× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: df7e2e1bf60b8e4b2a34207a53e9d031c3746c0f8d2b3cd0209c88e149a7c02f
File name: 66d296d6fc4de9f4fe3b02506adacbdb.dec
Detection ratio: 29 / 56
Analysis date: 2015-07-21 07:51:28 UTC ( 2 years, 6 months ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Dyzap.16 20150721
ALYac Gen:Variant.Dyzap.16 20150721
Antiy-AVL Trojan/Win32.SGeneric 20150721
Arcabit Trojan.Dyzap.16 20150721
Avast Win32:Agent-AZRU [Trj] 20150721
AVG Crypt4.BKFF.dropper 20150721
Avira (no cloud) W32/Etap 20150721
AVware BehavesLike.Win32.Malware.bsf (vs) 20150721
BitDefender Gen:Variant.Dyzap.16 20150721
ByteHero Virus.Win32.Part.a 20150721
Comodo TrojWare.Win32.PWS.Dyzap.MY 20150721
Cyren W32/Dropper.gen8!Maximus 20150721
DrWeb Trojan.MulDrop5.61911 20150721
Emsisoft Gen:Variant.Dyzap.16 (B) 20150721
ESET-NOD32 a variant of Win32/Exploit.CVE-2013-3660.P 20150721
F-Prot W32/Dropper.gen8!Maximus 20150721
F-Secure Gen:Variant.Dyzap.16 20150721
Fortinet W32/Sikutan.C!tr 20150721
GData Gen:Variant.Dyzap.16 20150721
Ikarus Trojan.Win32.Crypt 20150721
Malwarebytes Spyware.Dyre 20150721
Microsoft TrojanDropper:Win32/Evotob.B 20150721
eScan Gen:Variant.Dyzap.16 20150721
Panda Trj/Genetic.gen 20150720
Sophos AV Mal/Generic-S 20150721
TrendMicro TSPY_DYRE.YYSLS 20150721
TrendMicro-HouseCall TSPY_DYRE.YYSLS 20150721
VBA32 suspected of Trojan.Downloader.gen.h 20150721
VIPRE BehavesLike.Win32.Malware.bsf (vs) 20150721
AegisLab 20150720
Yandex 20150720
AhnLab-V3 20150721
Alibaba 20150721
Baidu-International 20150720
Bkav 20150720
CAT-QuickHeal 20150721
ClamAV 20150720
Jiangmin 20150720
K7AntiVirus 20150721
K7GW 20150721
Kaspersky 20150721
Kingsoft 20150721
McAfee 20150721
McAfee-GW-Edition 20150721
NANO-Antivirus 20150721
nProtect 20150720
Qihoo-360 20150721
Rising 20150720
SUPERAntiSpyware 20150721
Symantec 20150721
Tencent 20150721
TheHacker 20150717
TotalDefense 20150720
ViRobot 20150721
Zillya 20150721
Zoner 20150721
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
F-PROT embedded
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-07-16 10:37:22
Entry Point 0x0000167F
Number of sections 5
PE sections
PE imports
GetTokenInformation
GetSidSubAuthorityCount
LookupPrivilegeValueA
GetSidSubAuthority
RegCloseKey
OpenProcessToken
AdjustTokenPrivileges
FreeSid
RegQueryValueExA
AllocateAndInitializeSid
RegEnumKeyA
RegSetValueExA
EqualSid
RegOpenKeyExA
CreateToolhelp32Snapshot
GetLastError
HeapFree
OpenProcess
GetSystemInfo
lstrcpynA
lstrcmpiA
CopyFileA
ExitProcess
FlushFileBuffers
GetVersionExA
LoadLibraryA
lstrcmpiW
Process32Next
Process32NextW
HeapAlloc
GetCurrentProcess
SizeofResource
lstrlenA
LocalAlloc
Process32First
LockResource
CreateDirectoryA
DeleteFileA
DeleteFileW
lstrcatW
TerminateThread
Process32FirstW
GetProcessHeap
GetModuleFileNameW
SetFilePointer
GetTempPathA
CreateThread
GetFileAttributesA
GetModuleHandleA
lstrcmpA
lstrcatA
lstrcpyA
CloseHandle
GetComputerNameA
ExpandEnvironmentStringsA
LocalFree
TerminateProcess
CreateProcessA
GetModuleFileNameA
GetEnvironmentVariableA
LoadResource
WriteFile
Sleep
CreateFileA
GetTickCount
FindResourceA
GetCurrentProcessId
GetProcAddress
ShellExecuteExA
ShellExecuteExW
PathRemoveArgsA
PathRemoveFileSpecW
PathRemoveFileSpecA
PathGetArgsA
GetWindowLongA
RemovePropA
CreatePopupMenu
wsprintfA
SetPropA
GetMenuItemRect
RegisterClassExW
EnumWindows
DefWindowProcW
SendMessageA
EnableScrollBar
GetClassNameA
GetDlgItem
CreateWindowExW
wvsprintfA
SwitchToThisWindow
GetClientRect
GetPropA
SetActiveWindow
DestroyWindow
IsThemeActive
InternetConnectA
HttpOpenRequestA
HttpSendRequestA
InternetCloseHandle
InternetOpenA
ZwQueryInformationProcess
_chkstk
strcat
RtlAdjustPrivilege
strcpy
Number of PE resources by type
RT_RCDATA 1
Number of PE resources by language
ENGLISH US 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2015:07:16 11:37:22+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
31232

LinkerVersion
10.0

FileTypeExtension
exe

InitializedDataSize
689664

SubsystemVersion
5.1

EntryPoint
0x167f

OSVersion
5.1

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 398e254b22dd998acaf3abce011e88a1
SHA1 ac6546e10599b19a03967d2c5fcd7654b9910cbb
SHA256 df7e2e1bf60b8e4b2a34207a53e9d031c3746c0f8d2b3cd0209c88e149a7c02f
ssdeep
12288:QegUyppsNNxmNN85p2NNoVwxZuZTeQ4daqtLXSHDsUqMeWf2mEYdVUZz:3dNNENNdNNRzN9df1ksra2mESUt

authentihash d767f2e74d634314f2a418a93e0dca19906cdcf7aa4594f591ba40cfb932a04c
imphash 43a8f44d23ef4c62cdf4689724d4a037
File size 705.0 KB ( 721920 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (35.8%)
Win64 Executable (generic) (31.7%)
Windows screen saver (15.0%)
Win32 Dynamic Link Library (generic) (7.5%)
Win32 Executable (generic) (5.1%)
Tags
peexe cve-2013-3660 exploit

VirusTotal metadata
First submission 2015-07-21 07:51:28 UTC ( 2 years, 6 months ago )
Last submission 2015-07-21 07:51:28 UTC ( 2 years, 6 months ago )
File names 66d296d6fc4de9f4fe3b02506adacbdb.dec
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
TCP connections