× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: e011ffa7bd71d098a032059b10983193fb1df5788f61f317b0f694ee6963d5e4
File name: e011ffa7bd71d098a032059b10983193fb1df5788f61f317b0f694ee6963d5e4.bin
Detection ratio: 21 / 54
Analysis date: 2014-06-21 11:40:47 UTC ( 3 years, 1 month ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Kazy.2137 20140621
AntiVir TR/Kryptik.avp.8 20140621
Avast Sf:Nuclear-B [Trj] 20140621
BitDefender Gen:Variant.Kazy.2137 20140621
Bkav HW32.Laneul.kccm 20140621
Comodo TrojWare.Win32.PSW.Fareit.AH 20140621
DrWeb Trojan.PWS.Stealer.origin 20140621
Emsisoft Gen:Variant.Kazy.2137 (B) 20140621
ESET-NOD32 a variant of Win32/PSW.Fareit.A 20140621
F-Prot W32/A-f0951580!Eldorado 20140621
F-Secure Gen:Variant.Kazy.2137 20140621
Fortinet W32/Kryptik.AVP!tr 20140621
GData Gen:Variant.Kazy.2137 20140621
Ikarus Trojan.Win32.Ransom 20140621
Kaspersky Trojan-PSW.Win32.Tepfer.gen 20140621
McAfee PWS-Zbot-FAVV!F2659A552502 20140621
McAfee-GW-Edition PWS-Zbot-FAVV!F2659A552502 20140621
Microsoft PWS:Win32/Fareit.gen!G 20140621
eScan Gen:Variant.Kazy.2137 20140621
Symantec Downloader.Ponik 20140621
VIPRE Trojan.Win32.Fareit.j (fs) 20140621
AegisLab 20140620
Yandex 20140620
AhnLab-V3 20140621
Antiy-AVL 20140619
AVG 20140621
Baidu-International 20140621
ByteHero 20140621
CAT-QuickHeal 20140621
ClamAV 20140621
CMC 20140621
Commtouch 20140621
Jiangmin 20140621
K7AntiVirus 20140621
K7GW 20140621
Kingsoft 20140621
Malwarebytes 20140621
NANO-Antivirus 20140621
Norman 20140621
nProtect 20140620
Panda 20140621
Qihoo-360 20140621
Rising 20140621
Sophos AV 20140621
SUPERAntiSpyware 20140620
Tencent 20140621
TheHacker 20140617
TotalDefense 20140621
TrendMicro 20140621
TrendMicro-HouseCall 20140621
VBA32 20140620
ViRobot 20140621
Zillya 20140620
Zoner 20140616
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-06-20 19:11:08
Entry Point 0x0000F522
Number of sections 3
PE sections
PE imports
RegOpenCurrentUser
RegOpenKeyA
RegCloseKey
GetUserNameA
RegQueryValueExA
RegSetValueExA
RegEnumValueA
IsTextUnicode
RegOpenKeyExA
RegCreateKeyA
RegEnumKeyExA
CreateToolhelp32Snapshot
GetLastError
Process32First
GetSystemInfo
lstrlenA
GetFileAttributesA
GetPrivateProfileSectionNamesA
LCMapStringA
GetTickCount
GetVersionExA
GlobalUnlock
LoadLibraryA
lstrlenW
Process32Next
GetCurrentProcess
GetCurrentDirectoryA
GetPrivateProfileStringA
GetLocaleInfoA
LocalAlloc
lstrcatA
GetPrivateProfileIntA
CreateDirectoryA
DeleteFileA
GetWindowsDirectoryA
MultiByteToWideChar
OpenProcess
GlobalLock
GetTempPathA
lstrcmpiA
WideCharToMultiByte
MapViewOfFile
GetModuleHandleA
lstrcmpA
ReadFile
SetUnhandledExceptionFilter
lstrcpyA
FindFirstFileA
CloseHandle
CreateFileMappingA
FindNextFileA
ExpandEnvironmentStringsA
LocalFree
UnmapViewOfFile
WriteFile
SetCurrentDirectoryA
FindClose
Sleep
CreateFileA
ExitProcess
GetProcAddress
GetFileSize
CreateStreamOnHGlobal
OleInitialize
CoTaskMemFree
CoCreateGuid
GetHGlobalFromStream
StrStrA
StrRChrIA
StrCmpNIA
StrToIntA
StrStrIA
ObtainUserAgentString
wsprintfA
LoadUserProfileA
UnloadUserProfile
InternetCrackUrlA
InternetCreateUrlA
setsockopt
socket
recv
inet_addr
send
WSAStartup
gethostbyname
connect
closesocket
select
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2014:06:20 20:11:08+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
68096

LinkerVersion
2.5

EntryPoint
0xf522

InitializedDataSize
19456

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

Compressed bundles
File identification
MD5 f2659a552502fbffc315f399f8a1f67d
SHA1 5945f50db6c1ace155e186a59d0451c600f73c3c
SHA256 e011ffa7bd71d098a032059b10983193fb1df5788f61f317b0f694ee6963d5e4
ssdeep
1536:nIGto2wQwgqTt/vV07lBfbmcTD9OemOU/TvekzbQTl2/C:I67kwBfbmVOAY4/C

authentihash c24457faabaf5d75ed1d9ff8d888448ad8548a6b35026509dc8c7f0fa88f7886
imphash 6d809cf712ffd89f86be8f79e3bcd47d
File size 85.0 KB ( 87040 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Windows screen saver (46.4%)
Win32 Dynamic Link Library (generic) (23.3%)
Win32 Executable (generic) (15.9%)
Generic Win/DOS Executable (7.0%)
DOS Executable Generic (7.0%)
Tags
peexe

VirusTotal metadata
First submission 2014-06-21 11:40:47 UTC ( 3 years, 1 month ago )
Last submission 2014-07-03 16:24:16 UTC ( 3 years ago )
File names exe.ex
F2659A552502FBFFC315F399F8A1F67D
file-7184298_bin
e011ffa7bd71d098a032059b10983193fb1df5788f61f317b0f694ee6963d5e4.bin
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
HTTP requests
DNS requests
TCP connections