× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: da7ab88828ad5e4ff9ccd6957927db41fe1899986a2a2738a4a79ac5fe2fb7f5
File name: ks.exe
Detection ratio: 15 / 57
Analysis date: 2015-03-02 21:10:26 UTC ( 3 years, 7 months ago ) View latest
Antivirus Result Update
Avast Win32:Malware-gen 20150302
AVG Inject2.BRBL 20150302
Avira (no cloud) TR/Crypt.XPACK.Gen 20150302
Baidu-International Trojan.Win32.Zbot.vckj 20150302
DrWeb Trojan.PWS.Panda.2401 20150302
ESET-NOD32 a variant of Win32/Injector.BVBN 20150302
Fortinet W32/BVBN!tr 20150302
K7AntiVirus Trojan ( 004b6cd41 ) 20150302
K7GW Trojan ( 004b6cd41 ) 20150302
Kaspersky Trojan-Spy.Win32.Zbot.vckj 20150302
McAfee Artemis!7FC48AD8666B 20150302
McAfee-GW-Edition BehavesLike.Win32.Packed.fh 20150302
Qihoo-360 HEUR/QVM20.1.Malware.Gen 20150302
Rising PE:Malware.XPACK-LNR/Heur!1.5594 20150302
TrendMicro-HouseCall Suspicious_GEN.F47V0302 20150302
Ad-Aware 20150302
AegisLab 20150302
Yandex 20150228
AhnLab-V3 20150302
Alibaba 20150302
ALYac 20150302
Antiy-AVL 20150302
AVware 20150228
BitDefender 20150302
Bkav 20150302
ByteHero 20150302
CAT-QuickHeal 20150302
ClamAV 20150302
CMC 20150301
Comodo 20150302
Cyren 20150302
Emsisoft 20150302
F-Prot 20150302
F-Secure 20150302
GData 20150302
Ikarus 20150302
Jiangmin 20150301
Kingsoft 20150302
Malwarebytes 20150302
Microsoft 20150302
eScan 20150302
NANO-Antivirus 20150302
Norman 20150302
nProtect 20150302
Panda 20150302
Sophos AV 20150302
SUPERAntiSpyware 20150301
Symantec 20150302
Tencent 20150302
TheHacker 20150302
TotalDefense 20150302
TrendMicro 20150302
VBA32 20150302
VIPRE 20150302
ViRobot 20150302
Zillya 20150302
Zoner 20150302
The file being studied is a Portable Executable file! More specifically, it is a DOS EXE file.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2004-01-16 16:59:18
Entry Point 0x000010C3
Number of sections 5
PE sections
PE imports
RegCreateKeyExW
RegDeleteValueW
RegCloseKey
OpenProcessToken
RegSetValueExW
RegQueryInfoKeyW
RegQueryValueExA
RegEnumKeyExW
RegOpenKeyExW
EqualSid
RegOpenKeyExA
RegQueryValueExW
ImageList_Create
InitCommonControlsEx
ImageList_Destroy
ImageList_Add
GetDeviceCaps
DeleteDC
CreateFontIndirectW
SelectObject
GetStockObject
GetObjectW
CreateCompatibleDC
DeleteObject
GetStartupInfoA
LCMapStringW
GetConsoleMode
GetStringTypeW
GetStringTypeA
GetModuleHandleA
OutputDebugStringW
GetCommandLineW
VirtualFree
SetErrorMode
ExitProcess
MulDiv
GetCommandLineA
GetVersion
VirtualAlloc
WriteConsoleW
HeapDestroy
ReleaseDC
SetWindowTextA
GetParent
LoadIconA
LoadStringA
GetClientRect
MessageBoxA
GetWindowRect
GetDlgItem
SetForegroundWindow
LoadCursorA
UnregisterClassA
GetDC
RegisterClassExA
Number of PE resources by type
RT_HTML 1
Number of PE resources by language
NEUTRAL 1
PE resources
File identification
MD5 7fc48ad8666bbb1bb8732fd35e3aabcb
SHA1 375d227d94ac9ddebf257f776207699ec019d923
SHA256 da7ab88828ad5e4ff9ccd6957927db41fe1899986a2a2738a4a79ac5fe2fb7f5
ssdeep
6144:GAwmpMuAwd5Uednz5TWD+wylawjXCOdFjUmEUuYs38SdioV6M:GA1MNwTb1TWDmwmEUNs3pTV6M

authentihash f9f50a788e1b823d0ad572cc093a4e8b1bffb7877d59543d0e088e3b800fec65
imphash 226f76ca4c1697fb9490e34a5aee6675
File size 344.5 KB ( 352768 bytes )
File type DOS EXE
Magic literal
MS-DOS executable

TrID Win32 Executable (generic) (52.7%)
Generic Win/DOS Executable (23.4%)
DOS Executable Generic (23.4%)
Sybase iAnywhere database files (0.2%)
Targa bitmap (Original TGA Format) (0.0%)
Tags
mz

VirusTotal metadata
First submission 2015-03-02 03:05:17 UTC ( 3 years, 7 months ago )
Last submission 2015-03-06 16:48:42 UTC ( 3 years, 7 months ago )
File names ks.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
HTTP requests
DNS requests
TCP connections