× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: cb77b8792d5d117b420304e3b6e4fc72076550ea4f1c9bb9a13870c8e0699269
File name: 68.exe
Detection ratio: 1 / 56
Analysis date: 2015-04-07 08:37:13 UTC ( 4 years, 1 month ago ) View latest
Antivirus Result Update
Tencent Trojan.Win32.Qudamah.Gen.7 20150407
Ad-Aware 20150407
AegisLab 20150407
Yandex 20150406
AhnLab-V3 20150407
Alibaba 20150407
ALYac 20150407
Antiy-AVL 20150407
Avast 20150407
AVG 20150407
Avira (no cloud) 20150407
AVware 20150407
Baidu-International 20150407
BitDefender 20150407
Bkav 20150406
ByteHero 20150407
CAT-QuickHeal 20150407
ClamAV 20150407
CMC 20150403
Comodo 20150407
Cyren 20150407
DrWeb 20150407
Emsisoft 20150407
ESET-NOD32 20150407
F-Prot 20150407
F-Secure 20150407
Fortinet 20150407
GData 20150407
Ikarus 20150407
Jiangmin 20150406
K7AntiVirus 20150407
K7GW 20150407
Kaspersky 20150407
Kingsoft 20150407
Malwarebytes 20150407
McAfee 20150407
McAfee-GW-Edition 20150406
Microsoft 20150407
eScan 20150407
NANO-Antivirus 20150407
Norman 20150407
nProtect 20150407
Panda 20150407
Qihoo-360 20150407
Rising 20150406
Sophos AV 20150407
SUPERAntiSpyware 20150407
Symantec 20150407
TheHacker 20150406
TotalDefense 20150407
TrendMicro 20150407
TrendMicro-HouseCall 20150407
VBA32 20150407
VIPRE 20150407
ViRobot 20150407
Zillya 20150405
Zoner 20150407
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Корпорация Майкрософт. Все права защищены.

Product Операционная система Microsoft® Windows®
Original name twext.dll
Internal name twext
File version 6.00.3631.5512 (xpsp.080413-2105)
Description Свойства: Предыдущие версии
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-06-10 23:13:00
Entry Point 0x0000A540
Number of sections 7
PE sections
PE imports
GetTextExtentPointW
GetLastError
GetWriteWatch
EnterCriticalSection
FindFirstChangeNotificationA
TerminateThread
GlobalGetAtomNameA
SetFileTime
GetDevicePowerState
LocalAlloc
GetConsoleTitleW
LoadLibraryExW
GetSystemRegistryQuota
BackupRead
GetComputerNameExA
lstrcpyW
QueryPerformanceFrequency
SetCalendarInfoW
lstrcpyA
GetProcessPriorityBoost
SetFirmwareEnvironmentVariableA
ExitThread
SetComputerNameA
TransmitCommChar
AddVectoredExceptionHandler
CreateEventA
Sleep
EnumLanguageGroupLocalesA
FindFirstVolumeW
DuplicateIcon
InSendMessageEx
ShowOwnedPopups
GetLastActivePopup
LoadMenuA
isdigit
malloc
abs
wcstod
iswupper
CreateAsyncBindCtx
Number of PE resources by type
REGINST 1
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
RUSSIAN 3
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
6.0

ImageVersion
1.0

FileSubtype
0

FileVersionNumber
6.0.3631.5512

UninitializedDataSize
4608

LanguageCode
Russian

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
11264

EntryPoint
0xa540

OriginalFileName
twext.dll

MIMEType
application/octet-stream

LegalCopyright
. .

FileVersion
6.00.3631.5512 (xpsp.080413-2105)

TimeStamp
2018:06:11 00:13:00+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
twext

ProductVersion
6.00.2631.5512

FileDescription
:

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
66048

ProductName
Microsoft Windows

ProductVersionNumber
6.0.2631.5512

FileTypeExtension
exe

ObjectFileType
Dynamic link library

Compressed bundles
File identification
MD5 e4cc002a95caaf4481cb7140bbe96c58
SHA1 1a3acd5da2f734d098aa97989be84eea27e237f3
SHA256 cb77b8792d5d117b420304e3b6e4fc72076550ea4f1c9bb9a13870c8e0699269
ssdeep
1536:oyiDGLbSMnhZhTfOr37i+HTKQCg/4n/Q4bbS38L6Es/km9vm/VgBsll:oyh3TGrri++IB1382hvwrl

authentihash e01020588858a3d5cf4c2e65becd236466107f734231a4d039e8030785b9659d
imphash 4b5e685e720872ffa9fd4346c8f7d100
File size 80.5 KB ( 82432 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (64.6%)
Win32 Dynamic Link Library (generic) (15.3%)
Win32 Executable (generic) (10.5%)
Generic Win/DOS Executable (4.6%)
DOS Executable Generic (4.6%)
Tags
peexe

VirusTotal metadata
First submission 2015-04-07 08:11:07 UTC ( 4 years, 1 month ago )
Last submission 2017-09-07 18:26:43 UTC ( 1 year, 8 months ago )
File names zobat0.1a.exe
malware-639.exe
68.exe
fPqtPcW.vbs
VirusShare_e4cc002a95caaf4481cb7140bbe96c58
twext
68_exe
1A3ACD5DA2F734D098AA97989BE84EEA27E237F3
e4cc002a95caaf4481cb7140bbe96c58.exe
68[1].exe.dr
twext.dll
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
HTTP requests
DNS requests
TCP connections
UDP communications