× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: c7a6bb9475912a7534deed4bba564b4f42152e4bd0ade5c087d77df6aa983252
File name: Case_0043258.scr
Detection ratio: 4 / 56
Analysis date: 2015-09-07 12:04:26 UTC ( 3 years, 8 months ago ) View latest
Antivirus Result Update
Kaspersky UDS:DangerousObject.Multi.Generic 20150907
NANO-Antivirus Virus.Win32.Gen.ccmw 20150907
Qihoo-360 HEUR/QVM20.1.Malware.Gen 20150907
Tencent Win32.Trojan.Inject.Auto 20150907
Ad-Aware 20150907
AegisLab 20150907
Yandex 20150906
AhnLab-V3 20150907
Alibaba 20150902
ALYac 20150907
Antiy-AVL 20150907
Arcabit 20150905
Avast 20150907
AVG 20150907
Avira (no cloud) 20150907
AVware 20150901
Baidu-International 20150907
BitDefender 20150907
Bkav 20150907
ByteHero 20150907
CAT-QuickHeal 20150905
ClamAV 20150907
CMC 20150902
Comodo 20150907
Cyren 20150907
DrWeb 20150907
Emsisoft 20150907
ESET-NOD32 20150907
F-Prot 20150907
F-Secure 20150907
Fortinet 20150907
GData 20150907
Ikarus 20150907
Jiangmin 20150906
K7AntiVirus 20150907
K7GW 20150907
Kingsoft 20150907
Malwarebytes 20150907
McAfee 20150907
McAfee-GW-Edition 20150907
Microsoft 20150907
eScan 20150907
nProtect 20150907
Panda 20150907
Rising 20150906
Sophos AV 20150907
SUPERAntiSpyware 20150905
Symantec 20150906
TheHacker 20150907
TrendMicro 20150907
TrendMicro-HouseCall 20150907
VBA32 20150905
VIPRE 20150906
ViRobot 20150907
Zillya 20150905
Zoner 20150907
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Product xdgruukd
Original name lnmmdamm.exe
File version 1.3.4.1
Description cmyfsanm
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2002-07-20 18:56:32
Entry Point 0x00001000
Number of sections 5
PE sections
PE imports
HeapFree
GetModuleHandleA
HeapAlloc
ExitProcess
VirtualAlloc
GetProcessHeap
CreateWindowExA
MessageBoxA
SendMessageA
GetClientRect
DefWindowProcA
RegisterClassA
Number of PE resources by type
RT_DIALOG 1
RT_ICON 1
MANIFEST 1
RT_ACCELERATOR 1
RT_BITMAP 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 7
PE resources
ExifTool file metadata
SubsystemVersion
4.0

InitializedDataSize
13824

ImageVersion
0.0

ProductName
xdgruukd

FileVersionNumber
1.2.4.1

UninitializedDataSize
0

LanguageCode
Unknown (04B0)

FileFlagsMask
0x003f

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

CharacterSet
Unicode

LinkerVersion
2.37

FileTypeExtension
exe

OriginalFileName
lnmmdamm.exe

MIMEType
application/octet-stream

FileVersion
1.3.4.1

TimeStamp
2002:07:20 19:56:32+01:00

FileType
Win32 EXE

PEType
PE32

FileDescription
cmyfsanm

OSVersion
1.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
jbtxhjlx

CodeSize
3584

FileSubtype
0

ProductVersionNumber
1.2.4.1

EntryPoint
0x1000

ObjectFileType
Unknown

File identification
MD5 f1d62047d22f352a14fe6dc0934be3bb
SHA1 422df7b658328dc194612e303153449e2bbf7ccb
SHA256 c7a6bb9475912a7534deed4bba564b4f42152e4bd0ade5c087d77df6aa983252
ssdeep
384:YiVTVwNveeKLQYVa77tz7EBMY5koLOxM/HCxrdYKYczV7VGvjjMXpLMXabVFCggF:jcgeKDVyz4BxLeM/4fAbWpLBig4

authentihash 24738324c0c2f699f8949583e5cea346111d9414e89654a604964580d46f5042
imphash 11ae3936e6048a25603e44ba0461ec01
File size 29.5 KB ( 30208 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable (generic) (35.6%)
Win16/32 Executable Delphi generic (16.3%)
OS/2 Executable (generic) (16.0%)
Generic Win/DOS Executable (15.8%)
DOS Executable Generic (15.8%)
Tags
peexe

VirusTotal metadata
First submission 2015-09-07 11:14:57 UTC ( 3 years, 8 months ago )
Last submission 2018-10-09 14:22:50 UTC ( 7 months, 1 week ago )
File names Cas_0449213.scr-2015-09-07.21-40-04.txt
Case_0043258.scr
Case_0043258_scr
f1d62047d22f352a14fe6dc0934be3bb.scr
F1D62047D22F352A14FE6DC0934BE3BB
Cas_0449213.scr
Cas_0449213.scr
422DF7B658328DC194612E303153449E2BBF7CCB
YqidkKlc.vcf
212.scr
lnmmdamm.exe
Advanced heuristic and reputation engines
TrendMicro-HouseCall
TrendMicro's heuristic engine has flagged this file as: TROJ_GEN.F0E9H0ZI715.

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Created processes
Opened mutexes
Runtime DLLs