× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: c66b93a60766250f6edacd53f142af59cc6f7a041eb2cd54ad0e5a10bd6cb1ce
File name: bbbb.exe
Detection ratio: 0 / 57
Analysis date: 2015-06-19 02:44:08 UTC ( 3 years, 9 months ago ) View latest
Antivirus Result Update
Ad-Aware 20150619
AegisLab 20150619
Yandex 20150618
AhnLab-V3 20150618
Alibaba 20150618
ALYac 20150619
Antiy-AVL 20150618
Arcabit 20150619
Avast 20150619
AVG 20150619
Avira (no cloud) 20150618
AVware 20150619
Baidu-International 20150618
BitDefender 20150619
Bkav 20150618
ByteHero 20150619
CAT-QuickHeal 20150618
ClamAV 20150619
CMC 20150618
Comodo 20150619
Cyren 20150619
DrWeb 20150619
Emsisoft 20150619
ESET-NOD32 20150619
F-Prot 20150618
F-Secure 20150618
Fortinet 20150619
GData 20150619
Ikarus 20150619
Jiangmin 20150618
K7AntiVirus 20150618
K7GW 20150618
Kaspersky 20150619
Kingsoft 20150619
Malwarebytes 20150619
McAfee 20150619
McAfee-GW-Edition 20150618
Microsoft 20150618
eScan 20150619
NANO-Antivirus 20150619
nProtect 20150618
Panda 20150618
Qihoo-360 20150619
Rising 20150618
Sophos AV 20150619
SUPERAntiSpyware 20150619
Symantec 20150619
Tencent 20150619
TheHacker 20150616
TotalDefense 20150618
TrendMicro 20150619
TrendMicro-HouseCall 20150619
VBA32 20150618
VIPRE 20150619
ViRobot 20150619
Zillya 20150618
Zoner 20150618
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-06-18 12:19:41
Entry Point 0x00008FD3
Number of sections 4
PE sections
PE imports
GetLastError
TlsGetValue
HeapFree
GetStdHandle
EnterCriticalSection
GetConsoleOutputCP
SetHandleCount
GetLocaleInfoW
GetModuleFileNameW
SetTapeParameters
GetConsoleCP
HeapDestroy
LCMapStringA
IsDebuggerPresent
HeapAlloc
TlsAlloc
FlushFileBuffers
GetEnvironmentStringsW
GetVersionExA
GetModuleFileNameA
RtlUnwind
LoadLibraryA
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
EnumSystemLocalesA
GetEnvironmentStrings
GetFileType
GetConsoleMode
HeapSize
GetCurrentProcessId
LCMapStringW
GetCommandLineW
IsValidCodePage
GetCPInfo
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
GetStartupInfoW
GetTickCount
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
GetStringTypeA
GetProcessHeap
SetStdHandle
SetFilePointer
RaiseException
CloseHandle
WideCharToMultiByte
TlsFree
GetModuleHandleA
ReadFile
GetLocaleInfoA
InterlockedExchange
SetUnhandledExceptionFilter
WriteFile
GetStartupInfoA
VirtualFree
GetSystemTimeAsFileTime
IsValidLocale
GetACP
HeapReAlloc
GetStringTypeW
GetUserDefaultLCID
GetOEMCP
TerminateProcess
QueryPerformanceCounter
WriteConsoleA
InitializeCriticalSection
HeapCreate
CreateProcessW
InterlockedDecrement
Sleep
SetLastError
SetFileAttributesW
TlsSetValue
CreateFileA
ExitProcess
GetCurrentThreadId
InterlockedIncrement
VirtualAlloc
WriteConsoleW
LeaveCriticalSection
SetFocus
GetCursorPos
CallWindowProcW
GetClassInfoExW
RegisterClassExW
AppendMenuW
GetFocus
GetMessageW
GetWindowTextLengthW
GetKeyNameTextW
Number of PE resources by type
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 2
PE resources
Debug information
ExifTool file metadata
LegalTrademarks
Bottompiece Observe motionorder These sit Real instrumentlearn killpull

UninitializedDataSize
0

LinkerVersion
8.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
8.2.5322.4286

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

CharacterSet
Unknown (04E0)

InitializedDataSize
151552

EntryPoint
0x8fd3

OriginalFileName
languageposition.exe

MIMEType
application/octet-stream

LegalCopyright
Likeobserve Original

FileVersion
8.2.5322.4286

TimeStamp
2015:06:18 13:19:41+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
United Technologies

ProductVersion
8.2.5322.4286

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
waterhillcountry directminutecorn

CodeSize
225280

ProductName
United Technologies

ProductVersionNumber
8.2.5322.4286

FileTypeExtension
exe

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 c6a92bed040d8988b48b69e78f1407cd
SHA1 fc966b499882e45497ca9fb4aa5a9f35e655fe33
SHA256 c66b93a60766250f6edacd53f142af59cc6f7a041eb2cd54ad0e5a10bd6cb1ce
ssdeep
6144:RUsjjko30VyJbwiR/p5BjP1WcEPy9blV9e/94KbLNjJuA:RUSkoEVI02BrdWcEPYliS6jJ

authentihash 8ffdc4e4ce7c233ad803243fdaf676c0a76a657c642caf60c4e62ca7c6026d51
imphash 3750eb04162774b1cf1b5ada8fd9f5c1
File size 320.0 KB ( 327680 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2015-06-19 02:44:08 UTC ( 3 years, 9 months ago )
Last submission 2015-07-21 08:32:05 UTC ( 3 years, 8 months ago )
File names bbbb.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Created mutexes
Opened mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.