× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: d37158089aa5be8cb625d29efff3fbdd2608bbb9c5008dda2e836234ab6ad0bd
File name: 2015-04-30-Angler-EK-Payload7.exe
Detection ratio: 29 / 56
Analysis date: 2015-05-02 18:54:35 UTC ( 2 years ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.2351702 20150502
Yandex Trojan.Foreign!u0xUdToc9Do 20150502
ALYac Trojan.GenericKD.2351702 20150502
AVG Crypt4.YEC 20150502
Avira (no cloud) TR/Crypt.Xpack.192354 20150502
AVware Win32.Malware!Drop 20150502
Baidu-International Trojan.Win32.Ransom.mhjx 20150502
BitDefender Trojan.GenericKD.2351702 20150502
Cyren W32/S-0b92b060!Eldorado 20150502
Emsisoft Trojan.GenericKD.2351702 (B) 20150502
ESET-NOD32 a variant of Win32/Kryptik.DGWM 20150502
F-Prot W32/S-0b92b060!Eldorado 20150502
F-Secure Trojan.GenericKD.2351702 20150502
Fortinet W32/Kryptik.DGWM!tr 20150502
GData Trojan.GenericKD.2351702 20150502
Ikarus Trojan.Win32.Crypt 20150502
K7AntiVirus Trojan ( 004bf3f31 ) 20150502
K7GW Trojan ( 004bf3f31 ) 20150502
Kaspersky Trojan-Ransom.Win32.Foreign.mhjx 20150502
McAfee Artemis!AF15CFEEA5CD 20150502
Microsoft Trojan:Win32/Lethic.B 20150502
eScan Trojan.GenericKD.2351702 20150502
Panda Trj/Chgt.O 20150502
Qihoo-360 HEUR/QVM10.1.Malware.Gen 20150502
Sophos Mal/Generic-S 20150502
Symantec WS.Reputation.1 20150502
TrendMicro-HouseCall Suspicious_GEN.F47V0430 20150502
VIPRE Win32.Malware!Drop 20150502
ViRobot Trojan.Win32.A.Foreign.146432.N[h] 20150502
AegisLab 20150502
AhnLab-V3 20150502
Alibaba 20150502
Antiy-AVL 20150502
Avast 20150502
Bkav 20150425
ByteHero 20150502
CAT-QuickHeal 20150502
ClamAV 20150502
CMC 20150501
Comodo 20150502
DrWeb 20150502
Jiangmin 20150430
Kingsoft 20150502
McAfee-GW-Edition 20150502
NANO-Antivirus 20150502
Norman 20150502
nProtect 20150430
Rising 20150502
SUPERAntiSpyware 20150502
Tencent 20150516
TheHacker 20150501
TotalDefense 20150430
TrendMicro 20150502
VBA32 20150501
Zillya 20150501
Zoner 20150430
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (C) Lack 2006-2013

Publisher Principal etc mighty - www.Lack.com
Product Lack
File version 2.0.0.1
Description Gain hollow nails reader thou burst
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-04-30 09:46:19
Entry Point 0x00004692
Number of sections 4
PE sections
PE imports
SetThreadLocale
GetStdHandle
GetConsoleOutputCP
WaitForSingleObject
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
LocalAlloc
SetErrorMode
FreeEnvironmentStringsW
EnumResourceLanguagesW
GetTempPathA
GetCPInfo
GetStringTypeA
WriteFile
GetSystemTimeAsFileTime
GetDiskFreeSpaceA
GetStringTypeW
SetEvent
LocalFree
ConnectNamedPipe
InitializeCriticalSection
LoadResource
GlobalHandle
FindClose
TlsGetValue
FormatMessageA
GetStringTypeExA
SetLastError
DeviceIoControl
GlobalFindAtomA
ExitProcess
FlushFileBuffers
GetModuleFileNameA
EnumCalendarInfoA
LoadLibraryExA
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
SetFilePointer
CreateThread
GlobalAddAtomA
SetUnhandledExceptionFilter
MulDiv
TerminateProcess
WriteConsoleA
GlobalAlloc
SetEndOfFile
GetVersion
InterlockedIncrement
SetCurrentDirectoryA
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
FreeLibrary
QueryPerformanceCounter
GetTickCount
TlsAlloc
GetVersionExA
LoadLibraryA
RtlUnwind
GetStartupInfoA
GetFileSize
LCMapStringW
GetModuleHandleW
GlobalLock
GetNamedPipeHandleStateW
GlobalReAlloc
FindFirstFileA
lstrcpyA
CompareStringA
GetProcAddress
CreateEventA
CopyFileA
GetFileType
TlsSetValue
CreateFileA
HeapAlloc
LeaveCriticalSection
GetLastError
GlobalDeleteAtom
HeapCreate
GetSystemInfo
lstrlenA
GlobalFree
GetConsoleCP
LCMapStringA
HeapReAlloc
IsDebuggerPresent
GetThreadLocale
GetEnvironmentStringsW
GlobalUnlock
VirtualQuery
SizeofResource
GetCurrentProcessId
LockResource
GetProcessHeaps
WideCharToMultiByte
HeapSize
GetCommandLineA
RaiseException
TlsFree
GetModuleHandleA
ReadFile
CloseHandle
lstrcpynA
GetACP
GetCurrentThreadId
FreeResource
SetStdHandle
GetEnvironmentStrings
CreateProcessA
IsValidCodePage
UnmapViewOfFile
VirtualFree
Sleep
FindResourceA
VirtualAlloc
GetOEMCP
ResetEvent
Number of PE resources by type
RT_STRING 12
RT_GROUP_CURSOR 6
RT_CURSOR 6
RT_BITMAP 2
RT_MESSAGETABLE 1
RT_MANIFEST 1
RT_ACCELERATOR 1
RT_VERSION 1
Number of PE resources by language
NEUTRAL 13
URDU PAKISTAN 12
KOREAN 2
BENGALI SYS DEFAULT 1
LITHUANIAN 1
NEUTRAL SYS DEFAULT 1
PE resources
ExifTool file metadata
LegalTrademarks
Lack

SubsystemVersion
5.0

LinkerVersion
9.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
4.5.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Gain hollow nails reader thou burst

CharacterSet
Windows, Latin1

InitializedDataSize
82432

FileOS
Windows 16-bit

EntryPoint
0x4692

MIMEType
application/octet-stream

LegalCopyright
Copyright (C) Lack 2006-2013

FileVersion
2.0.0.1

TimeStamp
2015:04:30 10:46:19+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Principal.exe

ProductVersion
4.0

UninitializedDataSize
0

OSVersion
5.0

OriginalFilename
Principal.exe

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Principal etc mighty - www.Lack.com

CodeSize
62976

ProductName
Lack

ProductVersionNumber
3.8.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

PCAP parents
File identification
MD5 af15cfeea5cdbde03ecd51bbc213dc1e
SHA1 12c49425f3b037eecd5b8941d0c849d230ed2a7d
SHA256 d37158089aa5be8cb625d29efff3fbdd2608bbb9c5008dda2e836234ab6ad0bd
ssdeep
3072:ivowVhcyMAdod+gkfDDffffNfffLffffnWzxH:i/XcyMZ

authentihash 4b2cefead623702cdc66c2d39a96d0db04326e30806ca02ff2d06f13cd106f91
imphash 39545eb6dffb34507abc01e487b0a86b
File size 143.0 KB ( 146432 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe

VirusTotal metadata
First submission 2015-04-30 10:35:23 UTC ( 2 years ago )
Last submission 2015-05-02 18:54:35 UTC ( 2 years ago )
File names 2015-04-30-Angler-EK-Payload7.exe
dq227fjr48.exe
dq227fjr46.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created processes
Opened mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
UDP communications