× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: de7414d18f50e7bb22f828dbf7fa12e18a31f1059491a5bb5adef985a38dcf0f
File name: newbos3 (1).exe
Detection ratio: 23 / 46
Analysis date: 2013-04-23 00:26:56 UTC ( 1 year ago )
Antivirus Result Update
AVG Win32/Cryptor 20130423
AhnLab-V3 Win-Trojan/Malpacked6.Gen 20130422
AntiVir TR/Dropper.Gen 20130422
Avast Win32:Downloader-TAL [Trj] 20130423
BitDefender Gen:Variant.Kazy.94410 20130423
CAT-QuickHeal FraudTool.Security 20130422
Commtouch W32/Trojan.GETA-4577 20130422
Comodo UnclassifiedMalware 20130423
ESET-NOD32 a variant of Win32/Kryptik.AZHC 20130422
Emsisoft Gen:Variant.Kazy.94410 (B) 20130423
F-Secure Gen:Variant.Kazy.94410 20130423
Fortinet W32/Tepfer.MQ!tr 20130423
GData Gen:Variant.Kazy.94410 20130423
Ikarus Win32.SuspectCrc 20130422
Kaspersky Trojan-PSW.Win32.Tepfer.iojc 20130423
Malwarebytes Trojan.Agent.ED 20130423
McAfee Agent-FCC!86F197E0353A 20130423
McAfee-GW-Edition Heuristic.LooksLike.Win32.Suspicious.E 20130422
MicroWorld-eScan Gen:Variant.Kazy.94410 20130423
Norman Kelihos.DA 20130422
Panda Trj/CI.A 20130422
TrendMicro-HouseCall TROJ_GEN.R47B1DJ 20130423
VIPRE Trojan.Win32.Encpk.adz (v) 20130423
Agnitum 20130422
Antiy-AVL 20130422
ByteHero 20130418
ClamAV 20130423
DrWeb 20130423
F-Prot 20130422
Jiangmin 20130422
K7AntiVirus 20130422
K7GW 20130422
Kingsoft 20130422
Microsoft 20130423
NANO-Antivirus 20130423
PCTools 20130422
SUPERAntiSpyware 20130423
Sophos 20130423
Symantec 20130423
TheHacker 20130422
TotalDefense 20130422
TrendMicro 20130423
VBA32 20130422
ViRobot 20130422
eSafe 20130418
nProtect 20130422
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block
Publisher OperA sofTware
Product 8KJgiU
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2011-07-07 21:41:29
Entry Point 0x0002B660
Number of sections 5
PE sections
PE imports
CAFindByName
DllGetClassObject
GetProxyDllInfo
CADeleteCertType
CAFindByIssuerDN
CASetCAExpiration
DllInstall
CAAddCACertificateType
CAOIDDelete
CAEnumCertTypesEx
CAEnumCertTypesForCAEx
CreateWaitableTimerW
SetConsoleTitleW
ResumeThread
GetNumaHighestNodeNumber
EnumCalendarInfoExW
CreateMutexA
GetConsoleAliasW
MulDiv
GetNumaNodeProcessorMask
VirtualFree
LoadLibraryA
VerSetConditionMask
MapUserPhysicalPagesScatter
??6ostream@@QAEAAV0@PBC@Z
?write@ostream@@QAEAAV1@PBCH@Z
??0istream_withassign@@QAE@XZ
??0fstream@@QAE@HPADH@Z
??1filebuf@@UAE@XZ
??0strstreambuf@@QAE@ABV0@@Z
??1iostream@@UAE@XZ
??0strstream@@QAE@ABV0@@Z
?underflow@strstreambuf@@UAEHXZ
?unlock@ios@@QAAXXZ
?seekpos@streambuf@@UAEJJH@Z
??5istream@@QAEAAV0@PAVstreambuf@@@Z
??_7ostream@@6B@
?seekoff@strstreambuf@@UAEJJW4seek_dir@ios@@H@Z
??_Elogic_error@@UAEPAXI@Z
??_Gstdiostream@@UAEPAXI@Z
?getline@istream@@QAEAAV1@PADHD@Z
?tellg@istream@@QAEJXZ
NetReplExportDirLock
NetReplExportDirAdd
NetDfsRemoveFtRoot
I_NetServerPasswordGet
NetConfigGet
NetDfsRemoveStdRoot
NetpInitFtinfoContext
DsAddressToSiteNamesExW
NetServiceEnum
NetValidateName
I_NetLogonUasLogon
NetServerTransportAdd
NetLocalGroupDelMember
NetAlertRaiseEx
NetReplImportDirGetInfo
NetpNetBiosStatusToApiStatus
DsGetDcSiteCoverageW
NetUserModalsSet
NetDfsManagerGetConfigInfo
RtlDestroyAtomTable
NtEnumerateValueKey
RtlAnsiCharToUnicodeChar
ZwDuplicateToken
RtlDeactivateActivationContextUnsafeFast
ZwResumeThread
ZwCompareTokens
RtlWriteRegistryValue
RtlRandomEx
RtlDllShutdownInProgress
RtlEnlargedIntegerMultiply
CsrCaptureMessageString
WOWGlobalUnlock16
WOWHandle32
WOWGetVDMPointerFix
WOWUseMciavi16
WOW32DriverCallback
WOWGlobalAllocLock16
GetCommHandle
WOWGlobalUnlockFree16
WOWCallback16Ex
CopyDropFilesFrom32
Number of PE resources by type
RT_STRING 3
RT_ICON 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 3
GERMAN 1
CZECH NEUTRAL 1
ICELANDIC NEUTRAL 1
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
2044416

ImageVersion
0.0

ProductName
8KJgiU

FileVersionNumber
0.24576.19854.516

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

CharacterSet
Unicode

LinkerVersion
10.0

MIMEType
application/octet-stream

TimeStamp
2011:07:07 22:41:29+01:00

FileType
Win32 EXE

PEType
PE32

FileAccessDate
2013:04:23 01:27:17+01:00

SubsystemVersion
5.1

OSVersion
5.0

FileCreateDate
2013:04:23 01:27:17+01:00

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
OperA sofTware

CodeSize
370688

FileSubtype
0

ProductVersionNumber
0.24576.19854.516

EntryPoint
0x2b660

ObjectFileType
Executable application

File identification
MD5 86f197e0353a97b630d9b1838520ade1
SHA1 1cf084e297743e8fc98a29807fd1b83f4a736ca8
SHA256 de7414d18f50e7bb22f828dbf7fa12e18a31f1059491a5bb5adef985a38dcf0f
ssdeep
24576:fG2Ax4rFjWY2fNJKbXjfb4qpFlax5nf67aFLruMXyGoL+T:f6x4pqffWf/DlOfLruMXyG9T

File size 873.5 KB ( 894464 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (38.0%)
Generic Win/DOS Executable (11.7%)
DOS Executable Generic (11.6%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe

VirusTotal metadata
First submission 2013-04-18 23:35:05 UTC ( 1 year ago )
Last submission 2013-04-23 00:26:56 UTC ( 1 year ago )
File names newbos3.exe-TKDvmQ
newbos3 (1).exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Set keys
Code injections in the following processes
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
TCP connections
UDP communications