× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: dec56e9249069b02a3df2b575e74f1e7bffd256bc3b0ab0f5a94479ab7cb1c30
File name: cr_809v2.exe
Detection ratio: 50 / 62
Analysis date: 2017-05-02 21:13:05 UTC ( 2 years ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Symmi.51731 20170502
AegisLab Backdoor.W32.Androm.glln!c 20170502
AhnLab-V3 Trojan/Win32.Zbot.R137898 20170502
ALYac Gen:Variant.Symmi.51731 20170502
Antiy-AVL Trojan[Dropper]/Win32.Injector 20170502
Arcabit Trojan.Symmi.DCA13 20170502
Avast Win32:Crypt-RVU [Trj] 20170502
AVG Win32/Herz.B 20170502
Avira (no cloud) TR/Spy.ZBot.xbbeohy 20170502
AVware Trojan.Win32.Generic!BT 20170502
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9998 20170502
BitDefender Gen:Variant.Symmi.51731 20170502
CAT-QuickHeal TrojanPWS.Zbot.A4 20170502
Comodo UnclassifiedMalware 20170502
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20170130
Cyren W32/Backdoor.GERC-2230 20170502
DrWeb Trojan.Inject1.53302 20170502
Emsisoft Gen:Variant.Symmi.51731 (B) 20170502
Endgame malicious (high confidence) 20170419
ESET-NOD32 a variant of Win32/Injector.BWGX 20170502
F-Prot W32/Backdoor2.HXVA 20170502
F-Secure Gen:Variant.Symmi.51731 20170502
Fortinet W32/Injector.CALA!tr 20170502
GData Win32.Trojan.Emotet.I 20170502
Ikarus Trojan.Win32.Boaxxe 20170502
Sophos ML trojan.win32.miuref.f 20170413
Jiangmin Backdoor/Androm.gjg 20170502
K7AntiVirus Trojan ( 004b81de1 ) 20170502
K7GW Trojan ( 004b81de1 ) 20170426
Kaspersky HEUR:Trojan.Win32.Generic 20170502
McAfee Generic-FAWD!7384D2D5B932 20170502
McAfee-GW-Edition BehavesLike.Win32.PWSZbot.cc 20170502
Microsoft VirTool:Win32/CeeInject.gen!KK 20170502
eScan Gen:Variant.Symmi.51731 20170502
NANO-Antivirus Trojan.Win32.Zbot.dpgbno 20170502
Palo Alto Networks (Known Signatures) generic.ml 20170502
Panda Trj/Genetic.gen 20170502
Qihoo-360 HEUR/QVM07.1.Malware.Gen 20170502
SentinelOne (Static ML) static engine - malicious 20170330
Sophos AV Mal/Zbot-TQ 20170502
SUPERAntiSpyware Trojan.Agent/Gen-Ransom 20170502
Symantec Trojan.Gen.2 20170502
Tencent Win32.Trojan.Inject.Auto 20170502
TrendMicro TROJ_MALKRYP.SM7 20170502
TrendMicro-HouseCall TROJ_MALKRYP.SM7 20170502
VBA32 BScope.Malware-Cryptor.Hlux 20170502
VIPRE Trojan.Win32.Generic!BT 20170502
Webroot W32.Trojan.Gen 20170502
Yandex Backdoor.Androm!Qidng5lGW6M 20170502
ZoneAlarm by Check Point HEUR:Trojan.Win32.Generic 20170502
Alibaba 20170502
Bkav 20170428
ClamAV 20170502
CMC 20170502
Kingsoft 20170502
Malwarebytes 20170502
nProtect 20170502
Rising None
Symantec Mobile Insight 20170502
TheHacker 20170429
TotalDefense 20170426
Trustlook 20170502
ViRobot 20170502
WhiteArmor 20170502
Zillya 20170428
Zoner 20170502
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-03-11 16:08:28
Entry Point 0x00004812
Number of sections 6
PE sections
Overlays
MD5 cb3936f3337122ccdc6d4781d8f998c7
File type ASCII text
Offset 151552
Size 58
Entropy 4.39
PE imports
RegDeleteKeyW
SelectObject
CreateFontIndirectW
CreatePen
CreateSolidBrush
BitBlt
GetSystemTime
GetStdHandle
CreateEventA
GetCPInfo
LocalAlloc
SetFilePointer
HeapCreate
CreateFileW
LCMapStringA
GetStartupInfoW
SetEndOfFile
GetCurrentThreadId
GlobalLock
GetModuleHandleW
Ord(3820)
Ord(2406)
Ord(6113)
Ord(4621)
Ord(6332)
Ord(1634)
Ord(2980)
Ord(6371)
Ord(967)
Ord(2438)
Ord(523)
Ord(5237)
Ord(4073)
Ord(6048)
Ord(5996)
Ord(2362)
Ord(5257)
Ord(3733)
Ord(5736)
Ord(5236)
Ord(4523)
Ord(5727)
Ord(3744)
Ord(4616)
Ord(3167)
Ord(5298)
Ord(2873)
Ord(3917)
Ord(4717)
Ord(1987)
Ord(4852)
Ord(1569)
Ord(4539)
Ord(6370)
Ord(815)
Ord(4525)
Ord(3257)
Ord(4405)
Ord(641)
Ord(4292)
Ord(861)
Ord(3449)
Ord(2388)
Ord(3566)
Ord(338)
Ord(4343)
Ord(2502)
Ord(3076)
Ord(4414)
Ord(4233)
Ord(5256)
Ord(1739)
Ord(4430)
Ord(3142)
Ord(3060)
Ord(3193)
Ord(5285)
Ord(4617)
Ord(2021)
Ord(5793)
Ord(5233)
Ord(6330)
Ord(2069)
Ord(1165)
Ord(2486)
Ord(617)
Ord(3341)
Ord(366)
Ord(825)
Ord(4604)
Ord(5710)
Ord(4329)
Ord(5276)
Ord(4146)
Ord(4441)
Ord(4401)
Ord(2874)
Ord(540)
Ord(4606)
Ord(4335)
Ord(3712)
Ord(2619)
Ord(1196)
Ord(5807)
Ord(1767)
Ord(2371)
Ord(3568)
Ord(4480)
Ord(4229)
Ord(5478)
Ord(5475)
Ord(823)
Ord(2047)
Ord(4537)
Ord(4913)
Ord(4958)
Ord(2504)
Ord(813)
Ord(5278)
Ord(640)
Ord(5006)
Ord(4607)
Ord(5157)
Ord(4298)
Ord(541)
Ord(6051)
Ord(5261)
Ord(3074)
Ord(3345)
Ord(2613)
Ord(3592)
Ord(4609)
Ord(4884)
Ord(4459)
Ord(554)
Ord(4381)
Ord(3688)
Ord(2977)
Ord(2116)
Ord(4418)
Ord(5784)
Ord(2641)
Ord(1834)
Ord(4268)
Ord(3053)
Ord(796)
Ord(674)
Ord(2382)
Ord(4831)
Ord(5070)
Ord(2618)
Ord(1089)
Ord(4158)
Ord(5573)
Ord(791)
Ord(975)
Ord(6076)
Ord(2715)
Ord(4426)
Ord(3398)
Ord(2717)
Ord(4269)
Ord(4992)
Ord(5297)
Ord(4608)
Ord(4461)
Ord(520)
Ord(4817)
Ord(3743)
Ord(986)
Ord(2377)
Ord(4893)
Ord(6211)
Ord(4419)
Ord(323)
Ord(4074)
Ord(1719)
Ord(2640)
Ord(2109)
Ord(773)
Ord(4421)
Ord(4773)
Ord(807)
Ord(4520)
Ord(3254)
Ord(2506)
Ord(4947)
Ord(4128)
Ord(4237)
Ord(4451)
Ord(5304)
Ord(5273)
Ord(2971)
Ord(2534)
Ord(1817)
Ord(4347)
Ord(5248)
Ord(1658)
Ord(501)
Ord(324)
Ord(560)
Ord(2391)
Ord(1937)
Ord(2527)
Ord(1768)
Ord(4704)
Ord(3793)
Ord(4955)
Ord(3826)
Ord(5193)
Ord(4847)
Ord(5468)
Ord(4692)
Ord(1720)
Ord(4075)
Ord(2854)
Ord(4857)
Ord(652)
Ord(5094)
Ord(4420)
Ord(5596)
Ord(5097)
Ord(1131)
Ord(1244)
Ord(2546)
Ord(4435)
Ord(5303)
Ord(4518)
Ord(6171)
Ord(5208)
Ord(4583)
Ord(6617)
Ord(561)
Ord(1083)
Ord(1143)
Ord(3054)
Ord(3658)
Ord(5296)
Ord(6372)
Ord(3131)
Ord(4154)
Ord(2024)
Ord(5059)
Ord(3825)
Ord(4072)
Ord(4103)
Ord(529)
Ord(4370)
Ord(4969)
Ord(800)
Ord(296)
Ord(5649)
Ord(5239)
Ord(5286)
Ord(4690)
Ord(3621)
_except_handler3
__p__fmode
strncat
_XcptFilter
__CxxFrameHandler
__wgetmainargs
_exit
__p__commode
__setusermatherr
_itoa
__dllonexit
_onexit
atoi
exit
sprintf
_initterm
_controlfp
_wcmdln
_adjust_fdiv
__set_app_type
GetWindowTextLengthA
SetTimer
GetParent
SendMessageW
UpdateWindow
FillRect
LoadBitmapW
LoadCursorW
KillTimer
LoadIconW
EnableWindow
DialogBoxParamA
ShowWindow
ToAsciiEx
InvalidateRect
GetSysColor
GetDC
SetCursor
Number of PE resources by type
RT_STRING 15
RT_DIALOG 4
RT_BITMAP 3
RT_GROUP_CURSOR 2
RT_CURSOR 2
RT_ICON 1
Struct(241) 1
GIF 1
RT_MENU 1
RT_ACCELERATOR 1
RT_GROUP_ICON 1
Number of PE resources by language
CHINESE SIMPLIFIED 29
NEUTRAL 3
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2015:03:11 17:08:28+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
16384

LinkerVersion
6.0

FileTypeExtension
exe

InitializedDataSize
131072

SubsystemVersion
4.0

EntryPoint
0x4812

OSVersion
4.0

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 7384d2d5b932ccd285b0f4c4bf915da3
SHA1 59008783b054f2c384c8390287fb6324e67076cf
SHA256 dec56e9249069b02a3df2b575e74f1e7bffd256bc3b0ab0f5a94479ab7cb1c30
ssdeep
3072:O2UMOzX9GhDgh6H5BUluRUE1Zr2lcRd9CO:OX7kHfUIRic4O

authentihash 7bb33fc25f9fa43397c62844b225ee9cb6055c510ff0090e77a0c39b7ab59fc0
imphash b6b2a83bec478d71121f2efefd7e647d
File size 148.1 KB ( 151610 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.4%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe overlay

VirusTotal metadata
First submission 2015-03-14 08:59:33 UTC ( 4 years, 2 months ago )
Last submission 2015-04-29 08:15:25 UTC ( 4 years ago )
File names DHLKunden_439875450020573475048_nextt_online_public_set_identcodes_do_lang_de_zip_69239.exe
pZ89plsT0t.7z
cr_809v2.exe
dec56e9249069b02a3df2b575e74f1e7bffd256bc3b0ab0f5a94479ab7cb1c30.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Code injections in the following processes
Opened mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
UDP communications