× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: d55359655bcaeadae41c47a89841a77b79997f8f4b234acc353fd71744496b86
File name: Xoerm.exe
Detection ratio: 8 / 55
Analysis date: 2015-09-08 03:38:36 UTC ( 3 years, 6 months ago ) View latest
Antivirus Result Update
Baidu-International Trojan.Win32.Zbot.ACB 20150907
CMC Trojan.Win32.Swizzor.1!O 20150902
ESET-NOD32 Win32/Spy.Zbot.ACB 20150908
K7GW Spyware ( 004a08e61 ) 20150908
Kaspersky UDS:DangerousObject.Multi.Generic 20150908
McAfee Artemis!037F1DE70058 20150908
McAfee-GW-Edition Artemis 20150907
Qihoo-360 Win32/Trojan.Multi.daf 20150908
Ad-Aware 20150908
AegisLab 20150907
Yandex 20150907
AhnLab-V3 20150907
Alibaba 20150902
ALYac 20150908
Antiy-AVL 20150908
Arcabit 20150905
Avast 20150908
AVG 20150908
Avira (no cloud) 20150908
AVware 20150901
BitDefender 20150908
Bkav 20150907
ByteHero 20150908
CAT-QuickHeal 20150907
ClamAV 20150907
Comodo 20150908
Cyren 20150908
DrWeb 20150908
Emsisoft 20150908
F-Prot 20150908
F-Secure 20150908
Fortinet 20150908
GData 20150908
Ikarus 20150908
Jiangmin 20150907
K7AntiVirus 20150907
Kingsoft 20150908
Malwarebytes 20150907
Microsoft 20150908
eScan 20150908
NANO-Antivirus 20150908
nProtect 20150907
Panda 20150907
Rising 20150906
Sophos AV 20150907
Symantec 20150907
Tencent 20150908
TheHacker 20150907
TrendMicro 20150908
TrendMicro-HouseCall 20150908
VBA32 20150907
VIPRE 20150907
ViRobot 20150908
Zillya 20150908
Zoner 20150908
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-09-07 12:59:25
Entry Point 0x0001D174
Number of sections 4
PE sections
PE imports
GetLastError
InitializeCriticalSection
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
SetHandleCount
GetModuleFileNameW
GetOEMCP
QueryPerformanceCounter
TlsSetValue
IsDebuggerPresent
GetTickCount
TlsAlloc
GetEnvironmentStringsW
GetVersionExA
LoadLibraryA
GetProcessHeap
GetModuleFileNameA
GetLocalTime
VirtualFree
FreeEnvironmentStringsA
DeleteCriticalSection
GetStartupInfoA
EnumSystemLocalesA
GetStartupInfoW
GetEnvironmentStrings
GetLocaleInfoA
GetCurrentProcessId
GetCommandLineW
GetCPInfo
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
HeapSize
FreeEnvironmentStringsW
GetCommandLineA
GetUserDefaultLCID
TlsFree
GetLocaleInfoW
ExitProcess
RemoveDirectoryW
RaiseException
WideCharToMultiByte
LoadLibraryW
GetStringTypeA
GetModuleHandleA
SetSystemPowerState
SetUnhandledExceptionFilter
WriteFile
GetCurrentProcess
MulDiv
GetSystemTimeAsFileTime
IsValidLocale
GetACP
HeapReAlloc
GetStringTypeW
GetProcAddress
SetEvent
TerminateProcess
RtlUnwind
LCMapStringA
IsValidCodePage
HeapCreate
CreateFileW
CreateProcessW
InterlockedDecrement
Sleep
GetFileType
SetFileAttributesW
HeapDestroy
HeapAlloc
GetCurrentThreadId
LeaveCriticalSection
VirtualAlloc
SetLastError
InterlockedIncrement
AddPrinterDriverExW
EnumFormsW
EnumPortsW
ReadPrinter
AddMonitorW
WritePrinter
SetFormW
AddJobW
ResetPrinterW
DeletePrinterDataExW
AddPrinterConnectionW
XcvDataW
DeletePrinterConnectionW
SetPortW
SetPrinterDataExW
StartPagePrinter
ScheduleJob
DeletePrinterDataW
SetJobW
EnumMonitorsW
DeletePrinterKeyW
AddPrintProvidorW
DeletePrinterDriverW
EnumJobsW
EndPagePrinter
AddPortW
PrinterMessageBoxW
DeletePrinterDriverExW
WaitForPrinterChange
StartDocPrinterW
AddPrintProcessorW
SetPrinterDataW
EndDocPrinter
AddPrinterDriverW
AddFormW
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
LegalTrademarks
Notewave simpleiron Substancesuntouch electricinstrument

SubsystemVersion
4.0

LinkerVersion
8.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.2.1647.6078

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

FileDescription
Bullhorn

CharacterSet
Unknown (04E0)

InitializedDataSize
200704

EntryPoint
0x1d174

OriginalFileName
spotreply.exe

MIMEType
application/octet-stream

LegalCopyright
Poorever

FileVersion
1.2.1647.6078

TimeStamp
2015:09:07 13:59:25+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Bullhorn

ProductVersion
1.2.1647.6078

UninitializedDataSize
0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
charttable diefew

CodeSize
163840

ProductName
Bullhorn

ProductVersionNumber
1.2.1647.6078

FileTypeExtension
exe

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 037f1de70058317a959be7bee0beefc8
SHA1 cd7be7e5f48b679b68a7fbf1e6a2afb735757d0b
SHA256 d55359655bcaeadae41c47a89841a77b79997f8f4b234acc353fd71744496b86
ssdeep
6144:RtKIMLMxd1YUrM2zcQ7PGYbxk5TtBleLzV:RtjBxwGgoVkFV

authentihash 1b95457b9cd40d9fb1c4d7f96fc34b4c213a9fdf0df47e4b6fa9602af3e21556
imphash 51e1e976832f2148af10bacfae0f326a
File size 280.0 KB ( 286720 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2015-09-08 01:25:00 UTC ( 3 years, 6 months ago )
Last submission 2018-07-10 04:18:35 UTC ( 8 months, 2 weeks ago )
File names DCC7.TMP
Xoerm.exe
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Runtime DLLs