× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: d8649c9023fd19db397ef15ad1a059c8ed2df7fb9d7508be066942736d961f6a
File name: e4603f1ea3ea29686f9af40870d0cac3c3bbc0bf
Detection ratio: 3 / 55
Analysis date: 2014-09-16 22:31:06 UTC ( 4 years, 6 months ago ) View latest
Antivirus Result Update
Avast Win32:Malware-gen 20140916
ESET-NOD32 a variant of Win32/Kryptik.CLHC 20140916
Symantec WS.Reputation.1 20140916
Ad-Aware 20140916
AegisLab 20140916
Yandex 20140916
AhnLab-V3 20140916
Antiy-AVL 20140916
AVG 20140916
Avira (no cloud) 20140916
AVware 20140916
Baidu-International 20140916
BitDefender 20140916
Bkav 20140916
ByteHero 20140916
CAT-QuickHeal 20140916
ClamAV 20140916
CMC 20140916
Comodo 20140916
Cyren 20140916
DrWeb 20140916
Emsisoft 20140916
F-Prot 20140916
F-Secure 20140916
Fortinet 20140916
GData 20140916
Ikarus 20140916
Jiangmin 20140916
K7AntiVirus 20140916
K7GW 20140916
Kaspersky 20140916
Kingsoft 20140916
Malwarebytes 20140916
McAfee 20140916
McAfee-GW-Edition 20140916
Microsoft 20140916
eScan 20140916
NANO-Antivirus 20140916
Norman 20140916
nProtect 20140916
Panda 20140916
Qihoo-360 20140916
Rising 20140916
Sophos AV 20140916
SUPERAntiSpyware 20140916
Tencent 20140916
TheHacker 20140915
TotalDefense 20140916
TrendMicro 20140916
TrendMicro-HouseCall 20140916
VBA32 20140916
VIPRE 20140916
ViRobot 20140916
Zillya 20140916
Zoner 20140916
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-09-15 15:59:09
Entry Point 0x00007EF1
Number of sections 5
PE sections
Number of PE resources by type
RT_BITMAP 2
RT_ICON 1
RT_DIALOG 1
RT_MANIFEST 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 5
RUSSIAN 1
PE resources
File identification
MD5 5defddcac8b4a92f3f0ee031ae19fe74
SHA1 99937207f230e84fb769ed4b07ef16b06f44e080
SHA256 d8649c9023fd19db397ef15ad1a059c8ed2df7fb9d7508be066942736d961f6a
ssdeep
6144:uNjOv9l1QtkheA24O8zhtPGrNyj/e7GS24:v9l1Qtkh28/urNElSV

authentihash 47f48288a9d0a9c9b722980d973fed0e03cb3f9289ec3e493462f394b104d0cc
imphash 6b2f55649e831457d7cb827888f2fc7b
File size 280.5 KB ( 287232 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2014-09-16 22:31:06 UTC ( 4 years, 6 months ago )
Last submission 2014-09-30 10:06:59 UTC ( 4 years, 5 months ago )
File names d8649c9023fd19db397ef15ad1a059c8ed2df7fb9d7508be066942736d961f6a.exe
vti-rescan
e4603f1ea3ea29686f9af40870d0cac3c3bbc0bf
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
DNS requests