× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: df2db31cb026283885a80dcd62ecf1b23aa41c124b722c9d88ecc18f622014f0
File name: DF2DB31CB026283885A80DCD62ECF1B23AA41C124B722C9D88ECC18F622014F0
Detection ratio: 9 / 67
Analysis date: 2018-11-06 12:05:12 UTC ( 6 months, 3 weeks ago ) View latest
Antivirus Result Update
Bkav W32.eHeur.Malware09 20181106
CrowdStrike Falcon (ML) malicious_confidence_90% (D) 20181022
Cylance Unsafe 20181106
Endgame malicious (moderate confidence) 20180730
Microsoft Trojan:Win32/Azden.A!cl 20181106
Rising Malware.Heuristic!ET#84% (RDM+:cmRtazqDIy9wWehaFRkVmBRWxSuY) 20181106
SentinelOne (Static ML) static engine - malicious 20181011
TrendMicro TrojanSpy.Win32.URSNIF.SMKA0.hp 20181106
TrendMicro-HouseCall TrojanSpy.Win32.URSNIF.SMKA0.hp 20181106
Ad-Aware 20181106
AegisLab 20181106
AhnLab-V3 20181106
Alibaba 20180921
ALYac 20181106
Antiy-AVL 20181106
Arcabit 20181106
Avast 20181106
Avast-Mobile 20181106
AVG 20181106
Avira (no cloud) 20181106
Babable 20180918
Baidu 20181106
BitDefender 20181106
CAT-QuickHeal 20181105
ClamAV 20181106
CMC 20181106
Cybereason 20180225
Cyren 20181106
DrWeb 20181106
eGambit 20181106
Emsisoft 20181106
ESET-NOD32 20181106
F-Prot 20181106
F-Secure 20181106
Fortinet 20181106
GData 20181106
Ikarus 20181106
Sophos ML 20180717
Jiangmin 20181106
K7AntiVirus 20181106
K7GW 20181106
Kaspersky 20181106
Kingsoft 20181106
Malwarebytes 20181106
MAX 20181106
McAfee 20181106
McAfee-GW-Edition 20181106
eScan 20181106
NANO-Antivirus 20181106
Palo Alto Networks (Known Signatures) 20181106
Panda 20181105
Qihoo-360 20181106
Sophos AV 20181106
SUPERAntiSpyware 20181031
Symantec 20181106
Symantec Mobile Insight 20181105
TACHYON 20181106
Tencent 20181106
TheHacker 20181104
TotalDefense 20181106
Trustlook 20181106
VBA32 20181106
ViRobot 20181106
Webroot 20181106
Yandex 20181102
Zillya 20181105
ZoneAlarm by Check Point 20181106
Zoner 20181106
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © 2007- 2014 The Nerdery Sail

Internal name Secondduck
File version 13.0.97.22
Description Secondduck
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2011-11-06 10:52:45
Entry Point 0x00018C0D
Number of sections 5
PE sections
PE imports
RegCreateKeyExW
SetSecurityDescriptorOwner
RegCloseKey
OpenServiceW
LookupPrivilegeValueW
RegEnumKeyW
RegQueryValueExW
SetSecurityDescriptorDacl
OpenProcessToken
QueryServiceStatus
RegOpenKeyExW
RegOpenKeyW
SetServiceStatus
RegisterServiceCtrlHandlerW
OpenThreadToken
RegSetValueExW
FreeSid
OpenSCManagerW
AllocateAndInitializeSid
InitializeSecurityDescriptor
StartServiceCtrlDispatcherW
SetSecurityDescriptorGroup
SelectClipRgn
GetPixel
GetStockObject
CreateRectRgn
CreateFontW
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
SetHandleCount
LoadLibraryW
GetConsoleCP
GetOEMCP
QueryPerformanceCounter
IsDebuggerPresent
GetTickCount
TlsAlloc
GetEnvironmentStringsW
FlushFileBuffers
RtlUnwind
CopyFileW
IsProcessorFeaturePresent
HeapSetInformation
GetCurrentProcess
EnumSystemLocalesA
GetStartupInfoW
GetConsoleMode
GetLocaleInfoA
GetCurrentProcessId
WriteConsoleW
LoadLibraryExW
GetCommandLineW
WideCharToMultiByte
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
HeapSize
FreeEnvironmentStringsW
CreateDirectoryW
GetUserDefaultLCID
EncodePointer
GetLocaleInfoW
SetStdHandle
GetModuleFileNameW
RaiseException
InitializeCriticalSection
GetCPInfo
GetProcAddress
TlsFree
SetFilePointer
DeleteCriticalSection
ReadFile
InterlockedExchange
SetUnhandledExceptionFilter
WriteFile
DecodePointer
CloseHandle
GetSystemTimeAsFileTime
IsValidLocale
GetACP
HeapReAlloc
GetStringTypeW
GetModuleHandleW
HeapAlloc
TerminateProcess
ResetEvent
IsValidCodePage
HeapCreate
GetTempPathW
CreateFileW
VirtualFree
TlsGetValue
Sleep
GetFileType
TlsSetValue
ExitProcess
GetCurrentThreadId
InterlockedIncrement
VirtualAlloc
GetFileSize
SetLastError
LeaveCriticalSection
StiCreateInstanceW
SetWindowLongW
GetIconInfo
TrackPopupMenu
IsDialogMessageW
GetActiveWindow
LoadBitmapW
SetWindowTextW
AppendMenuW
SendMessageTimeoutW
FillRect
PostMessageW
DrawFrameControl
CheckDlgButton
AddPrinterConnectionW
AddPrinterDriverExW
EnumFormsW
EnumPortsW
ReadPrinter
AddMonitorW
GetPrinterDataW
EnumPrintProcessorsW
WritePrinter
DeletePortW
SetFormW
AddJobW
ResetPrinterW
OpenPrinterW
DeletePrinter
GetPrinterDataExW
GetPrinterW
ConfigurePortW
EnumPrinterDataExW
EnumPrinterDriversW
DeleteMonitorW
AbortPrinter
EnumPrinterDataW
DeletePrintProcessorW
XcvDataW
ClosePrinter
DeletePrinterConnectionW
SetPortW
EndPagePrinter
SetPrinterDataExW
StartPagePrinter
EnumPrintersW
ScheduleJob
DeletePrinterDataW
SetJobW
EnumMonitorsW
GetJobW
DeletePrinterKeyW
AddPortW
DeletePrinterDriverW
GetFormW
AddPrinterDriverW
EnumJobsW
DeletePrintProvidorW
GetPrinterDriverW
DeletePrinterDataExW
AddPrintProvidorW
DeleteFormW
EnumPrinterKeyW
PrinterMessageBoxW
DeletePrinterDriverExW
WaitForPrinterChange
FlushPrinter
GetPrintProcessorDirectoryW
GetPrinterDriverDirectoryW
StartDocPrinterW
FindClosePrinterChangeNotification
AddPrintProcessorW
SetPrinterDataW
EnumPrintProcessorDatatypesW
EndDocPrinter
AddPrinterW
AddFormW
CoUninitialize
CoTaskMemFree
CoInitialize
CoTaskMemAlloc
CoRevokeClassObject
Number of PE resources by type
RT_ICON 9
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 12
PE resources
Debug information
ExifTool file metadata
LegalTrademarks
Secondduck

SubsystemVersion
5.1

InitializedDataSize
297984

ImageVersion
0.0

FileVersionNumber
13.0.97.22

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unicode

LinkerVersion
10.0

FileTypeExtension
exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
13.0.97.22

TimeStamp
2011:11:06 11:52:45+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Secondduck

FileDescription
Secondduck

OSVersion
5.1

FileOS
Win32

LegalCopyright
Copyright 2007- 2014 The Nerdery Sail

MachineType
Intel 386 or later, and compatibles

CompanyName
The Nerdery Sail

CodeSize
166400

FileSubtype
0

ProductVersionNumber
13.0.97.22

EntryPoint
0x18c0d

ObjectFileType
Executable application

File identification
MD5 62950c52ec2a4de9c965da551c5b9c1e
SHA1 e502a3b997d1568cd1b690473cee417507677197
SHA256 df2db31cb026283885a80dcd62ecf1b23aa41c124b722c9d88ecc18f622014f0
ssdeep
6144:SuNrFGa2BRo5PWTb5ZQj1b+In279V0w5RsfYKBTYkR:SuvG3BRKCZQBVq9V0w5qYK+

authentihash 8fccab6680c1c827d3e66ee6e702901b3aaf551b3b4941fef7011fdf51a7cc6d
imphash 3690739fc68fb27cae3f9531aaab3313
File size 413.0 KB ( 422912 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2018-11-06 12:05:02 UTC ( 6 months, 3 weeks ago )
Last submission 2018-11-14 07:23:21 UTC ( 6 months, 1 week ago )
File names 44.exe
0394735.exe
30170203.exe
95759.exe
4231919.exe
62950c52ec2a4de9c965da551c5b9c1e
51913651.exe
80.exe
678.exe
6705.exe
773.exe
650334.exe
26.exe
5.exe
46.exe
59329733.exe
7151.exe
4451.exe
682.exe
12.exe.5.dr
0.exe
44252173.exe
6.exe
05930.exe
13.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Moved files
Deleted files
Created processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs