× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: decb2ae018e3af596db1369ae8fc157a1448d07be91789a7c3736108134c6419
File name: 346.exe
Detection ratio: 7 / 55
Analysis date: 2015-06-26 13:12:39 UTC ( 2 years, 2 months ago ) View latest
Antivirus Result Update
Bkav HW32.Packed.1AC8 20150626
ESET-NOD32 Win32/Dridex.P 20150626
Kaspersky UDS:DangerousObject.Multi.Generic 20150626
Panda Trj/Chgt.O 20150626
Rising PE:Malware.XPACK-HIE/Heur!1.9C48 20150626
Symantec Suspicious.Cloud.5 20150626
TrendMicro TROJ_INJECT.XXTYP 20150626
Ad-Aware 20150626
AegisLab 20150626
Yandex 20150625
AhnLab-V3 20150626
Alibaba 20150625
ALYac 20150626
Antiy-AVL 20150626
Arcabit 20150626
Avast 20150626
AVG 20150626
Avira (no cloud) 20150626
AVware 20150626
Baidu-International 20150626
BitDefender 20150626
ByteHero 20150626
CAT-QuickHeal 20150626
ClamAV 20150626
Comodo 20150626
Cyren 20150626
DrWeb 20150626
Emsisoft 20150626
F-Prot 20150626
F-Secure 20150626
Fortinet 20150626
GData 20150626
Ikarus 20150626
Jiangmin 20150625
K7AntiVirus 20150626
K7GW 20150626
Kingsoft 20150626
Malwarebytes 20150626
McAfee 20150626
McAfee-GW-Edition 20150626
Microsoft 20150626
eScan 20150626
NANO-Antivirus 20150626
nProtect 20150626
Qihoo-360 20150626
Sophos AV 20150626
SUPERAntiSpyware 20150626
Tencent 20150626
TheHacker 20150625
TrendMicro-HouseCall 20150626
VBA32 20150626
VIPRE 20150626
ViRobot 20150626
Zillya 20150626
Zoner 20150626
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2007-11-12 17:25:02
Entry Point 0x00015086
Number of sections 4
PE sections
PE imports
AreAnyAccessesGranted
LsaSetDomainInformationPolicy
GetClusterNodeKey
MoveClusterGroup
OpenClusterNetwork
GetClusterGroupKey
EvictClusterNode
CloseClusterResource
AddClusterResourceNode
OpenCluster
OpenClusterNetInterface
RemoveClusterResourceDependency
GetClusterResourceState
CanResourceBeDependent
ClusterGroupControl
SetClusterName
GetClusterNetworkKey
ClusterResourceOpenEnum
CreateClusterResourceType
ClusterNetworkCloseEnum
DeleteClusterGroup
ClusterNetInterfaceControl
GetClusterQuorumResource
GetClusterNetworkState
ClusterNodeEnum
FlatSB_GetScrollInfo
Ord(3)
FlatSB_GetScrollRange
PropertySheetA
ImageList_BeginDrag
ImageList_SetBkColor
ImageList_Create
CreatePropertySheetPageW
ImageList_DragLeave
FlatSB_GetScrollPos
Ord(6)
Ord(17)
PropertySheetW
ImageList_GetIcon
ImageList_LoadImageW
AddFontResourceA
ImmGetCompositionFontA
ImmGetCandidateListA
GetLastError
GetDriveTypeW
GetUserDefaultLangID
GetThreadPriorityBoost
GetVersionExW
Beep
GetNumberOfConsoleInputEvents
GetCommMask
GetHandleInformation
GetFileAttributesW
GlobalUnfix
Process32Next
FoldStringA
EnumTimeFormatsW
GetDateFormatA
GetCurrentDirectoryW
GetCurrentProcessId
AddAtomA
FindAtomA
ContinueDebugEvent
DeleteFileA
GetCPInfo
ClearCommBreak
GetPrivateProfileStructW
GetPrivateProfileIntW
FillConsoleOutputAttribute
GetCommProperties
HeapDestroy
GetTempFileNameW
EnumResourceLanguagesW
GetCommModemStatus
GetSystemDefaultLangID
GetShortPathNameA
CreateThread
FatalAppExitA
CreateFileA
GetTempPathW
GetStartupInfoA
FreeConsole
EnumResourceTypesW
ClearCommError
GetPrivateProfileIntA
GetPrivateProfileSectionW
CreateEventW
GetExitCodeProcess
GetConsoleCursorInfo
CreateEventA
AllocConsole
GetVolumeInformationA
BuildCommDCBW
FindNextChangeNotification
EnumDateFormatsA
GetFileAttributesExA
BackupSeek
GetStringTypeExA
GetModuleHandleA
LZOpenFileW
WNetGetConnectionW
WNetCancelConnectionA
WNetConnectionDialog1A
WNetGetUniversalNameW
WNetGetLastErrorA
WNetDisconnectDialog
WNetAddConnection3A
_except_handler3
__p__fmode
_acmdln
_exit
_adjust_fdiv
__p__commode
exit
_XcptFilter
__getmainargs
_initterm
_controlfp
__setusermatherr
__set_app_type
Ord(24)
Ord(25)
Ord(74)
Ord(23)
Ord(47)
Ord(41)
AccessibleChildren
GetStateTextA
VarBstrFromDate
LPSAFEARRAY_UserMarshal
VarBoolFromUI2
VarR4FromDisp
SafeArrayAllocDescriptor
GetRecordInfoFromTypeInfo
RasValidateEntryNameA
RasHangUpW
RasSetEntryDialParamsA
RasGetProjectionInfoW
RasGetConnectStatusA
RasEnumConnectionsW
RasSetEntryPropertiesW
RasEnumEntriesA
RasEditPhonebookEntryW
RasEditPhonebookEntryA
RasGetEntryDialParamsW
ResUtilVerifyPrivatePropertyList
ResUtilGetPropertiesToParameterBlock
ResUtilStopService
RpcBindingToStringBindingA
RpcServerUseProtseqExA
RpcBindingInqObject
RpcMgmtEpEltInqDone
RpcSsDontSerializeContext
NdrInterfacePointerUnmarshall
RpcProtseqVectorFreeW
RpcStringBindingParseW
RpcSmDestroyClientContext
RpcSmAllocate
NdrClientContextUnmarshall
RpcSmSetThreadHandle
NdrServerInitializeUnmarshall
RpcServerRegisterAuthInfoW
NdrEncapsulatedUnionMarshall
NdrConformantVaryingArrayUnmarshall
NdrXmitOrRepAsFree
NdrConformantStructMemorySize
long_from_ndr
NdrByteCountPointerBufferSize
NdrConformantVaryingStructMarshall
NdrRpcSmSetClientToOsf
NdrNonConformantStringMarshall
NdrPointerMemorySize
NdrServerInitializeMarshall
RpcMgmtEpEltInqBegin
NdrXmitOrRepAsMemorySize
I_RpcConnectionSetSockBuffSize
RpcAsyncAbortCall
NdrFullPointerFree
MesHandleFree
RpcEpUnregister
RpcServerUnregisterIf
tree_into_ndr
NdrSimpleStructMemorySize
RpcMgmtInqDefaultProtectLevel
NdrConformantStringMemorySize
NdrNsSendReceive
NdrPointerMarshall
RpcServerInqDefaultPrincNameA
NdrConformantVaryingStructFree
RpcBindingInqAuthInfoExW
MesIncrementalHandleReset
I_RpcBindingInqDynamicEndpointA
NdrByteCountPointerFree
I_RpcSend
RpcBindingInqAuthClientW
MesEncodeDynBufferHandleCreate
RpcBindingServerFromClient
I_RpcRequestMutex
I_RpcBindingInqDynamicEndpointW
RpcBindingSetOption
NdrConvert2
NdrComplexStructMemorySize
I_RpcAsyncAbortCall
RpcBindingInqAuthInfoW
I_RpcServerInqTransportType
RpcBindingSetAuthInfoExA
NdrNonConformantStringBufferSize
NdrXmitOrRepAsUnmarshall
short_from_ndr
RpcMgmtInqServerPrincNameA
NDRSContextMarshallEx
RpcSmClientFree
RpcMgmtStopServerListening
NdrEncapsulatedUnionBufferSize
enum_from_ndr
RpcMgmtStatsVectorFree
NDRSContextMarshall
NdrServerContextMarshall
RpcBindingFromStringBindingW
RpcServerUseProtseqW
NdrComplexStructFree
PathRemoveArgsA
PathCommonPrefixA
PathIsUNCServerA
RedrawWindow
GetMessagePos
SetMenuItemBitmaps
DrawStateA
SetUserObjectSecurity
EnumDesktopsW
EnumWindowStationsW
DrawStateW
GetNextDlgTabItem
DlgDirSelectComboBoxExA
ClientToScreen
OemToCharBuffW
GetMessageTime
ScrollDC
SetActiveWindow
GetAsyncKeyState
ReleaseDC
DefFrameProcW
DlgDirSelectExW
SetScrollPos
GetThreadDesktop
CharPrevExA
CallNextHookEx
GetWindowTextLengthA
GetTopWindow
RegisterClipboardFormatW
GetWindowTextLengthW
GetTabbedTextExtentW
LoadAcceleratorsW
ScrollWindow
DestroyWindow
GetUserObjectInformationW
GetClassInfoExW
GetUserObjectInformationA
ShowWindow
GetNextDlgGroupItem
CharToOemBuffA
GetClipboardFormatNameA
PeekMessageW
PeekMessageA
CharToOemBuffW
ArrangeIconicWindows
TranslateMessage
CreateCursor
MsgWaitForMultipleObjects
DdeQueryConvInfo
IsCharLowerA
EnableMenuItem
RegisterClassA
OpenDesktopA
CreateMenu
UnhookWinEvent
DlgDirListA
DeferWindowPos
GetDialogBaseUnits
OemToCharW
EnumPropsW
ToUnicode
GetWindowLongW
GetUpdateRect
GetUserObjectSecurity
IsChild
IMPQueryIMEW
OpenInputDesktop
SetLastErrorEx
MapVirtualKeyW
GetClipboardOwner
CheckMenuRadioItem
SetClipboardViewer
SetRectEmpty
DdeAddData
DrawIcon
PostMessageW
CharToOemW
CreateWindowStationA
WaitMessage
GetMenuCheckMarkDimensions
CreateDialogParamA
CreateWindowStationW
ScreenToClient
GetClassLongA
CountClipboardFormats
SetWindowsHookExA
DialogBoxIndirectParamW
GetMenuStringA
DestroyAcceleratorTable
CreateDesktopW
ValidateRect
LoadIconW
FindWindowExW
GetScrollRange
LoadMenuA
GetCapture
RemovePropA
MessageBeep
DrawTextExA
ShowScrollBar
MessageBoxW
SendMessageCallbackA
MessageBoxIndirectA
EnumDesktopWindows
LoadCursorFromFileA
ChangeMenuW
ChangeClipboardChain
DialogBoxParamA
SendMessageCallbackW
SetScrollInfo
CreateWindowExW
SystemParametersInfoA
MenuItemFromPoint
GetWindowModuleFileNameA
CreateMDIWindowA
DdeNameService
FrameRect
InvalidateRect
SendMessageTimeoutA
ModifyMenuA
GetClassNameW
TranslateAcceleratorA
AdjustWindowRect
CreateIcon
IsCharUpperW
TranslateAcceleratorW
SetCursor
InternetQueryOptionA
HGLOBAL_UserFree
OleCreateLinkEx
OleTranslateAccelerator
OleGetAutoConvert
CoRegisterMessageFilter
CoGetStdMarshalEx
CreateFileMoniker
OleCreateEx
CoTreatAsClass
CreateStreamOnHGlobal
CreateItemMoniker
CoRegisterSurrogate
HACCEL_UserUnmarshal
CoFreeLibrary
CoRegisterMallocSpy
HBITMAP_UserFree
OleConvertOLESTREAMToIStorageEx
HMENU_UserFree
HPALETTE_UserSize
CoResumeClassObjects
HGLOBAL_UserMarshal
OleLoad
HWND_UserMarshal
StgCreatePropSetStg
OleDraw
OleNoteObjectVisible
OleGetIconOfFile
CoTaskMemRealloc
OleCreateLinkFromDataEx
CoReleaseMarshalData
STGMEDIUM_UserUnmarshal
CreateDataCache
HACCEL_UserFree
CoUnmarshalInterface
CoTaskMemAlloc
StgOpenAsyncDocfileOnIFillLockBytes
OleSaveToStream
CoGetCurrentProcess
CoGetObject
GetRunningObjectTable
OleIsCurrentClipboard
StgCreateDocfile
OleGetIconOfClass
ReadClassStm
CoMarshalInterface
HlinkNavigateMoniker
URLOpenBlockingStreamA
URLOpenPullStreamW
GetClassURL
CoInternetGetSecurityUrl
HlinkNavigateString
FindMediaType
IsValidURL
HlinkGoBack
CreateURLMoniker
ObtainUserAgentString
URLDownloadToCacheFileW
SetSoftwareUpdateAdvertisementState
URLOpenStreamA
GetSoftwareUpdateInfo
UrlMkSetSessionOption
IsLoggingEnabledA
CreateAsyncBindCtxEx
CopyBindInfo
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2007:11:12 18:25:02+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
86016

LinkerVersion
6.0

EntryPoint
0x15086

InitializedDataSize
1187840

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 7ca93d8651b7b1695a3ce56bb842c5a1
SHA1 c535f6483f0b62f9bb18bfdef69339738b39db20
SHA256 decb2ae018e3af596db1369ae8fc157a1448d07be91789a7c3736108134c6419
ssdeep
3072:QPo+HTN4epjFS4zEATNcM2U2zOZz1OIC8C:ko+HTfp5VEAabkROIw

authentihash 823fe8d716761ddaf994f165b5b04ce70ce3d0b590ac11bc6aa6ca56d438aab1
imphash 76bd05e915bcf3582dcf46753929599b
File size 112.0 KB ( 114688 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (35.8%)
Win64 Executable (generic) (31.7%)
Windows screen saver (15.0%)
Win32 Dynamic Link Library (generic) (7.5%)
Win32 Executable (generic) (5.1%)
Tags
peexe

VirusTotal metadata
First submission 2015-06-26 09:00:15 UTC ( 2 years, 2 months ago )
Last submission 2016-05-19 09:50:32 UTC ( 1 year, 4 months ago )
File names 346_4.exe
14870c23dbf424bc602f0a961b70041081545505
V7BYA.lnk
346.exe
346[1].exe.2668.dr
7CA93D8651B7B1695A3CE56BB842C5A1
346[1].exe
decb2ae018e3af596db1369ae8fc157a1448d07be91789a7c3736108134c6419.exe
colchester-institute.com_346.exe
biksenpd.exe
7ca93d8651b7b1695a3ce56bb842c5a1.exe
346.exe
346.exe
rNmIDQG5.exe
346[1].exe.2692.dr
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Code injections in the following processes
Opened mutexes
Opened service managers
Runtime DLLs