× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: df24d322146a8a10fc87f20ff08bb1fa8972ae28666f6bca558358f66f8ab691
File name: 2013-12-23-malware.exe
Detection ratio: 13 / 48
Analysis date: 2013-12-26 02:09:41 UTC ( 5 years, 4 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.1472229 20131225
AntiVir TR/DirtyRansom.A.11 20131226
AVG Generic35.AXKM 20131225
BitDefender Trojan.GenericKD.1472229 20131226
Bkav HW32.CDB.91f2 20131225
DrWeb Trojan.Winlock.8811 20131226
Emsisoft Trojan.GenericKD.1472229 (B) 20131226
F-Secure Trojan.GenericKD.1472229 20131225
GData Trojan.GenericKD.1472229 20131226
Kaspersky HEUR:Trojan.Win32.Generic 20131226
Malwarebytes Trojan.Agent.ED 20131226
Microsoft Trojan:Win32/Meredrop 20131226
eScan Trojan.GenericKD.1472229 20131226
Yandex 20131225
AhnLab-V3 20131225
Antiy-AVL 20131225
Avast 20131226
Baidu-International 20131213
ByteHero 20130613
CAT-QuickHeal 20131222
ClamAV 20131226
CMC 20131224
Commtouch 20131226
Comodo 20131226
ESET-NOD32 20131225
F-Prot 20131226
Fortinet 20131226
Ikarus 20131226
Jiangmin 20131225
K7AntiVirus 20131224
K7GW 20131224
Kingsoft 20130829
McAfee 20131226
McAfee-GW-Edition 20131225
NANO-Antivirus 20131224
Norman 20131225
nProtect 20131225
Panda 20131225
Rising 20131223
Sophos AV 20131226001341
SUPERAntiSpyware 20131224
Symantec 20131226
TheHacker 20131223
TotalDefense 20131225
TrendMicro 20131226
TrendMicro-HouseCall 20131226
VBA32 20131225
VIPRE 20131226
ViRobot 20131225
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
PEiD Armadillo v1.71
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-12-23 17:32:16
Entry Point 0x0000322E
Number of sections 4
PE sections
PE imports
GetCurrentProcessId
OpenProcess
CreateFileW
GetStartupInfoW
CreateFileA
GetModuleFileNameA
GetModuleHandleW
Ord(3820)
Ord(4726)
Ord(4525)
Ord(5276)
Ord(2438)
Ord(5573)
Ord(4621)
Ord(1719)
Ord(4880)
Ord(527)
Ord(2980)
Ord(3386)
Ord(6371)
Ord(3907)
Ord(2486)
Ord(3394)
Ord(5237)
Ord(4891)
Ord(5208)
Ord(4073)
Ord(1089)
Ord(5996)
Ord(5278)
Ord(5006)
Ord(3733)
Ord(5736)
Ord(2244)
Ord(4934)
Ord(4523)
Ord(5247)
Ord(5727)
Ord(4362)
Ord(5303)
Ord(3744)
Ord(1822)
Ord(3449)
Ord(4616)
Ord(3167)
Ord(5298)
Ord(2873)
Ord(978)
Ord(3917)
Ord(4717)
Ord(2392)
Ord(1833)
Ord(1569)
Ord(4539)
Ord(6370)
Ord(815)
Ord(366)
Ord(3257)
Ord(2717)
Ord(5236)
Ord(4418)
Ord(6228)
Ord(2382)
Ord(2388)
Ord(5277)
Ord(5256)
Ord(6144)
Ord(6222)
Ord(6332)
Ord(4343)
Ord(2502)
Ord(6372)
Ord(3345)
Ord(4233)
Ord(1739)
Ord(4430)
Ord(3142)
Ord(3060)
Ord(3193)
Ord(5285)
Ord(4617)
Ord(2559)
Ord(6195)
Ord(4381)
Ord(338)
Ord(1724)
Ord(6264)
Ord(1165)
Ord(794)
Ord(4955)
Ord(561)
Ord(4526)
Ord(4234)
Ord(5473)
Ord(825)
Ord(4932)
Ord(4604)
Ord(5710)
Ord(641)
Ord(2390)
Ord(4146)
Ord(4401)
Ord(2242)
Ord(2874)
Ord(540)
Ord(6050)
Ord(3076)
Ord(2503)
Ord(1716)
Ord(4335)
Ord(4692)
Ord(4078)
Ord(4886)
Ord(1767)
Ord(384)
Ord(4831)
Ord(4480)
Ord(4229)
Ord(5055)
Ord(344)
Ord(823)
Ord(6267)
Ord(6048)
Ord(2047)
Ord(4537)
Ord(4954)
Ord(813)
Ord(2504)
Ord(5257)
Ord(800)
Ord(5157)
Ord(4852)
Ord(4298)
Ord(6051)
Ord(5261)
Ord(3074)
Ord(4334)
Ord(1934)
Ord(2613)
Ord(3592)
Ord(4609)
Ord(4884)
Ord(554)
Ord(3729)
Ord(324)
Ord(2619)
Ord(2575)
Ord(2977)
Ord(2116)
Ord(5233)
Ord(1718)
Ord(4714)
Ord(2641)
Ord(1834)
Ord(3053)
Ord(796)
Ord(4957)
Ord(674)
Ord(4527)
Ord(5070)
Ord(4236)
Ord(2746)
Ord(2618)
Ord(657)
Ord(4606)
Ord(3715)
Ord(6076)
Ord(2715)
Ord(4426)
Ord(3398)
Ord(784)
Ord(2535)
Ord(2560)
Ord(4414)
Ord(2410)
Ord(858)
Ord(4269)
Ord(4992)
Ord(5297)
Ord(4608)
Ord(4883)
Ord(5832)
Ord(4459)
Ord(4817)
Ord(686)
Ord(3476)
Ord(2377)
Ord(4893)
Ord(3825)
Ord(4419)
Ord(4074)
Ord(2857)
Ord(4397)
Ord(2640)
Ord(303)
Ord(2109)
Ord(3298)
Ord(4421)
Ord(6226)
Ord(807)
Ord(4520)
Ord(3254)
Ord(2506)
Ord(4947)
Ord(3341)
Ord(4237)
Ord(4434)
Ord(4451)
Ord(2421)
Ord(5193)
Ord(5273)
Ord(4582)
Ord(2878)
Ord(2534)
Ord(1817)
Ord(4347)
Ord(5248)
Ord(1658)
Ord(4623)
Ord(5249)
Ord(296)
Ord(2391)
Ord(5296)
Ord(4158)
Ord(4847)
Ord(1768)
Ord(4704)
Ord(3793)
Ord(5097)
Ord(3826)
Ord(3252)
Ord(2971)
Ord(5468)
Ord(1720)
Ord(4075)
Ord(652)
Ord(5255)
Ord(5094)
Ord(4420)
Ord(3220)
Ord(2756)
Ord(520)
Ord(4364)
Ord(4435)
Ord(1172)
Ord(4267)
Ord(4830)
Ord(4518)
Ord(6171)
Ord(2546)
Ord(4583)
Ord(3743)
Ord(6617)
Ord(2536)
Ord(986)
Ord(5813)
Ord(4239)
Ord(3054)
Ord(975)
Ord(6113)
Ord(4958)
Ord(3131)
Ord(4154)
__p__fmode
malloc
__wgetmainargs
fread
fclose
__dllonexit
fopen
_except_handler3
fseek
_onexit
ftell
exit
_XcptFilter
rewind
__setusermatherr
_controlfp
_wcmdln
_adjust_fdiv
__CxxFrameHandler
__p__commode
_initterm
_exit
__set_app_type
GetModuleFileNameExA
RedrawWindow
SetWindowLongW
SendMessageW
UpdateWindow
InflateRect
EnableWindow
GetWindowRect
GetClientRect
GetWindowLongW
Number of PE resources by type
RT_STRING 13
RT_DIALOG 2
RT_ICON 2
Struct(241) 1
RT_MENU 1
RT_ACCELERATOR 1
RT_BITMAP 1
PNG 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 19
NEUTRAL 4
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2013:12:23 18:32:16+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
12288

LinkerVersion
6.0

FileTypeExtension
exe

InitializedDataSize
98423

SubsystemVersion
4.0

EntryPoint
0x322e

OSVersion
4.0

ImageVersion
0.0

UninitializedDataSize
0

Compressed bundles
File identification
MD5 f73c538c1558b1e02f52743534ca967e
SHA1 8d9ae49e34be967f426813fd87f35554ad863d1b
SHA256 df24d322146a8a10fc87f20ff08bb1fa8972ae28666f6bca558358f66f8ab691
ssdeep
3072:MTbBo5a1rzu/4IVHELqYz3IZ9Ju/iBnX5a/:MTln998HrYDIDJuqBJq

authentihash bf7fc17a556b1632ee29ab5a88223c638226ea07d27f5bd2a6082e71b1454da2
imphash 0b1ff00b02232a92b79e8230da517464
File size 112.0 KB ( 114688 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (61.7%)
Win32 Dynamic Link Library (generic) (14.7%)
Win32 Executable (generic) (10.0%)
OS/2 Executable (generic) (4.5%)
Generic Win/DOS Executable (4.4%)
Tags
peexe armadillo

VirusTotal metadata
First submission 2013-12-26 02:09:41 UTC ( 5 years, 4 months ago )
Last submission 2018-03-11 21:57:43 UTC ( 1 year, 2 months ago )
File names 2013-12-23-malware.exe
malware.exe
HrIyTNom.exe
2013-12-23-malware.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Opened mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.