× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: d47f7fc68094d659652c23f6ddf4785652251152e09717e8b80937d3393c01a7
File name: tmp941a6d18.exe
Detection ratio: 5 / 51
Analysis date: 2014-04-23 13:15:23 UTC ( 4 years, 11 months ago ) View latest
Antivirus Result Update
ESET-NOD32 a variant of Win32/Injector.BCLF 20140423
Malwarebytes Spyware.Zbot.ED 20140423
McAfee Downloader-FYH!7DEB261C962B 20140423
Qihoo-360 Malware.QVM07.Gen 20140423
ViRobot Trojan.Win32.Agent.512512.A 20140423
Ad-Aware 20140423
AegisLab 20140423
Yandex 20140423
AhnLab-V3 20140423
AntiVir 20140423
Antiy-AVL 20140423
Avast 20140423
AVG 20140423
Baidu-International 20140423
BitDefender 20140423
Bkav 20140423
ByteHero 20140423
CAT-QuickHeal 20140423
ClamAV 20140422
CMC 20140422
Commtouch 20140423
Comodo 20140423
DrWeb 20140423
Emsisoft 20140423
F-Prot 20140423
F-Secure 20140423
Fortinet 20140422
GData 20140423
Ikarus 20140423
Jiangmin 20140423
K7AntiVirus 20140422
K7GW 20140422
Kaspersky 20140423
Kingsoft 20140423
McAfee-GW-Edition 20140422
Microsoft 20140423
eScan 20140423
NANO-Antivirus 20140423
Norman 20140423
nProtect 20140423
Panda 20140423
Rising 20140423
Sophos AV 20140423
SUPERAntiSpyware 20140423
Symantec 20140423
TheHacker 20140423
TotalDefense 20140423
TrendMicro 20140423
TrendMicro-HouseCall 20140423
VBA32 20140422
VIPRE 20140423
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-04-07 14:53:53
Entry Point 0x00002A20
Number of sections 4
PE sections
PE imports
DeleteDC
SelectObject
BitBlt
GetPixel
MaskBlt
GetObjectW
CreateBitmap
CreateCompatibleDC
DeleteObject
CreateCompatibleBitmap
GetModuleFileNameW
VirtualAlloc
GetStartupInfoW
GetModuleHandleW
Ord(3820)
Ord(2406)
Ord(4525)
Ord(2438)
Ord(5573)
Ord(4621)
Ord(4298)
Ord(5298)
Ord(1634)
Ord(354)
Ord(2980)
Ord(6371)
Ord(1971)
Ord(6113)
Ord(5237)
Ord(3313)
Ord(4073)
Ord(6048)
Ord(5278)
Ord(5006)
Ord(4435)
Ord(5736)
Ord(5236)
Ord(4523)
Ord(5727)
Ord(3744)
Ord(4616)
Ord(3167)
Ord(6332)
Ord(2873)
Ord(6168)
Ord(4717)
Ord(5869)
Ord(4852)
Ord(1569)
Ord(4539)
Ord(6370)
Ord(815)
Ord(366)
Ord(3257)
Ord(2546)
Ord(641)
Ord(3917)
Ord(3449)
Ord(2388)
Ord(3566)
Ord(338)
Ord(4343)
Ord(2502)
Ord(3076)
Ord(3345)
Ord(4233)
Ord(5256)
Ord(1633)
Ord(1739)
Ord(4430)
Ord(3142)
Ord(3060)
Ord(3193)
Ord(5285)
Ord(4617)
Ord(4381)
Ord(1165)
Ord(617)
Ord(4154)
Ord(4604)
Ord(5710)
Ord(5276)
Ord(4146)
Ord(4401)
Ord(665)
Ord(2874)
Ord(4335)
Ord(5273)
Ord(4886)
Ord(1767)
Ord(4831)
Ord(4480)
Ord(4229)
Ord(823)
Ord(4269)
Ord(1937)
Ord(4537)
Ord(4958)
Ord(813)
Ord(2504)
Ord(5257)
Ord(5157)
Ord(5468)
Ord(6051)
Ord(5261)
Ord(3074)
Ord(1658)
Ord(2613)
Ord(3592)
Ord(4884)
Ord(2047)
Ord(2977)
Ord(2116)
Ord(5233)
Ord(2641)
Ord(1834)
Ord(4268)
Ord(3053)
Ord(674)
Ord(2382)
Ord(975)
Ord(5070)
Ord(4606)
Ord(6076)
Ord(2715)
Ord(4426)
Ord(3398)
Ord(4414)
Ord(2397)
Ord(4992)
Ord(5297)
Ord(4461)
Ord(520)
Ord(4817)
Ord(3743)
Ord(986)
Ord(2377)
Ord(4893)
Ord(3825)
Ord(4419)
Ord(323)
Ord(4074)
Ord(1719)
Ord(2640)
Ord(1089)
Ord(5180)
Ord(4421)
Ord(4520)
Ord(3254)
Ord(2506)
Ord(4947)
Ord(3341)
Ord(4237)
Ord(4451)
Ord(4692)
Ord(4582)
Ord(4847)
Ord(2534)
Ord(1817)
Ord(4347)
Ord(5248)
Ord(2717)
Ord(324)
Ord(560)
Ord(2391)
Ord(5296)
Ord(1768)
Ord(4704)
Ord(3793)
Ord(4955)
Ord(3826)
Ord(5193)
Ord(2971)
Ord(5239)
Ord(1720)
Ord(4075)
Ord(652)
Ord(5094)
Ord(4420)
Ord(5097)
Ord(4459)
Ord(4364)
Ord(3733)
Ord(5303)
Ord(4518)
Ord(6171)
Ord(5208)
Ord(4583)
Ord(561)
Ord(5781)
Ord(3054)
Ord(3658)
Ord(6372)
Ord(3131)
Ord(825)
Ord(5059)
Ord(6211)
Ord(4072)
Ord(640)
Ord(4103)
Ord(4370)
Ord(296)
Ord(5649)
Ord(4418)
Ord(5286)
Ord(4690)
Ord(3621)
_except_handler3
__p__fmode
_adjust_fdiv
__CxxFrameHandler
__p__commode
__setusermatherr
__dllonexit
_onexit
__wgetmainargs
wcscat
exit
_XcptFilter
_wfopen
_initterm
_controlfp
_wcmdln
_exit
__set_app_type
EnableWindow
GetClientRect
LoadImageW
UpdateWindow
Number of PE resources by type
RT_BITMAP 35
RT_STRING 12
RT_HTML 1
Struct(15) 1
Struct(144) 1
RT_MENU 1
Number of PE resources by language
NEUTRAL *unknown* 23
ENGLISH US 14
NEUTRAL 13
CHINESE SIMPLIFIED 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2014:04:07 15:53:53+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
8192

LinkerVersion
2.0

FileAccessDate
2014:04:29 06:23:51+01:00

EntryPoint
0x2a20

InitializedDataSize
454656

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

FileCreateDate
2014:04:29 06:23:51+01:00

UninitializedDataSize
0

File identification
MD5 7deb261c962bb9761e2531ec9aff35f9
SHA1 a820e152a01cac170201363c827614df2fc1451d
SHA256 d47f7fc68094d659652c23f6ddf4785652251152e09717e8b80937d3393c01a7
ssdeep
6144:mrp01u7Y8TFKAyBTo5Nz7YbY79NRmRABytconsNHV:Z1e/ZeBTs4s79W+FosN1

imphash 8b1d155734e5496dfd42ee34c9d930fe
File size 467.8 KB ( 478988 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386

TrID Win32 Executable (generic) (52.9%)
Generic Win/DOS Executable (23.5%)
DOS Executable Generic (23.4%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe

VirusTotal metadata
First submission 2014-04-23 13:15:23 UTC ( 4 years, 11 months ago )
Last submission 2014-04-29 05:23:37 UTC ( 4 years, 10 months ago )
File names tmp941a6d18.exe
d47f7fc68094d659652c23f6ddf4785652251152e09717e8b80937d3393c01a7.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
DNS requests