× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: ddb2a2f6d5f30f74b46311e8d976334037af5043999c29c68d96b9a399b491bb
File name: 1405uk77.exe
Detection ratio: 4 / 57
Analysis date: 2015-05-19 12:28:33 UTC ( 4 years ago ) View latest
Antivirus Result Update
Avira (no cloud) TR/Crypt.XPACK.Gen7 20150519
Qihoo-360 Win32/Trojan.cb1 20150519
Rising PE:Malware.XPACK-HIE/Heur!1.9C48 20150519
Tencent Trojan.Win32.Qudamah.Gen.24 20150519
Ad-Aware 20150519
AegisLab 20150519
Yandex 20150518
AhnLab-V3 20150518
Alibaba 20150519
ALYac 20150519
Antiy-AVL 20150519
Avast 20150519
AVG 20150519
AVware 20150519
Baidu-International 20150519
BitDefender 20150519
Bkav 20150519
ByteHero 20150519
CAT-QuickHeal 20150519
ClamAV 20150519
CMC 20150518
Comodo 20150519
Cyren 20150519
DrWeb 20150519
Emsisoft 20150519
ESET-NOD32 20150519
F-Prot 20150519
F-Secure 20150519
Fortinet 20150519
GData 20150519
Ikarus 20150519
Jiangmin 20150518
K7AntiVirus 20150519
K7GW 20150519
Kaspersky 20150519
Kingsoft 20150519
Malwarebytes 20150519
McAfee 20150519
McAfee-GW-Edition 20150519
Microsoft 20150519
eScan 20150519
NANO-Antivirus 20150519
Norman 20150519
nProtect 20150519
Panda 20150518
Sophos AV 20150519
SUPERAntiSpyware 20150519
Symantec 20150519
TheHacker 20150518
TotalDefense 20150519
TrendMicro 20150519
TrendMicro-HouseCall 20150519
VBA32 20150519
VIPRE 20150519
ViRobot 20150519
Zillya 20150518
Zoner 20150518
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2008-12-02 11:43:22
Entry Point 0x0000CAFD
Number of sections 4
PE sections
PE imports
TextOutA
CreateMutexA
GetStartupInfoA
lstrlenA
ReadFile
lstrcpyA
CloseHandle
GetSystemDirectoryA
LoadLibraryA
GetModuleHandleA
_except_handler3
_acmdln
__p__fmode
_adjust_fdiv
__p__commode
_controlfp
exit
_XcptFilter
__getmainargs
_initterm
_exit
__setusermatherr
__set_app_type
GetMessageA
GetParent
UpdateWindow
GetScrollRange
BeginPaint
MoveWindow
PostQuitMessage
DefWindowProcA
ShowWindow
LoadBitmapA
SetWindowPos
GetDesktopWindow
SetWindowLongA
DispatchMessageA
EndPaint
SetMenu
SetDlgItemTextA
SetMenuItemInfoA
SetPropW
TranslateMessage
SetScrollInfo
RegisterClassExA
GetMenu
LoadStringA
SetParent
SendMessageA
SetScrollPos
InvalidateRect
GetWindowLongA
CreateWindowExA
LoadCursorA
LoadIconA
GetKeyboardState
SetDlgItemInt
GetClassNameA
GetMenuItemID
EnableWindow
DestroyWindow
Number of PE resources by type
RT_BITMAP 7
RT_ICON 3
RT_DIALOG 1
RT_MANIFEST 1
RT_GROUP_ICON 1
Number of PE resources by language
PORTUGUESE BRAZILIAN 12
ENGLISH US 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2008:12:02 12:43:22+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
251904

LinkerVersion
10.0

FileTypeExtension
exe

InitializedDataSize
293376

SubsystemVersion
5.1

EntryPoint
0xcafd

OSVersion
5.1

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 b3b483c10d4f7eacd7cfa42f604968f8
SHA1 9f7f99ac08e6ed79f5bf7b6706852df169fdfb43
SHA256 ddb2a2f6d5f30f74b46311e8d976334037af5043999c29c68d96b9a399b491bb
ssdeep
12288:Ev0bH7ePXlQAUpjhBhE38ULPY8tIsGbM4l6Ltq/qou:G0uvlQAUpnhIzQQIsGAM6Jq/qou

authentihash b470fa9661aecc20614fdc5859921ada555c69ed8bd6b2f2c4d4d61534d5af72
imphash 1432e3e4bd2e18444c24fa607ef853c5
File size 531.5 KB ( 544256 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2015-05-19 11:01:03 UTC ( 4 years ago )
Last submission 2015-08-13 15:23:13 UTC ( 3 years, 9 months ago )
File names 81136916197-9-68_1.1405uk77.exe
1405uk77.exe
1405uk77.bin
cxtgktmmojneboc.exe
OclptNaoqAtweYc.exe
gTLRSsplWRAeOYn.exe
b3b483c10d4f7eacd7cfa42f604968f8.exe
csrss_0.exe
csrss_14.exe
b3b483c10d4f7eacd7cfa42f604968f8
CWmNMhUgiHKARfN.exe
1405uk77[1].exe.dr
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Created mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.