× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: d9481fde5f4ddbed764f2aa0bf211c209446b952edb4b17b738584dfc0130f64
File name: 11943004
Detection ratio: 5 / 53
Analysis date: 2014-05-30 08:56:25 UTC ( 4 years, 9 months ago ) View latest
Antivirus Result Update
McAfee Artemis!6B4ED70CB8B4 20140530
McAfee-GW-Edition Artemis!6B4ED70CB8B4 20140530
Symantec WS.Reputation.1 20140530
TheHacker Trojan/PSW.Agent.mns 20140529
TotalDefense Win32/Agent.BTW 20140529
Ad-Aware 20140530
AegisLab 20140530
Yandex 20140529
AhnLab-V3 20140530
AntiVir 20140530
Antiy-AVL 20140530
Avast 20140530
AVG 20140530
Baidu-International 20140530
BitDefender 20140530
Bkav 20140529
ByteHero 20140530
CAT-QuickHeal 20140530
ClamAV 20140530
CMC 20140530
Commtouch 20140530
Comodo 20140530
DrWeb 20140530
Emsisoft 20140530
ESET-NOD32 20140530
F-Prot 20140530
F-Secure 20140530
Fortinet 20140530
GData 20140530
Ikarus 20140530
Jiangmin 20140530
K7AntiVirus 20140529
K7GW 20140529
Kaspersky 20140530
Kingsoft 20140530
Malwarebytes 20140530
Microsoft 20140530
eScan 20140530
NANO-Antivirus 20140530
Norman 20140530
nProtect 20140529
Panda 20140530
Qihoo-360 20140530
Rising 20140529
Sophos AV 20140530
SUPERAntiSpyware 20140530
Tencent 20140530
TrendMicro 20140530
TrendMicro-HouseCall 20140530
VBA32 20140530
VIPRE 20140530
ViRobot 20140530
Zillya 20140529
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
PEiD Armadillo v1.71
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2002-04-07 00:20:42
Entry Point 0x0003B8D9
Number of sections 3
PE sections
Overlays
MD5 a2a04dfcbf20c33ec3f856853df8c863
File type data
Offset 408064
Size 16098
Entropy 7.70
PE imports
RegOpenKeyA
RegCloseKey
RegQueryValueA
RegQueryValueExA
RegSetValueA
RegSetValueExA
GetFileSecurityA
RegCreateKeyExA
RegCreateKeyA
RegOpenKeyExA
SetFileSecurityA
GetWindowExtEx
SetMapMode
PatBlt
SetViewportExtEx
SaveDC
TextOutA
CreateFontIndirectA
GetTextMetricsA
CreateRectRgnIndirect
LPtoDP
CombineRgn
GetClipBox
GetDeviceCaps
ExcludeClipRect
OffsetViewportOrgEx
DeleteDC
RestoreDC
GetMapMode
SelectObject
IntersectClipRect
BitBlt
GetCharWidthA
SetTextColor
CreatePatternBrush
GetObjectA
RectVisible
CreateBitmap
CreateFontA
GetStockObject
SetViewportOrgEx
ScaleWindowExtEx
SetBkColor
ExtTextOutA
PtVisible
SelectClipRgn
CreateCompatibleDC
StretchDIBits
ScaleViewportExtEx
CreateRectRgn
DeleteObject
GetTextExtentPoint32A
CreateCompatibleBitmap
SetWindowExtEx
GetTextColor
DPtoLP
Escape
GetViewportExtEx
GetBkColor
SetRectRgn
GetStdHandle
ReleaseMutex
FileTimeToSystemTime
GetFileAttributesA
GetDriveTypeA
HeapDestroy
IsBadCodePtr
GetLocalTime
FreeEnvironmentStringsA
DeleteCriticalSection
GetDiskFreeSpaceA
GetCurrentDirectoryA
LocalAlloc
lstrcatA
SetErrorMode
_llseek
FreeEnvironmentStringsW
SetStdHandle
GetFileTime
GetTempPathA
GetCPInfo
GetStringTypeA
WriteFile
_lopen
HeapReAlloc
GetStringTypeW
GetFullPathNameA
FreeLibrary
LocalFree
MoveFileA
InitializeCriticalSection
LoadResource
GlobalHandle
FindClose
TlsGetValue
FormatMessageA
GetStringTypeExA
OutputDebugStringA
SetLastError
GetSystemTime
CopyFileA
HeapAlloc
GetModuleFileNameA
GetVolumeInformationA
GetPrivateProfileStringA
WriteProfileStringA
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
CreateMutexA
GetModuleHandleA
_lclose
SetFileAttributesA
GlobalAddAtomA
SetUnhandledExceptionFilter
GetCurrentProcess
MulDiv
GetSystemDirectoryA
SetEnvironmentVariableA
TerminateProcess
GlobalAlloc
LocalFileTimeToFileTime
SetEndOfFile
GetVersion
InterlockedIncrement
SetCurrentDirectoryA
HeapFree
EnterCriticalSection
SetHandleCount
lstrcmpiA
GetOEMCP
GetTickCount
IsBadWritePtr
TlsAlloc
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetStartupInfoA
UnlockFile
WinExec
GetFileSize
GlobalDeleteAtom
GetPrivateProfileIntA
CreateDirectoryA
DeleteFileA
GetWindowsDirectoryA
GetProcAddress
_lread
CompareStringW
GlobalReAlloc
_lcreat
lstrcmpA
FindFirstFileA
lstrcpyA
GetProfileStringA
CompareStringA
GetTempFileNameA
FindNextFileA
DuplicateHandle
GlobalLock
RemoveDirectoryA
GetTimeZoneInformation
GlobalFindAtomA
GetFileType
TlsSetValue
CreateFileA
ExitProcess
LeaveCriticalSection
GetLastError
LocalReAlloc
SystemTimeToFileTime
LCMapStringW
lstrlenA
GlobalFree
LCMapStringA
GlobalGetAtomNameA
GetThreadLocale
GetEnvironmentStringsW
GlobalUnlock
LockFile
lstrlenW
GetShortPathNameA
_lwrite
GetEnvironmentStrings
WritePrivateProfileStringA
LockResource
SetFileTime
WideCharToMultiByte
HeapSize
GetCommandLineA
GetCurrentThread
OpenMutexA
RaiseException
TlsFree
SetFilePointer
ReadFile
GlobalFlags
CloseHandle
lstrcpynA
GetACP
GetCurrentThreadId
FileTimeToLocalFileTime
HeapCreate
VirtualFree
Sleep
IsBadReadPtr
GetProcessVersion
FindResourceA
VirtualAlloc
VariantChangeType
SafeArrayAccessData
SafeArrayGetLBound
SysStringLen
SysAllocStringLen
SafeArrayGetUBound
SafeArrayUnaccessData
VariantClear
SysAllocString
SafeArrayDestroy
SafeArrayCreate
VariantCopy
SysFreeString
SafeArrayGetElemsize
VariantTimeToSystemTime
SafeArrayGetDim
SafeArrayPutElement
SysAllocStringByteLen
VariantInit
Ord(253)
SHGetFileInfoA
ExtractIconA
DragFinish
ShellExecuteA
DragQueryFileA
SetFocus
GetMessagePos
SetMenuItemBitmaps
SetRectEmpty
DestroyMenu
PostQuitMessage
GetForegroundWindow
LoadBitmapA
SetWindowPos
GetNextDlgTabItem
IsWindow
DispatchMessageA
EndPaint
SetMenuItemInfoA
GrayStringA
WindowFromPoint
CopyRect
GetMessageTime
SetActiveWindow
GetDC
GetCursorPos
DrawTextA
GetDlgCtrlID
GetClassInfoA
GetMenu
CreateWindowExA
IsClipboardFormatAvailable
SendMessageA
GetClientRect
SetScrollPos
CallNextHookEx
LoadAcceleratorsA
GetWindowTextLengthA
CopyAcceleratorTableA
ClientToScreen
GetTopWindow
LockWindowUpdate
ScrollWindow
GetWindowTextA
PtInRect
IsRectEmpty
GetParent
UpdateWindow
SetPropA
EqualRect
ShowWindow
GetPropA
GetNextDlgGroupItem
GetMenuState
EnableWindow
SetWindowPlacement
LoadImageA
PeekMessageA
TranslateMessage
IsWindowEnabled
GetWindow
CharUpperA
CreatePopupMenu
LoadStringA
SetParent
IsZoomed
GetWindowPlacement
EnableMenuItem
RegisterClassA
TabbedTextOutA
GetSubMenu
GetDCEx
GetActiveWindow
ShowOwnedPopups
CharNextA
DeferWindowPos
ReleaseDC
UnregisterClassA
DestroyWindow
IsChild
IsDialogMessageA
MapWindowPoints
GetMessageA
PostMessageA
BeginPaint
OffsetRect
GetScrollPos
KillTimer
RegisterWindowMessageA
DefWindowProcA
SetClipboardViewer
SendDlgItemMessageA
GetSystemMetrics
IsIconic
SetScrollRange
GetWindowRect
InflateRect
SetCapture
ReleaseCapture
IntersectRect
SetWindowLongA
GetScrollInfo
RemovePropA
SetWindowTextA
CheckMenuItem
GetWindowLongA
GetLastActivePopup
SetTimer
GetDlgItem
GetMenuCheckMarkDimensions
BringWindowToTop
ScreenToClient
GetClassLongA
GetCapture
FindWindowExA
LoadCursorA
LoadIconA
TrackPopupMenu
SetWindowsHookExA
GetMenuItemCount
GetDesktopWindow
ReuseDDElParam
GetMenuItemID
SetForegroundWindow
PostThreadMessageA
OpenClipboard
EmptyClipboard
MapDialogRect
GetScrollRange
EndDialog
LoadMenuA
SetWindowContextHelpId
CreateDialogIndirectParamA
FindWindowA
MessageBeep
GetSysColorBrush
ShowScrollBar
AppendMenuA
UnhookWindowsHookEx
RegisterClipboardFormatA
MoveWindow
MessageBoxA
GetWindowDC
ChangeClipboardChain
AdjustWindowRectEx
GetSysColor
SetScrollInfo
GetKeyState
EndDeferWindowPos
SystemParametersInfoA
DestroyIcon
BeginDeferWindowPos
UnpackDDElParam
WinHelpA
UnionRect
SetRect
InvalidateRect
wsprintfA
TranslateAcceleratorA
ValidateRect
CallWindowProcA
GetClassNameA
GetFocus
CloseClipboard
IsWindowVisible
ModifyMenuA
SetMenu
SetCursor
DeleteUrlCacheEntry
OpenPrinterA
DocumentPropertiesA
ClosePrinter
GetOpenFileNameA
PrintDlgA
GetFileTitleA
GetSaveFileNameA
CommDlgExtendedError
OleUninitialize
CoCreateInstance
StgCreateDocfileOnILockBytes
CoRevokeClassObject
OleFlushClipboard
CLSIDFromProgID
CoFreeUnusedLibraries
CoRegisterMessageFilter
StgOpenStorageOnILockBytes
OleIsCurrentClipboard
CoTaskMemAlloc
OleInitialize
CLSIDFromString
CoTaskMemFree
CreateILockBytesOnHGlobal
CoGetClassObject
PE exports
Number of PE resources by type
RT_STRING 4
RT_DIALOG 2
RT_ICON 1
RT_MENU 1
RT_ACCELERATOR 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 10
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2002:04:07 01:20:42+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
0

LinkerVersion
6.0

FileTypeExtension
exe

InitializedDataSize
1785856

SubsystemVersion
4.0

EntryPoint
0x3b8d9

OSVersion
4.0

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 6b4ed70cb8b46d304d5ab9d38aecb52d
SHA1 6718b6f109b572810dd1f1b42bd9cce2d14d0e62
SHA256 d9481fde5f4ddbed764f2aa0bf211c209446b952edb4b17b738584dfc0130f64
ssdeep
6144:m/GzBKRBM7s3mRr+ol8B55sc+IDpKo/AAODMQ7Mp4ZlJAKEI/q5Dj83WIg:LbwWRS5sc+ID9NODMQ7XJAK4gWIg

authentihash a0458c58522d01e46e5c24b8368b2550b378a1bb5d553d1e74f3947ee299ea06
imphash 63891b14c9e835ce68f40823373fe185
File size 414.2 KB ( 424162 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.4%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe armadillo overlay

VirusTotal metadata
First submission 2012-12-16 15:07:58 UTC ( 6 years, 3 months ago )
Last submission 2016-04-20 12:08:56 UTC ( 2 years, 11 months ago )
File names uUz1.reg
11943004
chmod.exe
chmod.exe
d9481fde5f4ddbed764f2aa0bf211c209446b952edb4b17b738584dfc0130f64
6b4ed70cb8b46d304d5ab9d38aecb52d
RCrtASBkSt.kwu
output.11943004.txt
Advanced heuristic and reputation engines
TrendMicro-HouseCall
TrendMicro's heuristic engine has flagged this file as: Suspicious_GEN.F47V0416.

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Opened mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
UDP communications