× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: d1720ca6d8badb5aa1b158d371da86b5f7a4b02fea6f5a75c17cb29229edff57
File name: k76j5hg(1).exe
Detection ratio: 4 / 54
Analysis date: 2016-02-01 15:05:33 UTC ( 3 years, 2 months ago ) View latest
Antivirus Result Update
Kaspersky UDS:DangerousObject.Multi.Generic 20160201
Malwarebytes Trojan.Dridex 20160201
McAfee-GW-Edition BehavesLike.Win32.Expiro.dc 20160201
Qihoo-360 HEUR/QVM10.1.Malware.Gen 20160201
Ad-Aware 20160201
AegisLab 20160201
Yandex 20160201
AhnLab-V3 20160201
Alibaba 20160201
ALYac 20160130
Antiy-AVL 20160201
Arcabit 20160201
Avast 20160201
AVG 20160201
Avira (no cloud) 20160201
Baidu-International 20160201
BitDefender 20160201
Bkav 20160201
ByteHero 20160201
CAT-QuickHeal 20160201
ClamAV 20160201
CMC 20160201
Comodo 20160130
Cyren 20160201
DrWeb 20160201
Emsisoft 20160201
ESET-NOD32 20160201
F-Prot 20160129
F-Secure 20160201
Fortinet 20160201
GData 20160201
Ikarus 20160201
Jiangmin 20160201
K7AntiVirus 20160201
K7GW 20160201
McAfee 20160201
Microsoft 20160201
eScan 20160201
NANO-Antivirus 20160201
nProtect 20160201
Panda 20160201
Rising 20160201
Sophos AV 20160201
SUPERAntiSpyware 20160201
Symantec 20160201
TheHacker 20160130
TotalDefense 20160201
TrendMicro 20160201
TrendMicro-HouseCall 20160201
VBA32 20160201
VIPRE 20160201
ViRobot 20160201
Zillya 20160201
Zoner 20160201
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright ©.PassMark Software All rights reserved.

Product OverpaidConnectionstring
Original name OverpaidConnectionstring.exe
File version 7.8.21.4
Description Brace Inventions Lost Looping Graphs
Comments Brace Inventions Lost Looping Graphs
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-02-01 13:35:29
Entry Point 0x00007589
Number of sections 5
PE sections
PE imports
CryptEnumProviderTypesA
GetUserNameW
AVIFileInit
AVIStreamOpenFromFileA
AVIStreamLength
AVIStreamInfoA
GetSaveFileNameA
CertFreeCertificateContext
CertCloseStore
CryptGetObjectUrl
CryptUIDlgSelectCertificateFromStore
TextOutA
CreateFontIndirectA
CreateRectRgnIndirect
GetObjectA
GetDeviceCaps
ExcludeClipRect
LineTo
DeleteDC
CreateSolidBrush
BitBlt
CreateDIBSection
StartDocA
CreateFontA
CreateEllipticRgn
CreateDCA
CreateBitmap
MoveToEx
GetStockObject
SetViewportOrgEx
GetDIBits
SelectClipRgn
CreateCompatibleDC
CreateRectRgn
SelectObject
GetTextExtentPoint32A
SetWindowOrgEx
DeleteObject
CreateCompatibleBitmap
ImmGetConversionStatus
ImmGetDefaultIMEWnd
ImmGetCompositionStringA
ImmDestroyContext
ImmGetContext
ImmCreateContext
ImmGetOpenStatus
ImmReleaseContext
ImmAssociateContext
GetStdHandle
GetConsoleOutputCP
FileTimeToSystemTime
GetFileAttributesA
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
lstrcatA
FreeEnvironmentStringsW
SetStdHandle
WideCharToMultiByte
GetStringTypeA
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
SetFileAttributesA
LocalFree
SetConsoleWindowInfo
FindClose
InterlockedDecrement
OutputDebugStringA
SetLastError
CopyFileA
ExitProcess
GetModuleFileNameA
SetConsoleScreenBufferSize
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
GetModuleHandleA
SetUnhandledExceptionFilter
SetEnvironmentVariableA
TerminateProcess
WriteConsoleA
GetCurrentThreadId
InterlockedIncrement
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetStartupInfoA
CreateDirectoryA
GetFullPathNameA
GetProcAddress
GetProcessHeap
CompareStringW
FindFirstFileA
lstrcpyA
CompareStringA
FindNextFileA
ExpandEnvironmentStringsA
GetTimeZoneInformation
GetConsoleWindow
IsDebuggerPresent
GetFileType
TlsSetValue
CreateFileA
HeapAlloc
LeaveCriticalSection
GetLastError
LCMapStringW
GetConsoleCP
LCMapStringA
GetEnvironmentStringsW
FileTimeToLocalFileTime
GetEnvironmentStrings
GetCurrentProcessId
GetCPInfo
HeapSize
GetCommandLineA
RaiseException
TlsFree
SetFilePointer
CloseHandle
GetACP
GetModuleHandleW
IsValidCodePage
HeapCreate
VirtualFree
Sleep
VirtualAlloc
acmStreamClose
acmStreamOpen
DrawDibOpen
GetOpenFileNamePreviewA
NetUserGetInfo
OleCreatePictureIndirect
glRectf
glClear
glColor3f
GetPerformanceInfo
SHGetDesktopFolder
SetFocus
IsRectEmpty
GetForegroundWindow
SetWindowRgn
ReleaseDC
EndDialog
BeginPaint
OffsetRect
CreateIconIndirect
GetMonitorInfoA
WindowFromPoint
DefWindowProcA
LoadBitmapA
SetWindowPos
GetWindowThreadProcessId
GetDesktopWindow
GetSystemMetrics
EnableMenuItem
IsWindow
GetWindowRect
EndPaint
MoveWindow
CallWindowProcA
MessageBoxA
GetWindowDC
SetWindowLongA
GetDC
EndDeferWindowPos
DrawTextA
GetIconInfo
LoadStringA
BeginDeferWindowPos
SendMessageA
GetClientRect
CreateWindowExA
GetDlgItem
DrawMenuBar
CharLowerBuffA
IsIconic
ScreenToClient
SetRect
GetWindowLongA
IsClipboardFormatAvailable
SetTimer
LoadCursorA
FillRect
MonitorFromPoint
DeferWindowPos
LoadImageA
GetSystemMenu
GetCursorPos
SetCursor
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA
WSAGetLastError
MTSCreateActivity
CreateStreamOnHGlobal
CoInitialize
GetHGlobalFromStream
Ord(601)
Ord(201)
Number of PE resources by type
PNG 2
LANG 1
RT_RCDATA 1
RT_MANIFEST 1
TXT 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 7
PE resources
Debug information
ExifTool file metadata
CodeSize
99328

SubsystemVersion
5.0

Comments
Brace Inventions Lost Looping Graphs

LinkerVersion
9.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
7.8.21.4

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Brace Inventions Lost Looping Graphs

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
135168

EntryPoint
0x7589

OriginalFileName
OverpaidConnectionstring.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright .PassMark Software All rights reserved.

FileVersion
7.8.21.4

TimeStamp
2016:02:01 05:35:29-08:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
7.8.21.4

UninitializedDataSize
0

OSVersion
5.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
PassMark Software

LegalTrademarks
Copyright .PassMark Software All rights reserved.

ProductName
OverpaidConnectionstring

ProductVersionNumber
7.8.21.4

FileTypeExtension
exe

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 1d53a61b4ec187230f23fd66076ff605
SHA1 5951a43680f23894d240c48eaa5747578c239082
SHA256 d1720ca6d8badb5aa1b158d371da86b5f7a4b02fea6f5a75c17cb29229edff57
ssdeep
3072:CZLA78y2sQCx/SU+706xIVFyNUXMvOhdxR5oap6eYW0WpSyxjHWx5nR+nYx:QLA5mCx/SX70ku8vTaRVb92x5n8y

authentihash dc0537cb3df20ec79790b5d7855a719ab687862291a8c0c58bb09edbc92042ad
imphash 0e52ea784a4aff13df7103611bf5f653
File size 230.0 KB ( 235520 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (47.7%)
Windows screen saver (22.6%)
Win32 Dynamic Link Library (generic) (11.3%)
Win32 Executable (generic) (7.7%)
OS/2 Executable (generic) (3.5%)
Tags
peexe via-tor

VirusTotal metadata
First submission 2016-02-01 13:57:57 UTC ( 3 years, 2 months ago )
Last submission 2019-02-05 03:52:53 UTC ( 2 months, 2 weeks ago )
File names k76j5hg[1].exe.3224.dr
OverpaidConnectionstring.exe
k76j5hg.exe.tmp
perdoma.exe
k76j5hg(1).exe
d1720ca6d8badb5aa1b158d371da86b5f7a4b02fea6f5a75c17cb29229edff57.bin
5951a43680f23894d240c48eaa5747578c239082 (1).exe
sample ._DONTEXECUTE
myfile.exe
CI_TMPcp__DT.exe
k76j5hg.exe
k76j5hg.exe
1d53a61b4ec187230f23fd66076ff605
k76j5hg.exe
1d53a61b4ec187230f23fd66076ff605.exe
k76j5hg[1].exe.2108.dr
k76j5hg[1].exe
setup.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Opened mutexes
Runtime DLLs
UDP communications