× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: d7a71f83d576fdf75e7978539bac04ad8b6605207b29379b89c24c0d0f31da61
File name: ApcRunCmd_DB4BBDC36A78A8807AD9B15A562515C4
Detection ratio: 56 / 69
Analysis date: 2018-12-21 07:04:31 UTC ( 1 month, 3 weeks ago )
Antivirus Result Update
Ad-Aware Trojan.Generic.KD.908590 20181221
AegisLab Trojan.Win32.EraseMBR.4!c 20181221
AhnLab-V3 Win-Trojan/Agent.24576.JPF 20181220
ALYac Trojan.KillDisk.MBR 20181221
Antiy-AVL Trojan/Win32.EraseMBR 20181221
Arcabit Trojan.Generic.KD.DDDD2E 20181221
Avast Win32:DarkSeoul-B [Trj] 20181221
AVG Win32:DarkSeoul-B [Trj] 20181221
Avira (no cloud) TR/KillMBR.Y.2 20181220
BitDefender Trojan.Generic.KD.908590 20181221
Bkav W32.KillMbrYHPtv1.Worm 20181220
CAT-QuickHeal Trojan.Dembr 20181220
ClamAV Win.Trojan.Agent-36952 20181221
Comodo Malware@#3tl1x0t3okp8v 20181220
Cybereason malicious.36a78a 20180225
Cylance Unsafe 20181221
Cyren W32/Jokra.DWCJ-4354 20181221
DrWeb Trojan.KillFiles.10563 20181221
Emsisoft Trojan.Generic.KD.908590 (B) 20181221
Endgame malicious (high confidence) 20181108
ESET-NOD32 Win32/KillDisk.NAS 20181221
F-Prot W32/Jokra.A 20181221
F-Secure Trojan.Generic.KD.908590 20181221
Fortinet W32/Kast.A!tr 20181221
GData Win32.Trojan.Agent.9VD1B3 20181221
Ikarus Trojan.Win32.EraseMBR 20181221
Jiangmin Trojan/EraseMBR.h 20181221
K7AntiVirus Trojan ( 0040f2721 ) 20181221
K7GW Trojan ( 0040f2721 ) 20181221
Kaspersky Trojan.Win32.EraseMBR.b 20181221
Kingsoft Win32.Troj.Agent.BV.(kcloud) 20181221
Malwarebytes Trojan.MBR.Killer 20181221
MAX malware (ai score=100) 20181221
McAfee KillMBR-FBIA 20181221
McAfee-GW-Edition KillMBR-FBIA 20181220
Microsoft Trojan:Win32/Dembr.A 20181220
eScan Trojan.Generic.KD.908590 20181221
NANO-Antivirus Virus.Win32.Gen.ccmw 20181221
Palo Alto Networks (Known Signatures) generic.ml 20181221
Panda Generic Malware 20181220
Qihoo-360 Win32/Trojan.c81 20181221
Rising Trojan.Hastati!1.6750 (CLOUD) 20181221
Sophos AV Troj/MBRKill-A 20181221
Symantec Trojan.Jokra 20181221
TACHYON Trojan/W32.KillMBR.Gen 20181221
Tencent Trojan.Win32.DataWiper.b 20181221
TheHacker Trojan/KillDisk.nas 20181220
TrendMicro TROJ_KILLMBR.SM 20181221
TrendMicro-HouseCall TROJ_KILLMBR.SM 20181221
VBA32 OScope.Trojan.KillMBR.2113 20181220
ViRobot Trojan.Win32.S.KillMBR.24576 20181220
Webroot W32.Trojan.Gen 20181221
Yandex Trojan.EraseMBR!+80n0qBNT48 20181220
Zillya Trojan.EraseMBR.Win32.4 20181219
ZoneAlarm by Check Point Trojan.Win32.EraseMBR.b 20181221
Zoner Trojan.KillDisk.NAS 20181221
Acronis 20180726
Alibaba 20180921
Avast-Mobile 20181220
Babable 20180918
Baidu 20181207
CMC 20181220
CrowdStrike Falcon (ML) 20181022
eGambit 20181221
Sophos ML 20181128
SentinelOne (Static ML) 20181011
SUPERAntiSpyware 20181220
Symantec Mobile Insight 20181215
Trapmine 20181205
Trustlook 20181221
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-01-31 10:27:18
Entry Point 0x00001000
Number of sections 3
PE sections
PE imports
HeapFree
GetStdHandle
LCMapStringW
SetHandleCount
GetOEMCP
LCMapStringA
HeapDestroy
ExitProcess
GetEnvironmentStringsW
GetModuleFileNameA
RtlUnwind
LoadLibraryA
FreeEnvironmentStringsA
GetCurrentProcess
GetEnvironmentStrings
GetCPInfo
UnhandledExceptionFilter
MultiByteToWideChar
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
WideCharToMultiByte
GetStringTypeA
WriteFile
GetStartupInfoA
GetACP
HeapReAlloc
GetStringTypeW
TerminateProcess
HeapCreate
VirtualFree
GetFileType
HeapAlloc
GetVersion
VirtualAlloc
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

SubsystemVersion
4.0

MachineType
Intel 386 or later, and compatibles

TimeStamp
2013:01:31 11:27:18+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
12288

LinkerVersion
6.0

FileTypeExtension
exe

InitializedDataSize
8192

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

EntryPoint
0x1000

OSVersion
4.0

ImageVersion
0.0

UninitializedDataSize
0

Overlay parents
Compressed bundles
File identification
MD5 db4bbdc36a78a8807ad9b15a562515c4
SHA1 309af225ac59e1d2ffaada11e09f5715bce16c1e
SHA256 d7a71f83d576fdf75e7978539bac04ad8b6605207b29379b89c24c0d0f31da61
ssdeep
192:0v5uXGwnkGjGlCdhAtNvIQszEtTmhVYWY02noM1qtT57MkJRVtyycpc7numoZ9:E5uXGw/ClCTEZ3WNDMEN5yycpcrumoZ

authentihash 8aa11954d8f4b60de8febe0cc685da5406c52b4b451ab43ab2fdf416afa26167
imphash 8cf2375491e257d65da71e5d263d7df7
File size 24.0 KB ( 24576 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2013-03-20 08:40:34 UTC ( 5 years, 11 months ago )
Last submission 2018-12-21 07:04:31 UTC ( 1 month, 3 weeks ago )
File names 1.ex_
DB4BBDC36A78A8807AD9B15A562515C4.exe
4.exe
DarkSeoul_DB4BBDC36A78A8807AD9B15A562515C4
mbr_del.ex
d7a71f83d576fdf75e7978539bac04ad8b6605207b29379b89c24c0d0f31da61
sample
132
vti-rescan
01_ApcRunCmd.exe-
320.exe
AgentBase.vxe
ApcRunCmd.exe
ApcRunCmd_DB4BBDC36A78A8807AD9B15A562515C4
DarkSeoul_DB4BBDC36A78A8807AD9B15A562515C4
ApcRunCmd_DB4BBDC36A78A8807AD9B15A562515C4
vt-upload-oWiLN
DB4BBDC36A78A8807AD9B15A562515C4_ApcRunCmd.exe_
DB4BBDC36A78A8807AD9B15A562515C4.exe
2
DB4BBDC36A78A8807AD9B15A562515C4
ApcRunCmd_DB4BBDC36A78A8807AD9B15A562515C4.exe
a.exe.exe
ApcRunCmd.exe-
db4bbdc36a78a8807ad9b15a562515c4
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!