× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: d64f842dcdb2f7d451aa9c46cb1d7d997ac399ed9abba57fe1c443636444cc11
File name: a9cd27b3d4b4ebd8c6c5889e35025e42
Detection ratio: 24 / 52
Analysis date: 2014-05-13 05:29:51 UTC ( 4 years, 10 months ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Kazy.379228 20140513
AntiVir TR/Kazy.379228 20140513
Antiy-AVL Trojan/Win32.SGeneric 20140513
AVG Lebros.JB 20140512
BitDefender Gen:Variant.Kazy.379228 20140513
CMC Packed.Win32.Fareit.1!O 20140512
Emsisoft Gen:Variant.Kazy.379228 (B) 20140513
ESET-NOD32 a variant of Win32/Kryptik.CBQL 20140513
F-Secure Gen:Variant.Kazy.379228 20140513
Fortinet W32/Yakes.CBNS!tr 20140513
GData Gen:Variant.Kazy.379228 20140513
Kaspersky Trojan.Win32.Yakes.eoxv 20140513
Kingsoft Win32.Troj.Generic.a.(kcloud) 20140513
Malwarebytes Backdoor.Bot.ED 20140513
McAfee Artemis!A9CD27B3D4B4 20140513
McAfee-GW-Edition Artemis!A9CD27B3D4B4 20140513
Microsoft Backdoor:Win32/Caphaw.A 20140513
eScan Gen:Variant.Kazy.379228 20140513
Panda Trj/CI.A 20140512
Qihoo-360 HEUR/Malware.QVM20.Gen 20140513
Rising PE:Malware.Obscure!1.9C59 20140507
Sophos AV Mal/Generic-S 20140513
TrendMicro-HouseCall TROJ_GEN.R0CBH07EC14 20140513
VIPRE Trojan.Win32.Generic!BT 20140513
AegisLab 20140513
Yandex 20140511
AhnLab-V3 20140512
Avast 20140513
Baidu-International 20140512
Bkav 20140512
ByteHero 20140513
CAT-QuickHeal 20140513
ClamAV 20140513
Commtouch 20140513
Comodo 20140513
DrWeb 20140513
F-Prot 20140513
Ikarus 20140513
Jiangmin 20140513
K7AntiVirus 20140509
K7GW 20140509
NANO-Antivirus 20140513
Norman 20140512
nProtect 20140512
SUPERAntiSpyware 20140513
Symantec 20140513
TheHacker 20140512
TotalDefense 20140512
TrendMicro 20140513
VBA32 20140512
ViRobot 20140513
Zillya 20140512
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-05-10 05:59:53
Entry Point 0x00006AF0
Number of sections 4
PE sections
PE imports
GetDeviceCaps
SelectObject
HeapAlloc
IsDebuggerPresent
GetCurrentProcess
TerminateProcess
RtlUnwind
UnregisterWait
Sleep
ExitProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
LoadLibraryExW
DeleteAtom
CloseHandle
VirtualLock
GetTickCount
GetProcAddress
VirtualAlloc
GetModuleHandleW
VariantClear
ShowWindow
DestroyWindow
waveOutGetPlaybackRate
closesocket
CoUninitialize
CoCreateInstance
PE exports
Number of PE resources by type
RT_BITMAP 2
RT_STRING 1
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
RUSSIAN 4
ENGLISH US 1
PE resources
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
368640

ImageVersion
0.0

FileVersionNumber
1.0.2.1

LanguageCode
Unknown (0875)

FileFlagsMask
0x0017

CharacterSet
Unknown (F7R0)

LinkerVersion
8.0

MIMEType
application/octet-stream

TimeStamp
2014:05:10 06:59:53+01:00

FileType
Win32 EXE

PEType
PE32

FileAccessDate
2014:05:13 06:38:56+01:00

SubsystemVersion
4.0

OSVersion
4.0

FileCreateDate
2014:05:13 06:38:56+01:00

FileOS
Unknown (0x5)

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
28672

FileSubtype
0

ProductVersionNumber
1.0.0.1

EntryPoint
0x6af0

ObjectFileType
Executable application

File identification
MD5 a9cd27b3d4b4ebd8c6c5889e35025e42
SHA1 02db1a2537e55f128ab5d0fee62671fb5e372b10
SHA256 d64f842dcdb2f7d451aa9c46cb1d7d997ac399ed9abba57fe1c443636444cc11
ssdeep
3072:F/qJ9K/Y5SAbiAKkrwg/t4xWT3CJxC0CBWSRDaRtBO1XDM2AwOqPTzLr7a:F60TAbi50luxWTyJxCHECDaNOkGO

imphash a223fd0e8b7ba61b4e277caf85677d5c
File size 392.0 KB ( 401408 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe

VirusTotal metadata
First submission 2014-05-13 05:29:51 UTC ( 4 years, 10 months ago )
Last submission 2014-05-13 05:29:51 UTC ( 4 years, 10 months ago )
File names a9cd27b3d4b4ebd8c6c5889e35025e42
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
HTTP requests
DNS requests
TCP connections
UDP communications