDoubleClickTime
DrawFocusRect
UnhookWinEvent
SetWindowsHookExA
DrawFrame
SwitchToThisWindow
GetWindowTextW
EnumPropsExW
GetMenuState
GetSystemMenu
GetWindowInfo
TranslateAcceleratorW
FtpGetFileSize
InternetWriteFileExW
InternetSetCookieA
RetrieveUrlCacheEntryFileA
GopherFindFirstFileA
HttpOpenRequestA
HttpAddRequestHeadersA
HttpEndRequestW
FindNextUrlCacheEntryExW
FtpPutFileEx
InternetCheckConnectionA
RegisterUrlCacheNotification
IsHostInProxyBypassList
SetUrlCacheGroupAttributeW
FindNextUrlCacheEntryW
InternetOpenUrlW
DeleteIE3Cache
FtpOpenFileW
DeleteUrlCacheContainerA
InternetInitializeAutoProxyDll
HttpAddRequestHeadersW
Number of PE resources by type
RT_DIALOG 2
RT_VERSION 1
Number of PE resources by language
LATVIAN DEFAULT 3
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2011:04:26 14:28:50+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
147456

LinkerVersion
6.0

EntryPoint
0x22236

InitializedDataSize
438272

SubsystemVersion
5.0

ImageVersion
8.4

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 1a315c3eef2fe11d9a7e661538aa4cf7
SHA1 9a12dde339879aa536d0b2ed573e053c88c89f02
SHA256 c5f29eee2bafdb4ea50af66e01b31d9597bf146a186fa420bd9c069c00a437f9
ssdeep
3072:jkRjbGdkboXb6q4OtMBMMbbUMemC+P5SogNQkAKISi+d6ttQG5DV0iACE:jk4d2oXb2O4M6bU25SognvWn5D/

authentihash 6821013c5393914b4c019d0ae2af763b1aed5ea6f5108c808e5c45db2a008573
imphash 2f87136828d921efa86a237fca4e140c
File size 195.5 KB ( 200192 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe

VirusTotal metadata
First submission 2014-05-28 08:01:12 UTC ( 4 years, 9 months ago )
Last submission 2014-05-28 08:01:12 UTC ( 4 years, 9 months ago )
File names Jifase
Xuhltxqima.exe
nana.exe
KB00801062.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Opened mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
UDP communications