× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: d841ae0e679edd93cbed7b60b1950ab91586c5d9c7f9f063ac66e6f0ea166cf7
File name: Sneaksy 03_32.exe
Detection ratio: 0 / 57
Analysis date: 2015-01-17 01:49:24 UTC ( 3 months ago )
Antivirus Result Update
ALYac 20150117
AVG 20150117
AVware 20150117
Ad-Aware 20150117
AegisLab 20150117
Agnitum 20150116
AhnLab-V3 20150116
Alibaba 20150116
Antiy-AVL 20150117
Avast 20150117
Avira 20150117
Baidu-International 20150116
BitDefender 20150117
Bkav 20150116
ByteHero 20150117
CAT-QuickHeal 20150116
CMC 20150116
ClamAV 20150116
Comodo 20150117
Cyren 20150117
DrWeb 20150117
ESET-NOD32 20150116
Emsisoft 20150117
F-Prot 20150117
F-Secure 20150117
Fortinet 20150117
GData 20150117
Ikarus 20150116
Jiangmin 20150116
K7AntiVirus 20150116
K7GW 20150116
Kaspersky 20150117
Kingsoft 20150117
Malwarebytes 20150116
McAfee 20150117
McAfee-GW-Edition 20150117
MicroWorld-eScan 20150117
Microsoft 20150117
NANO-Antivirus 20150116
Norman 20150116
Panda 20150116
Qihoo-360 20150117
Rising 20150116
SUPERAntiSpyware 20150117
Sophos 20150117
Symantec 20150117
Tencent 20150117
TheHacker 20150116
TotalDefense 20150116
TrendMicro 20150117
TrendMicro-HouseCall 20150117
VBA32 20150116
VIPRE 20150117
ViRobot 20150117
Zillya 20150116
Zoner 20150116
nProtect 20150116
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Developer metadata
Copyright
2013 All rights reserved worldwide

Product
File version 0.3.0.0
Description
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-08-23 14:14:54
Link date 3:14 PM 8/23/2013
Entry Point 0x0019FCDB
Number of sections 5
PE sections
PE imports
RegDeleteKeyA
CryptReleaseContext
RegCloseKey
RegQueryValueExA
CryptGenRandom
CryptAcquireContextW
RegSetValueExA
RegDeleteValueA
RegCreateKeyExA
RegOpenKeyExA
RegEnumValueA
RegEnumKeyExA
RegQueryInfoKeyA
PrintDlgA
PageSetupDlgA
GetOpenFileNameA
ChooseColorA
CommDlgExtendedError
PrintDlgExA
GetSaveFileNameA
CertEnumCertificatesInStore
CertVerifyCRLTimeValidity
CertCloseStore
CertEnumCRLsInStore
CertOpenSystemStoreW
CertVerifyTimeValidity
PolyPolyline
SetMapMode
GetWindowOrgEx
CreateMetaFileA
PlayEnhMetaFileRecord
SetTextAlign
GetTextMetricsA
CombineRgn
GetObjectType
EndDoc
StretchDIBits
CreateDIBitmap
ExtCreateRegion
GetEnhMetaFileBits
GetDCOrgEx
StretchBlt
GetTextFaceA
Pie
SetWindowExtEx
Arc
WidenPath
ExtCreatePen
SetBkColor
SetWinMetaFileBits
SetRectRgn
DeleteEnhMetaFile
TextOutW
CreateFontIndirectW
SetStretchBltMode
TextOutA
CreateFontIndirectA
CreateRectRgnIndirect
EndPath
CloseMetaFile
TranslateCharsetInfo
SetBkMode
GetRegionData
BitBlt
EnumFontFamiliesA
GetObjectA
CreateEnhMetaFileW
CreateBrushIndirect
CreateEnhMetaFileA
ExtSelectClipRgn
CloseEnhMetaFile
SetROP2
ExtEscape
SetDIBitsToDevice
GetCharWidth32A
SetViewportExtEx
GetWindowExtEx
GetTextCharset
GetClipBox
Rectangle
GetDeviceCaps
CreateDCA
LineTo
DeleteDC
StartPage
GetObjectW
CreatePatternBrush
OffsetRgn
SetEnhMetaFileBits
CreateBitmap
GetStockObject
PlayEnhMetaFile
UnrealizeObject
GdiFlush
SelectClipRgn
RoundRect
EndPage
GetTextExtentPoint32A
GetEnhMetaFileHeader
SetWindowOrgEx
SelectObject
GetTextExtentPoint32W
LPtoDP
CreateICA
Polygon
GetRgnBox
SaveDC
MaskBlt
EnumEnhMetaFile
RestoreDC
SelectClipPath
CreateDIBSection
SetTextColor
MoveToEx
SetViewportOrgEx
CreateCompatibleDC
BeginPath
SetBrushOrgEx
CreateRectRgn
DeleteObject
StartDocA
CreateCompatibleBitmap
CreateSolidBrush
Polyline
AbortDoc
Ellipse
DeleteMetaFile
ImmSetCompositionWindow
ImmNotifyIME
ImmGetCompositionStringA
ImmGetContext
ImmGetProperty
ImmSetCandidateWindow
ImmReleaseContext
ImmGetCompositionStringW
GetNetworkParams
GetAdaptersInfo
CreateFiberEx
SwitchToFiber
GetConsoleOutputCP
ReleaseMutex
FileTimeToSystemTime
GetFileAttributesA
DeleteFiber
GetDriveTypeA
FindFirstFileW
HeapDestroy
GetFileAttributesW
GetExitCodeProcess
GetStdHandle
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
SetErrorMode
GetFileInformationByHandle
GetLocaleInfoW
GetFullPathNameA
IsDBCSLeadByteEx
GetTempPathA
WideCharToMultiByte
GetStringTypeA
GetDiskFreeSpaceW
WriteFile
WaitForSingleObject
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
SetFileAttributesA
SetEvent
MoveFileA
ResumeThread
GetLogicalDriveStringsA
InitializeCriticalSection
FindClose
InterlockedDecrement
SetLastError
PeekNamedPipe
OpenThread
GetNamedPipeInfo
Beep
CopyFileA
ExitProcess
GetVersionExA
GetModuleFileNameA
EnumSystemLocalesA
LoadLibraryExA
SetThreadPriority
GetUserDefaultLCID
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
CreateMutexA
GetModuleHandleA
CreateThread
SetEnvironmentVariableW
CreatePipe
SetUnhandledExceptionFilter
MulDiv
GetSystemDirectoryA
SetHandleInformation
SetEnvironmentVariableA
TerminateProcess
ConvertThreadToFiber
GlobalAlloc
CreateEventW
SetEndOfFile
GetCurrentThreadId
InterlockedIncrement
SetCurrentDirectoryA
WriteConsoleW
HeapFree
EnterCriticalSection
SetHandleCount
TerminateThread
FreeLibrary
QueryPerformanceCounter
GetTickCount
TlsAlloc
FlushFileBuffers
LoadLibraryA
RtlUnwind
ExitThread
GlobalSize
GetStartupInfoA
GetFileSize
OpenProcess
CreateDirectoryA
DeleteFileA
GetWindowsDirectoryA
GetCPInfo
GetProcAddress
GetProcessHeap
CompareStringW
GlobalReAlloc
FreeEnvironmentStringsW
FindFirstFileA
lstrcpyA
GetProfileStringA
ResetEvent
CreateFileMappingA
FindNextFileA
IsValidLocale
DuplicateHandle
GlobalLock
SetCommTimeouts
GetTimeZoneInformation
SetCommState
WriteConsoleA
IsDebuggerPresent
GetFileType
TlsSetValue
CreateFileA
HeapAlloc
LeaveCriticalSection
BuildCommDCBA
GetLastError
LCMapStringW
HeapCreate
lstrlenA
GlobalFree
GetConsoleCP
LCMapStringA
FindNextFileW
GetEnvironmentStringsW
GlobalUnlock
GetCommState
RemoveDirectoryA
GetShortPathNameA
FileTimeToLocalFileTime
GetEnvironmentStrings
GetCurrentProcessId
GetCurrentDirectoryA
HeapSize
GetCommandLineA
RaiseException
MapViewOfFile
TlsFree
SetFilePointer
ReadFile
CloseHandle
GetACP
GetModuleHandleW
SetStdHandle
CreateProcessA
IsValidCodePage
UnmapViewOfFile
VirtualFree
Sleep
SetConsoleCtrlHandler
VirtualAlloc
GetOEMCP
CompareStringA
AlphaBlend
VariantClear
VariantChangeType
SysStringLen
VariantInit
SysAllocStringLen
UuidToStringA
RpcStringFreeA
ShellExecuteExA
SHGetSpecialFolderLocation
SHBrowseForFolderA
DragQueryFileA
SHGetPathFromIDListA
SHGetMalloc
ShellExecuteA
Shell_NotifyIconA
RedrawWindow
SetWindowRgn
SetWindowPos
DispatchMessageA
EndPaint
ScrollWindowEx
WindowFromPoint
GetMessageTime
SetActiveWindow
DispatchMessageW
GetAsyncKeyState
ReleaseDC
SendMessageA
GetClientRect
GetKeyboardState
GetActiveWindow
GetUpdateRgn
MsgWaitForMultipleObjects
GetMenuItemInfoA
InvalidateRgn
DestroyWindow
GetMessageA
GetParent
UpdateWindow
ShowWindow
GetClipboardFormatNameA
PeekMessageW
EnableWindow
PeekMessageA
TranslateMessage
GetWindow
InsertMenuItemA
SetParent
RegisterClassW
GetWindowPlacement
IsIconic
RegisterClassA
GetWindowLongA
CreateWindowExA
GetKeyboardLayout
FillRect
DeferWindowPos
IsWindowUnicode
CreateWindowExW
GetWindowLongW
SetFocus
SetCapture
BeginPaint
OffsetRect
DefWindowProcW
KillTimer
RegisterWindowMessageA
DefWindowProcA
GetSystemMetrics
SetWindowLongW
GetWindowRect
PostMessageA
ReleaseCapture
SetWindowLongA
CreatePopupMenu
SetWindowTextW
ClientToScreen
FindWindowExA
LoadCursorA
LoadIconA
TrackPopupMenu
PostThreadMessageW
GetMenuItemCount
GetDesktopWindow
GetSystemMenu
GetDC
SetForegroundWindow
PostThreadMessageA
GetCursorPos
GetCaretBlinkTime
IntersectRect
SetLayeredWindowAttributes
CreateIconIndirect
ScreenToClient
FindWindowA
MessageBeep
BeginDeferWindowPos
RegisterClipboardFormatA
MoveWindow
MessageBoxA
AdjustWindowRectEx
GetKeyState
EndDeferWindowPos
SystemParametersInfoA
UpdateLayeredWindow
GetDoubleClickTime
DestroyIcon
IsWindowVisible
SetCursorPos
SetRect
InvalidateRect
wsprintfA
SendMessageTimeoutA
SetWindowTextA
EnableMenuItem
GetFocus
SetCursor
ScriptPlace
ScriptBreak
ScriptStringAnalyse
ScriptFreeCache
ScriptLayout
ScriptItemize
ScriptStringOut
ScriptShape
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA
timeKillEvent
waveOutSetVolume
waveOutReset
waveOutOpen
waveOutClose
waveOutUnprepareHeader
timeGetTime
timeSetEvent
timeEndPeriod
waveOutPrepareHeader
mciGetErrorStringA
waveOutGetVolume
waveOutWrite
mciSendCommandA
mciSendStringA
timeBeginPeriod
EnumPrintersA
OpenPrinterA
Ord(203)
DocumentPropertiesA
DeviceCapabilitiesA
Ord(201)
ClosePrinter
htonl
accept
ioctlsocket
WSAStartup
connect
getsockname
htons
inet_ntoa
select
gethostname
closesocket
inet_addr
send
getservbyport
ntohs
WSAGetLastError
gethostbyaddr
listen
__WSAFDIsSet
WSAAsyncSelect
gethostbyname
WSASetLastError
recv
WSAIoctl
setsockopt
socket
getpeername
bind
recvfrom
sendto
getservbyname
CloseColorProfile
OpenColorProfileA
DeleteColorTransform
CreateMultiProfileTransform
GetColorProfileHeader
TranslateBitmapBits
ProgIDFromCLSID
OleUninitialize
CoTaskMemFree
OleInitialize
OleFlushClipboard
ReleaseStgMedium
CoCreateGuid
RegisterDragDrop
CLSIDFromProgID
CoLockObjectExternal
DoDragDrop
RevokeDragDrop
OleGetClipboard
OleIsCurrentClipboard
CoCreateInstance
OleSetClipboard
Number of PE resources by type
RT_ICON 10
RT_GROUP_ICON 2
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 14
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
8.0

ImageVersion
0.0

FileVersionNumber
0.3.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
495616

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
0.3.0.0

TimeStamp
2013:08:23 15:14:54+01:00

FileType
Win32 EXE

PEType
PE32

FileAccessDate
2015:01:17 02:49:24+01:00

ProductVersion
0.3.0.0

SubsystemVersion
4.0

OSVersion
4.0

FileCreateDate
2015:01:17 02:49:24+01:00

FileOS
Windows NT 32-bit

LegalCopyright
2013 All rights reserved worldwide

MachineType
Intel 386 or later, and compatibles

CodeSize
1892352

FileSubtype
0

ProductVersionNumber
0.3.0.0

EntryPoint
0x19fcdb

ObjectFileType
Executable application

File identification
MD5 e376cbb0ae6b5a6855802e56c7d3768a
SHA1 269a0ebaaa453559dbc3fc03e92df4d5031906f9
SHA256 d841ae0e679edd93cbed7b60b1950ab91586c5d9c7f9f063ac66e6f0ea166cf7
ssdeep
24576:Ou00QgTFfP81uCZzxr4/DMLji83v6GMtbQc/Ynm5oeD2nlDvbnWYD0TRnPhNlb/Y:O7zKwXf6GfJd094t6yfWyrT3pS

authentihash ad038151b270729700b2cf2ac47878f6498256670945ebe87813efd792b0b409
imphash a147f12344854d14e87155cf9b7e9eed
File size 2.3 MB ( 2379776 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID InstallShield setup (48.1%)
Win32 Executable MS Visual C++ (generic) (34.9%)
Win32 Dynamic Link Library (generic) (7.3%)
Win32 Executable (generic) (5.0%)
Generic Win/DOS Executable (2.2%)
Tags
peexe

VirusTotal metadata
First submission 2013-08-26 13:00:18 UTC ( 1 year, 7 months ago )
Last submission 2015-01-17 01:49:24 UTC ( 3 months ago )
File names 03_32.exe
Sneaksy 03_32.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.