× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: d8a64cc991daf99e1407b255a4df4241e7047dc6ba28ec591aa0005481e85f2f
File name: vt-upload-Je1to
Detection ratio: 18 / 51
Analysis date: 2014-04-28 05:37:24 UTC ( 4 years, 11 months ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Symmi.41109 20140428
AntiVir TR/Symmi.41109.4 20140428
AVG Crypt3.LYK 20140427
BitDefender Gen:Variant.Symmi.41109 20140428
Emsisoft Gen:Variant.Symmi.41109 (B) 20140428
ESET-NOD32 a variant of Win32/Kryptik.CAES 20140428
F-Secure Gen:Variant.Symmi.41109 20140427
GData Gen:Variant.Symmi.41109 20140428
Kaspersky HEUR:Trojan.Win32.Generic 20140428
Malwarebytes Spyware.Zbot.VXGen 20140428
McAfee Artemis!94DFAB6896F6 20140428
McAfee-GW-Edition Artemis!94DFAB6896F6 20140428
eScan Gen:Variant.Symmi.41109 20140428
Norman Kryptik.CDPX 20140428
Qihoo-360 Win32/Trojan.986 20140428
Sophos AV Mal/Generic-S 20140428
TrendMicro-HouseCall TROJ_GEN.R00JH07DR14 20140428
VIPRE Trojan.Win32.Generic!BT 20140428
AegisLab 20140428
Yandex 20140427
AhnLab-V3 20140427
Antiy-AVL 20140428
Avast 20140428
Baidu-International 20140427
Bkav 20140426
ByteHero 20140428
CAT-QuickHeal 20140428
ClamAV 20140428
CMC 20140424
Commtouch 20140428
Comodo 20140428
DrWeb 20140428
F-Prot 20140427
Fortinet 20140428
Ikarus 20140428
Jiangmin 20140428
K7AntiVirus 20140426
K7GW 20140426
Kingsoft 20140428
Microsoft 20140428
NANO-Antivirus 20140428
nProtect 20140427
Panda 20140427
Rising 20140427
SUPERAntiSpyware 20140427
Symantec 20140428
TheHacker 20140426
TotalDefense 20140427
TrendMicro 20140428
VBA32 20140425
ViRobot 20140428
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (C) 2014 DevAir Gmbh.

Publisher DevAir Gmbh.
Product LKG Assembly Graphics Designers
Original name lkgassemblygraphics
Internal name lkg assembly design
File version 1.0.3.3
Description LKG Assembly Graphics Designers
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-04-17 17:23:45
Entry Point 0x0000449F
Number of sections 6
PE sections
PE imports
PropertySheetA
GetOpenFileNameA
CommDlgExtendedError
SetGraphicsMode
CreateEllipticRgn
DeleteDC
GetBoundsRect
SelectObject
GetStockObject
CreateDIBitmap
CreateSolidBrush
Rectangle
BitBlt
DeleteObject
CreateCompatibleBitmap
SetTextColor
VerLanguageNameA
GetLastError
InitializeCriticalSection
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
SetHandleCount
LoadLibraryW
WaitForSingleObject
GetOEMCP
QueryPerformanceCounter
InitializeCriticalSectionAndSpinCount
GetTickCount
TlsAlloc
FlushFileBuffers
GetEnvironmentStringsW
GetVersionExA
GetModuleFileNameA
RtlUnwind
IsProcessorFeaturePresent
GetQueuedCompletionStatus
GetCurrentProcess
GetStartupInfoW
GetConsoleMode
DecodePointer
GetCurrentProcessId
CreateIoCompletionPort
WideCharToMultiByte
ExitProcess
TlsGetValue
MultiByteToWideChar
HeapSize
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
EncodePointer
GetProcessHeap
SetStdHandle
HeapSetInformation
RaiseException
UnhandledExceptionFilter
GetCPInfo
GetModuleFileNameW
TlsFree
SetFilePointer
DeleteCriticalSection
SetUnhandledExceptionFilter
WriteFile
CloseHandle
GetSystemTimeAsFileTime
GetACP
HeapReAlloc
GetStringTypeW
GetModuleHandleW
IsDebuggerPresent
TerminateProcess
GetConsoleCP
ResetEvent
IsValidCodePage
HeapCreate
SetLastError
CreateFileW
InterlockedDecrement
Sleep
GetFileType
TlsSetValue
HeapAlloc
GetCurrentThreadId
LeaveCriticalSection
WriteConsoleW
InterlockedIncrement
GetStateTextA
VariantInit
VariantClear
SHGetFileInfoA
ExtractIconA
SHQueryRecycleBinW
SHGetFolderLocation
Ord(155)
StrStrA
EnumDesktopsA
GetParent
EndDialog
LoadMenuA
KillTimer
GetNextDlgGroupItem
RegisterDeviceNotificationA
IsWindow
GetWindowRect
EnableWindow
SetMenu
SetDlgItemTextA
DrawIcon
WindowFromPoint
MessageBoxA
AppendMenuW
SetWindowLongA
IsWindowEnabled
GetDC
GetCursorPos
ReleaseDC
SetWindowTextA
GetMenu
GetSystemMetrics
SendMessageA
GetClientRect
GetDlgItem
IsIconic
InvalidateRect
GetSubMenu
LoadCursorA
LoadIconA
FillRect
SetWindowTextW
GetSystemMenu
GetMenuItemID
GetMenuItemCount
DrawThemeParentBackground
Number of PE resources by type
RT_MANIFEST 1
RT_STRING 1
RT_DIALOG 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 4
PE resources
ExifTool file metadata
SubsystemVersion
5.1

LinkerVersion
10.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.0.3.3

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
214016

FileOS
Windows NT 32-bit

MIMEType
application/octet-stream

LegalCopyright
Copyright (C) 2014 DevAir Gmbh.

FileVersion
1.0.3.3

TimeStamp
2014:04:17 18:23:45+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
lkg assembly design

FileAccessDate
2014:05:20 03:52:38+01:00

ProductVersion
1.0.3.3

FileDescription
LKG Assembly Graphics Designers

OSVersion
5.1

FileCreateDate
2014:05:20 03:52:38+01:00

OriginalFilename
lkgassemblygraphics

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
DevAir Gmbh.

CodeSize
47616

ProductName
LKG Assembly Graphics Designers

ProductVersionNumber
1.0.3.3

EntryPoint
0x449f

ObjectFileType
Executable application

File identification
MD5 94dfab6896f69f81eacd941a6175f389
SHA1 781bffa0b8f7f0b34623a64ea4a98fc0ba529122
SHA256 d8a64cc991daf99e1407b255a4df4241e7047dc6ba28ec591aa0005481e85f2f
ssdeep
6144:VVux10ynaJ3DlLDSnuz4QVWN0AzsFEY1SEzTkrq7:D3oyl3lzpWBzsmLEz

imphash aa55aa98ad981aeeed0deac57911a1e5
File size 256.5 KB ( 262656 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2014-04-28 05:37:24 UTC ( 4 years, 11 months ago )
Last submission 2014-04-28 05:37:24 UTC ( 4 years, 11 months ago )
File names lkgassemblygraphics
lkg assembly design
vt-upload-Je1to
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Moved files
Deleted files
Created processes
Shell commands
Code injections in the following processes
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Hooking activity
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.
HTTP requests
DNS requests
TCP connections