× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: da18a90611ca33ddbc8ea7be63d7251580af54f3837d1bdab48d69976d508848
File name: da18a90611ca33ddbc8ea7be63d7251580af54f3837d1bdab48d69976d508848.exe
Detection ratio: 50 / 61
Analysis date: 2017-05-23 21:08:53 UTC ( 6 days, 1 hour ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Strictor.39548 20170523
AegisLab Backdoor.W32.DarkKomet.rzq!c 20170523
AhnLab-V3 Dropper/Breut.726013 20170523
ALYac Gen:Variant.Strictor.39548 20170523
Antiy-AVL Trojan[Backdoor]/Win32.DarkKomet 20170523
Arcabit Trojan.Strictor.D9A7C 20170523
Avast Win32:Malware-gen 20170523
AVG Logger.AHYI 20170523
Avira (no cloud) BDS/Fynloski.A.7515 20170523
AVware Trojan.Win32.Generic!BT 20170523
BitDefender Gen:Variant.Strictor.39548 20170523
CAT-QuickHeal Backdoor.DarkKomet 20170523
Comodo UnclassifiedMalware 20170523
CrowdStrike Falcon (ML) malicious_confidence_98% (W) 20170130
Cyren W32/Trojan.PUZD-3404 20170523
DrWeb Trojan.Siggen4.48090 20170523
Emsisoft Gen:Variant.Strictor.39548 (B) 20170523
Endgame malicious (high confidence) 20170515
ESET-NOD32 Win32/Injector.AJQQ 20170523
F-Secure Gen:Variant.Strictor.39548 20170523
Fortinet W32/Injector.YUP!tr 20170523
GData Gen:Variant.Strictor.39548 20170523
Ikarus Trojan.Win32.Injector 20170523
Invincea backdoor.win32.fynloski.a 20170519
Jiangmin Backdoor/DarkKomet.elw 20170523
K7AntiVirus Trojan ( 004c1cf71 ) 20170523
K7GW Trojan ( 004c1cf71 ) 20170523
Kaspersky Trojan.Win32.VB.bzdo 20170523
McAfee Artemis!02C2EE77CF5A 20170523
McAfee-GW-Edition RDN/Generic.bfr!il 20170523
eScan Gen:Variant.Strictor.39548 20170523
NANO-Antivirus Trojan.Win32.DarkKomet.ecimcw 20170523
Palo Alto Networks (Known Signatures) generic.ml 20170523
Panda Trj/CI.A 20170523
Qihoo-360 Win32/Trojan.b16 20170523
Rising Trojan.Generic (cloud:xdOcOjbFALK) 20170523
SentinelOne (Static ML) static engine - malicious 20170516
Sophos Mal/Generic-S 20170523
Symantec Backdoor.Breut 20170523
Tencent Win32.Trojan.Vb.Fhy 20170523
TotalDefense Win32/Smalldoor.VD 20170523
TrendMicro TROJ_SPNR.05DD13 20170523
TrendMicro-HouseCall Suspicious_GEN.F47V0320 20170523
VBA32 Trojan.VB 20170523
VIPRE Trojan.Win32.Generic!BT 20170523
ViRobot Dropper.S.Agent.726013[h] 20170523
Webroot W32.Malware.Gen 20170523
Yandex Trojan.VB!biSuwW+aU9c 20170518
Zillya Trojan.VB.Win32.102999 20170523
ZoneAlarm by Check Point Trojan.Win32.VB.bzdo 20170523
Alibaba 20170523
Bkav 20170523
ClamAV 20170523
CMC 20170523
F-Prot 20170523
Kingsoft 20170523
Malwarebytes 20170523
Microsoft 20170523
nProtect 20170523
SUPERAntiSpyware 20170523
Symantec Mobile Insight 20170523
TheHacker 20170522
Trustlook 20170523
WhiteArmor 20170517
Zoner 20170523
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
F-PROT RAR, UPX
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-01-09 13:44:06
Entry Point 0x0000B3C1
Number of sections 5
PE sections
Overlays
MD5 0c906401d9c36e272fe43e43efa8c6c4
File type application/x-rar
Offset 358912
Size 367101
Entropy 8.00
PE imports
RegCreateKeyExW
RegCloseKey
OpenProcessToken
RegSetValueExW
RegOpenKeyExW
SetFileSecurityW
AdjustTokenPrivileges
LookupPrivilegeValueW
SetFileSecurityA
RegQueryValueExW
InitCommonControlsEx
GetSaveFileNameW
CommDlgExtendedError
GetOpenFileNameW
GetDeviceCaps
DeleteDC
SelectObject
StretchBlt
GetObjectW
CreateCompatibleDC
DeleteObject
CreateCompatibleBitmap
SetFilePointer
GetSystemTime
GetLastError
HeapFree
GetStdHandle
DosDateTimeToFileTime
ReadFile
FileTimeToSystemTime
GetModuleFileNameW
WaitForSingleObject
GetVersionExW
GetExitCodeProcess
FindNextFileA
CompareStringW
HeapAlloc
SystemTimeToFileTime
IsDBCSLeadByte
GetCommandLineW
GetFileAttributesW
GetCurrentProcess
FileTimeToLocalFileTime
MoveFileW
OpenFileMappingW
SetFileAttributesA
GetDateFormatW
CreateDirectoryA
DeleteFileA
GetCPInfo
ExitProcess
MultiByteToWideChar
SetEnvironmentVariableW
CreateDirectoryW
DeleteFileW
GetProcAddress
GetProcessHeap
CreateFileMappingW
GetTimeFormatW
WriteFile
SetFileAttributesW
CloseHandle
WideCharToMultiByte
MapViewOfFile
MoveFileExW
ExpandEnvironmentStringsW
FindNextFileW
SetEndOfFile
GetFileAttributesA
GetTempPathW
FindFirstFileA
FindFirstFileW
HeapReAlloc
GetModuleHandleW
GetFullPathNameA
FreeLibrary
GetCurrentDirectoryW
LoadLibraryW
SetCurrentDirectoryW
UnmapViewOfFile
FindResourceW
CreateFileW
GlobalAlloc
LocalFileTimeToFileTime
FindClose
Sleep
GetFileType
GetFullPathNameW
SetFileTime
CreateFileA
GetTickCount
GetLocaleInfoW
GetNumberFormatW
SetLastError
CompareStringA
VariantInit
SHBrowseForFolderW
SHChangeNotify
SHFileOperationW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
ShellExecuteExW
SHGetFileInfoW
SHGetMalloc
SHAutoComplete
SetFocus
MapWindowPoints
GetParent
UpdateWindow
EndDialog
LoadBitmapW
DefWindowProcW
GetWindowTextW
GetMessageW
ShowWindow
GetSystemMetrics
SetWindowPos
wvsprintfW
CharToOemBuffA
SetWindowLongW
IsWindow
SendMessageW
GetWindowRect
RegisterClassExW
CharUpperW
DialogBoxParamW
CharToOemBuffW
wvsprintfA
SendDlgItemMessageW
GetDlgItemTextW
PostMessageW
GetSysColor
SetDlgItemTextW
GetDC
ReleaseDC
DestroyIcon
TranslateMessage
IsWindowVisible
LoadStringW
SetWindowTextW
GetDlgItem
GetWindow
MessageBoxW
DispatchMessageW
GetClassNameW
PeekMessageW
CharUpperA
GetClientRect
OemToCharA
EnableWindow
CopyRect
WaitForInputIdle
OemToCharBuffA
LoadCursorW
LoadIconW
FindWindowExW
CreateWindowExW
GetWindowLongW
SetForegroundWindow
DestroyWindow
CharToOemA
CreateStreamOnHGlobal
OleUninitialize
CoCreateInstance
OleInitialize
CLSIDFromString
Number of PE resources by type
RT_ICON 9
RT_DIALOG 6
RT_STRING 6
RT_MANIFEST 1
RT_BITMAP 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 13
NEUTRAL DEFAULT 11
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2012:01:09 14:44:06+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
72704

LinkerVersion
9.0

EntryPoint
0xb3c1

InitializedDataSize
285184

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
0

Compressed bundles
File identification
MD5 02c2ee77cf5aaf8ac03739640c46e822
SHA1 cf3d824cbc44c1a7457ec894fd3f139ccea9924d
SHA256 da18a90611ca33ddbc8ea7be63d7251580af54f3837d1bdab48d69976d508848
ssdeep
12288:kxaVAh64U5l4N85pz0ugMX6fOUzKToW3l9KMcaCLi:kxaVxr5CN85pwFMqGuKToC9KMcaCLi

authentihash 50dea6ec7759c65845cac4e222b36abb7f20a9d00f656015ecf9668ce377b4e2
imphash 2b8c9d9ab6fefc247adaf927e83dcea6
File size 709.0 KB ( 726013 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe upx overlay

VirusTotal metadata
First submission 2012-11-21 11:25:44 UTC ( 4 years, 6 months ago )
Last submission 2017-03-09 14:02:46 UTC ( 2 months, 3 weeks ago )
File names da18a90611ca33ddbc8ea7be63d7251580af54f3837d1bdab48d69976d508848.exe
01
1.exe
02c2ee77cf5aaf8ac03739640c46e822
اسماء بعض الممولين في سوريا والخارج المطلوبين لدى النظام السوري_m-fdp.scr
5_NOT_DETECTED.exe
vti-rescan
اسماء بعض المسلحين في سورية والخارج المطلوبين لدى النظام السوري2012_m-fdp.scr
da18a90611ca33ddbc8ea7be63d7251580af54f3837d1bdab48d69976d508848
e764a181-5d44-49d2-ab65-9d674c4e59e7
da18a90611ca33ddbc8ea7be63d7251580af54f3837d1bdab48d69976d508848.scr
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
UDP communications