× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: d1d47d85048755e01f6bac0a0dc32801fcd22680394adf5b62bb13dbba8a4a8c
File name: 1140285b480890dec066bdbe2dc37b5cd3e991d6
Detection ratio: 7 / 55
Analysis date: 2015-04-04 02:24:40 UTC ( 3 years, 11 months ago ) View latest
Antivirus Result Update
ESET-NOD32 a variant of Win32/Kryptik.DDVX 20150403
Fortinet W32/Kryptik.CAHR!tr 20150404
Malwarebytes Trojan.Agent.ED 20150404
McAfee Artemis!7820B6282CA2 20150404
McAfee-GW-Edition BehavesLike.Win32.Sdbot.hz 20150403
Sophos AV Mal/EncPk-NS 20150404
Tencent Trojan.Win32.Qudamah.Gen.6 20150404
Ad-Aware 20150404
AegisLab 20150404
Yandex 20150403
AhnLab-V3 20150403
Alibaba 20150404
ALYac 20150404
Antiy-AVL 20150403
Avast 20150404
AVG 20150404
Avira (no cloud) 20150404
AVware 20150404
Baidu-International 20150403
BitDefender 20150404
Bkav 20150403
ByteHero 20150404
CAT-QuickHeal 20150403
ClamAV 20150403
CMC 20150403
Comodo 20150403
Cyren 20150404
DrWeb 20150404
Emsisoft 20150404
F-Prot 20150401
F-Secure 20150404
GData 20150404
Ikarus 20150403
K7AntiVirus 20150403
K7GW 20150403
Kaspersky 20150404
Kingsoft 20150404
Microsoft 20150404
eScan 20150404
NANO-Antivirus 20150404
Norman 20150403
nProtect 20150403
Panda 20150401
Qihoo-360 20150404
Rising 20150403
SUPERAntiSpyware 20150403
Symantec 20150404
TheHacker 20150403
TotalDefense 20150403
TrendMicro 20150404
TrendMicro-HouseCall 20150404
VBA32 20150403
VIPRE 20150404
ViRobot 20150404
Zillya 20150403
Zoner 20150403
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2005-08-04 02:59:49
Entry Point 0x00001000
Number of sections 13
PE sections
PE imports
GetSystemTime
GetCommTimeouts
FindAtomW
LoadLibraryExA
CreateProcessA
GetLogicalDriveStringsA
WriteConsoleA
VirtualFreeEx
GlobalDeleteAtom
OutputDebugStringW
OpenEventW
ReadFileEx
WritePrivateProfileSectionA
GetVersionExA
GetDiskFreeSpaceA
CommConfigDialogA
InterlockedIncrement
Number of PE resources by type
RT_BITMAP 1
RT_VERSION 1
Number of PE resources by language
NEUTRAL 1
ENGLISH US 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2005:08:04 03:59:49+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
422912

LinkerVersion
0.0

EntryPoint
0x1000

InitializedDataSize
125952

SubsystemVersion
4.1

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 7820b6282ca200f5c43e9c498b58c99a
SHA1 4730d10fb382eb410215cad3a025ec12100f1dee
SHA256 d1d47d85048755e01f6bac0a0dc32801fcd22680394adf5b62bb13dbba8a4a8c
ssdeep
3072:fnJCcn79wdu8eF9vmJk13nc6giRIctGf9bB:fnJCc7edu3Ce3AcU9

authentihash c076abd55c1d0738d4b66ee0fbd09d891d0379d92144ce42f1433af2ebba2aa6
imphash c80196dbb1efe9ea3170670d98bbd8e9
File size 562.5 KB ( 576000 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable (generic) (52.7%)
Generic Win/DOS Executable (23.4%)
DOS Executable Generic (23.4%)
VXD Driver (0.3%)
Tags
peexe

VirusTotal metadata
First submission 2015-04-04 02:24:40 UTC ( 3 years, 11 months ago )
Last submission 2015-04-04 02:24:40 UTC ( 3 years, 11 months ago )
File names 1140285b480890dec066bdbe2dc37b5cd3e991d6
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Created mutexes
Opened mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
UDP communications