× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: c74533226c651955bc8ce93209a88c60a6cba61c09f431fae36d074d6e340c10
File name: vt-upload-JMOkB
Detection ratio: 8 / 54
Analysis date: 2014-10-29 06:08:07 UTC ( 4 years, 4 months ago )
Antivirus Result Update
AVG Crypt3.BAQG 20141029
Avira (no cloud) TR/Crypt.ZPACK.101567 20141029
Baidu-International Trojan.Win32.Agent.aO 20141027
Bkav HW32.Packed.3A31 20141027
ESET-NOD32 a variant of Win32/Kryptik.CONJ 20141029
Fortinet W32/Yakes.GAKM!tr 20141029
Kaspersky Trojan.Win32.Agent.ajnai 20141029
Qihoo-360 Win32/Trojan.5a4 20141029
Ad-Aware 20141029
AegisLab 20141029
Yandex 20141028
AhnLab-V3 20141028
Antiy-AVL 20141029
Avast 20141029
AVware 20141029
BitDefender 20141029
ByteHero 20141029
CAT-QuickHeal 20141029
ClamAV 20141029
CMC 20141028
Comodo 20141029
Cyren 20141029
DrWeb 20141029
Emsisoft 20141029
F-Prot 20141029
F-Secure 20141029
GData 20141029
Ikarus 20141029
Jiangmin 20141028
K7AntiVirus 20141028
K7GW 20141028
Kingsoft 20141029
Malwarebytes 20141029
McAfee 20141029
McAfee-GW-Edition 20141028
Microsoft 20141029
eScan 20141029
NANO-Antivirus 20141029
Norman 20141028
nProtect 20141028
Rising 20141028
Sophos AV 20141029
SUPERAntiSpyware 20141029
Symantec 20141029
Tencent 20141029
TheHacker 20141028
TotalDefense 20141027
TrendMicro 20141029
TrendMicro-HouseCall 20141029
VBA32 20141028
VIPRE 20141029
ViRobot 20141029
Zillya 20141029
Zoner 20141024
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1998-02-27 21:12:48
Entry Point 0x0000AF86
Number of sections 4
PE sections
PE imports
RegRestoreKeyA
LsaSetTrustedDomainInformation
RegDeleteValueA
RegQueryValueExA
AccessCheck
GetAce
ControlService
RegSetValueW
DecryptFileW
LsaOpenPolicy
RegGetKeySecurity
GetNamedSecurityInfoW
RegFlushKey
GetSidSubAuthority
GetTrusteeTypeW
ObjectDeleteAuditAlarmA
GetSecurityDescriptorGroup
AreAllAccessesGranted
GetTrusteeTypeA
ClearEventLogW
LsaRemoveAccountRights
RegisterEventSourceA
SetTokenInformation
ChangeServiceConfig2A
RegEnumValueA
RegQueryValueW
NotifyBootConfigStatus
InitiateSystemShutdownA
LsaLookupNames
GetUserNameW
GetAuditedPermissionsFromAclW
CreateProcessAsUserA
RegEnumKeyExW
LockServiceDatabase
LsaAddAccountRights
BuildExplicitAccessWithNameW
DeleteAce
LsaRetrievePrivateData
OpenThreadToken
OpenProcessToken
LsaClose
EqualSid
RegUnLoadKeyW
AreAnyAccessesGranted
RegEnumKeyExA
LsaDeleteTrustedDomain
ObjectOpenAuditAlarmW
EnumDependentServicesA
PauseClusterNode
SetClusterGroupName
OpenCluster
OfflineClusterResource
AddClusterResourceDependency
OpenClusterNode
OpenClusterNetInterface
ClusterEnum
RemoveClusterResourceNode
ClusterRegDeleteValue
OnlineClusterResource
ClusterNodeEnum
CreateClusterResourceType
ClusterNetworkEnum
CreatePropertySheetPageW
ImageList_Replace
ImageList_LoadImageW
CreateStatusWindowW
CreateHalftonePalette
GetICMProfileW
ImagehlpApiVersion
ImageDirectoryEntryToData
ImageGetCertificateHeader
MapFileAndCheckSumA
SymCleanup
ImageUnload
SymFunctionTableAccess
SymGetModuleBase
ImmEnumRegisterWordA
ImmGetRegisterWordStyleA
ImmEscapeW
ImmIsUIMessageA
ImmGetConversionStatus
ImmSetCompositionFontW
ImmGetCompositionWindow
ImmEnumRegisterWordW
ImmGetGuideLineA
ImmGetCandidateWindow
ImmInstallIMEA
ImmConfigureIMEW
ImmUnregisterWordW
ImmGetIMEFileNameW
ImmInstallIMEW
ImmGetStatusWindowPos
ImmGetCandidateListA
ImmIsIME
GetThreadSelectorEntry
GetTempPathA
FindCloseChangeNotification
GetModuleHandleA
GetProfileSectionW
GetConsoleCP
GetOEMCP
BuildCommDCBAndTimeoutsW
AddAtomA
GetStartupInfoA
GetProfileStringA
GetTempFileNameA
BackupRead
DeleteFileW
GetDevicePowerState
GetLocalTime
FileTimeToLocalFileTime
GetExpandedNameA
AlphaBlend
_except_handler3
_acmdln
__p__fmode
_exit
_adjust_fdiv
__p__commode
__dllonexit
_onexit
_controlfp
exit
_XcptFilter
__getmainargs
_initterm
__setusermatherr
__set_app_type
Ord(25)
Ord(75)
Ord(36)
Ord(61)
Ord(46)
Ord(21)
Ord(15)
Ord(33)
Ord(605)
VarDecFromUI4
VarUI1FromUI4
OleLoadPictureFileEx
SystemTimeToVariantTime
RegisterTypeLib
VarBoolFromR4
VarUI1FromI2
VarDecFromCy
VarR8Pow
OleSavePictureFile
SafeArrayCreateEx
VarUI4FromUI1
tree_into_ndr
float_from_ndr
NdrStubCall2
RpcSmDestroyClientContext
MesBufferHandleReset
I_RpcNsBindingSetEntryNameA
NdrNonEncapsulatedUnionMemorySize
SHGetFileInfoA
SHGetSpecialFolderPathA
StrCmpNA
SHAppBarMessage
SHGetDesktopFolder
Shell_NotifyIconA
PathSkipRootA
StrCmpW
SHRegOpenUSKeyW
PathSetDlgItemPathA
StrIsIntlEqualA
SHRegSetUSValueW
SHEnumValueW
StrNCatW
StrToIntA
PathBuildRootA
SHDeleteValueA
PathParseIconLocationW
PathIsPrefixW
SHEnumKeyExA
StrTrimA
SHRegEnumUSKeyA
SHQueryInfoKeyA
SetActiveWindow
SetProcessWindowStation
InternetCanonicalizeUrlW
InternetSetCookieW
FtpFindFirstFileW
HttpOpenRequestW
GetUrlCacheEntryInfoA
InternetGetCookieW
SetUrlCacheEntryInfoW
InternetCloseHandle
RetrieveUrlCacheEntryStreamW
FtpRenameFileW
InternetAutodial
InternetQueryDataAvailable
InternetTimeToSystemTime
FtpGetFileW
GopherGetLocatorTypeW
InternetCheckConnectionA
InternetFindNextFileA
InternetCrackUrlA
HttpSendRequestA
InternetOpenUrlA
GopherGetAttributeW
FtpPutFileW
InternetSetOptionW
InternetOpenUrlW
FindFirstUrlCacheEntryW
FindNextUrlCacheEntryExA
EnumPrinterDataW
EnumMonitorsW
OleSetClipboard
OleSetMenuDescriptor
StgIsStorageFile
CoGetTreatAsClass
HACCEL_UserUnmarshal
Number of PE resources by type
RT_ACCELERATOR 1
RT_MENU 1
RT_DIALOG 1
RT_VERSION 1
Number of PE resources by language
RUSSIAN 2
MAORI *unknown* 1
ENGLISH US 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
1998:02:27 22:12:48+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
45056

LinkerVersion
6.0

FileAccessDate
2014:10:29 07:16:03+01:00

EntryPoint
0xaf86

InitializedDataSize
573440

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

FileCreateDate
2014:10:29 07:16:03+01:00

UninitializedDataSize
0

File identification
MD5 cfc864113d0e6325233a8a2d9d870167
SHA1 51587c6b08d8de33df131380bf40666e0fc9cd9f
SHA256 c74533226c651955bc8ce93209a88c60a6cba61c09f431fae36d074d6e340c10
ssdeep
6144:ic9fBc3j/pV195xrbfHBdrnpyb+1jhgUSM1CRs5f3:ZINDPxrzHLpyb+1jhgww25/

authentihash 686a0d7188fa2886b55c15986f3cc58569385e56d788f1cb9045d11fcc645bba
imphash 3894d5f3ceec8cd2857f9344c945c828
File size 200.3 KB ( 205115 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2014-10-29 06:08:07 UTC ( 4 years, 4 months ago )
Last submission 2014-10-29 06:08:07 UTC ( 4 years, 4 months ago )
File names c74533226c651955bc8ce93209a88c60a6cba61c09f431fae36d074d6e340c10.exe
vt-upload-JMOkB
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Created mutexes
Opened mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
HTTP requests
DNS requests
TCP connections