× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: d11d08c43403daee00457eb22dc562fd94db818f10cb1cb05a1bd195c97d2ddf
File name: 4407a683827106e07880bf2769e805ae
Detection ratio: 35 / 51
Analysis date: 2014-06-08 02:34:11 UTC ( 4 years, 9 months ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Zusy.80057 20140608
AhnLab-V3 Backdoor/Win32.Caphaw 20140607
AntiVir TR/Crypt.ZPACK.Gen8 20140607
Antiy-AVL Trojan/Win32.Fsysna 20140608
Avast Win32:Crypt-QUS [Trj] 20140608
AVG Crypt2.CIFG 20140607
Baidu-International Trojan.Win32.Injector.aB 20140607
BitDefender Gen:Variant.Zusy.80057 20140608
Bkav W32.FiregateJ.Trojan 20140606
CMC Packed.Win32.Katusha.1!O 20140607
Comodo UnclassifiedMalware 20140608
DrWeb BackDoor.Caphaw.2 20140608
Emsisoft Gen:Variant.Zusy.80057 (B) 20140608
ESET-NOD32 a variant of Win32/Kryptik.BTCL 20140607
F-Secure Gen:Variant.Zusy.80057 20140608
Fortinet W32/Kryptik.BSJU!tr 20140608
GData Gen:Variant.Zusy.80057 20140608
Ikarus Trojan.Crypt2 20140607
K7AntiVirus Trojan ( 004939661 ) 20140606
K7GW Trojan ( 050000001 ) 20140606
Kaspersky Trojan-Dropper.Win32.Injector.jvio 20140608
McAfee BackDoor-FBPJ!4407A6838271 20140608
McAfee-GW-Edition BackDoor-FBPJ!4407A6838271 20140607
Microsoft Backdoor:Win32/Caphaw.AC 20140608
eScan Gen:Variant.Zusy.80057 20140608
NANO-Antivirus Trojan.Win32.Caphaw.csyyjq 20140608
Norman Kryptik.CDLK 20140607
Panda Trj/Genetic.gen 20140607
Qihoo-360 Malware.QVM20.Gen 20140608
Sophos AV Troj/Agent-AGAY 20140608
Symantec Suspicious.Cloud.5 20140608
Tencent Win32.Trojan.Crypt.Ozid 20140608
TrendMicro TROJ_SPNR.35DE14 20140608
TrendMicro-HouseCall TROJ_SPNR.35DE14 20140608
VIPRE Trojan.Win32.Caphaw.ac (v) 20140608
AegisLab 20140608
Yandex 20140607
ByteHero 20140608
CAT-QuickHeal 20140607
ClamAV 20140608
Commtouch 20140608
F-Prot 20140607
Kingsoft 20140608
Malwarebytes 20140608
nProtect 20140605
Rising 20140607
SUPERAntiSpyware 20140607
TheHacker 20140606
TotalDefense 20140607
VBA32 20140607
ViRobot 20140607
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-10-24 17:35:15
Entry Point 0x00008E20
Number of sections 7
PE sections
PE imports
RegOpenKeyA
RegCloseKey
RegSetValueA
GetAce
RegSetValueExA
RegOpenKeyExA
CredIsMarshaledCredentialA
GdiFlush
TextOutA
GetTextMetricsA
GetCharWidth32A
HeapSize
GetLastError
GetStringTypeExA
HeapFree
GetStdHandle
LCMapStringW
GetSystemInfo
GlobalFree
WaitForSingleObject
GetOEMCP
QueryPerformanceCounter
ExitProcess
CreateTapePartition
FlushFileBuffers
VirtualProtect
GetVersionExA
LoadLibraryA
RtlUnwind
GetModuleFileNameA
CreateRemoteThread
HeapAlloc
GetStartupInfoA
EnumSystemLocalesA
SetThreadPriority
GetCurrentProcessId
GetProcessHeaps
GetCurrentDirectoryA
MultiByteToWideChar
EnumTimeFormatsA
GetCPInfo
GetCommandLineA
GetProcAddress
TerminateThread
GetProcessHeap
GetACP
WriteFile
SetFilePointer
lstrcpyW
CreateThread
GetStringTypeA
GetModuleHandleA
GetSystemTimeAsFileTime
InterlockedExchange
lstrcpyA
EnumCalendarInfoA
CloseHandle
SetStdHandle
GetComputerNameA
ExitThread
GetStringTypeW
FreeLibrary
TerminateProcess
LCMapStringA
WideCharToMultiByte
GetCurrentProcess
FoldStringA
HeapCreate
ConvertDefaultLocale
VirtualQuery
VirtualFree
Sleep
FormatMessageA
EnumDateFormatsA
GetLocaleInfoA
GetProcessVersion
GetTickCount
GetCurrentThreadId
VirtualAlloc
CompareStringA
ReleaseDC
UnregisterHotKey
RegisterWindowMessageA
HideCaret
SetCaretPos
CreateCaret
PostQuitMessage
DefWindowProcA
FindWindowA
GetCaretPos
MessageBeep
DrawTextExA
GetSystemMetrics
EndPaint
MessageBoxA
SetWindowLongA
BeginPaint
CharUpperA
GetDC
DrawTextA
SetSysColors
ShowCaret
GetWindowLongA
CharLowerA
SendMessageA
GetClientRect
GetThreadDesktop
SetRect
wsprintfA
GetSysColor
timeBeginPeriod
AddFormA
OpenPrinterA
EnumJobsA
AddPrinterA
ClosePrinter
EnumFormsA
Ord(25)
Ord(143)
Ord(20)
Ord(10)
Ord(11)
WSAConnect
WSAAccept
GetClassFile
Number of PE resources by type
RT_RCDATA 1
RT_MANIFEST 1
Number of PE resources by language
NEUTRAL 2
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2013:10:24 18:35:15+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
327680

LinkerVersion
3.0

FileAccessDate
2014:06:08 03:36:15+01:00

EntryPoint
0x8e20

InitializedDataSize
262140

SubsystemVersion
4.0

ImageVersion
3.1

OSVersion
4.0

FileCreateDate
2014:06:08 03:36:15+01:00

UninitializedDataSize
0

File identification
MD5 4407a683827106e07880bf2769e805ae
SHA1 297bc70f0a6dc83c745c328b0c7e6fa0195f0cc9
SHA256 d11d08c43403daee00457eb22dc562fd94db818f10cb1cb05a1bd195c97d2ddf
ssdeep
6144:CUANNq7mmwDigWrih4hjZOvt3Fyv/cNExsBpc/nqaGgnAoXqYOkqiuvzX:H7mmw66ajZOvt3F5Ex3qLxoXqYn47

imphash 08104f712af54b5fae02246849814aee
File size 368.0 KB ( 376832 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2014-02-17 02:25:35 UTC ( 5 years, 1 month ago )
Last submission 2014-02-17 02:25:35 UTC ( 5 years, 1 month ago )
File names 4407a683827106e07880bf2769e805ae
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Runtime DLLs
DNS requests
UDP communications