× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: dba5d3b96a6065660250d36d8eb56744a2b88f71bbd6fcced15394cb7efd0ea2
File name: alarm.exe
Detection ratio: 4 / 56
Analysis date: 2016-04-21 16:56:55 UTC ( 1 year, 1 month ago ) View latest
Antivirus Result Update
K7GW Trojan ( 700001211 ) 20160421
McAfee Suspect-AN!8DCE66933CD5 20160421
Qihoo-360 QVM19.1.Malware.Gen 20160421
Rising PE:Malware.XPACK-LNR/Heur!1.5594 [F] 20160421
Ad-Aware 20160421
AegisLab 20160421
AhnLab-V3 20160421
Alibaba 20160421
ALYac 20160421
Antiy-AVL 20160421
Arcabit 20160421
Avast 20160421
AVG 20160421
Avira (no cloud) 20160421
AVware 20160421
Baidu 20160421
Baidu-International 20160421
BitDefender 20160421
Bkav 20160421
CAT-QuickHeal 20160421
ClamAV 20160421
CMC 20160421
Comodo 20160421
Cyren 20160421
DrWeb 20160421
Emsisoft 20160421
ESET-NOD32 20160421
F-Prot 20160421
F-Secure 20160421
Fortinet 20160421
GData 20160421
Ikarus 20160421
Jiangmin 20160421
K7AntiVirus 20160421
Kaspersky 20160421
Kingsoft 20160421
Malwarebytes 20160421
McAfee-GW-Edition 20160421
Microsoft 20160420
eScan 20160421
NANO-Antivirus 20160421
nProtect 20160421
Panda 20160421
Sophos 20160421
SUPERAntiSpyware 20160421
Symantec 20160421
Tencent 20160421
TheHacker 20160421
TrendMicro 20160421
TrendMicro-HouseCall 20160421
VBA32 20160421
VIPRE 20160421
ViRobot 20160421
Yandex 20160420
Zillya 20160421
Zoner 20160421
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Microsoft® Windows® Operating System
Original name Rastapi.dll
Internal name Rpstapi.dll
File version 5.3.3703.5512 (xpsp.080413-0852)
Description Remote Access TAPI Compliance Layer
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1970-01-01 02:16:34
Entry Point 0x00029500
Number of sections 17
PE sections
PE imports
Heap32ListFirst
GetNamedPipeInfo
FileTimeToSystemTime
GetModuleFileNameW
GetDriveTypeA
HeapAlloc
WriteProcessMemory
SetupComm
UnlockFile
TerminateThread
LCMapStringW
lstrcatA
SetVolumeMountPointA
GetWindowsDirectoryA
LoadModule
FlushInstructionCache
GetCurrentThread
QueryDepthSList
CompareStringW
LocalFlags
LoadLibraryW
IsSystemResumeAutomatic
GetFirmwareEnvironmentVariableA
SetConsoleTitleA
FreeConsole
lstrcmpA
lstrcmpW
GetDiskFreeSpaceA
GetGeoInfoW
GetProcessAffinityMask
SearchPathW
OpenJobObjectW
GetNumberFormatA
FatalExit
SearchPathA
FindAtomA
WriteProfileSectionW
GetFullPathNameW
GetFileAttributesExA
GetSystemWindowsDirectoryW
SetMailslotInfo
ReadFileScatter
VarUI2FromR4
VarUI2FromStr
DragQueryFileW
GetWindowLongA
SetPropW
PtInRect
setvbuf
PdhGetFormattedCounterArrayA
PdhLookupPerfNameByIndexW
ReleaseBindInfo
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
2.32

ImageVersion
1.0

FileSubtype
0

FileVersionNumber
5.3.3703.5512

UninitializedDataSize
7168

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
42753

EntryPoint
0x29500

OriginalFileName
Rastapi.dll

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights reserved.

FileVersion
5.3.3703.5512 (xpsp.080413-0852)

TimeStamp
1970:01:01 03:16:34+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Rpstapi.dll

ProductVersion
5.3.3703.5512

FileDescription
Remote Access TAPI Compliance Layer

OSVersion
4.1

FileOS
Windows NT 32-bit

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
51200

ProductName
Microsoft Windows Operating System

ProductVersionNumber
5.1.3703.5512

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 8dce66933cd5abb1821889ba4746a1b7
SHA1 90eac3c2960cf8fc3959a01acef33b2f9d42b45c
SHA256 dba5d3b96a6065660250d36d8eb56744a2b88f71bbd6fcced15394cb7efd0ea2
ssdeep
3072:/+LVm7uEpm94Cu9sClKFUAWWPo1g0Ru/eDT:/+LVmXQi1sClyB7Sz8eD

authentihash 3a6dd63f7b1c3d005c457af4630da761e80db392631a6d050801946e07ed3bd3
imphash 2d70c849209ba5575ab8638f5c4cbb1c
File size 152.5 KB ( 156160 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
VXD Driver (0.2%)
Tags
peexe

VirusTotal metadata
First submission 2016-04-21 16:54:20 UTC ( 1 year, 1 month ago )
Last submission 2016-12-16 07:29:15 UTC ( 5 months, 1 week ago )
File names 8dce66933cd5abb1821889ba4746a1b7.exe4
Rpstapi.dll
7awgydhiu.ex1
8dce66933cd5abb1821889ba4746a1b7
loader.med.122.cr.exe4
fileman.exe
8dce66933cd5abb1821889ba4746a1b7.exe
Rastapi.dll
alarm.exe
8dce66933cd5abb1821889ba4746a1b7
radB3269.tmp.exe
7awgydhiu.fbi
radB0D2F.tmp
assets.php
dridex-dropper.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created mutexes
Opened mutexes
Runtime DLLs
UDP communications