× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: e0d56d56cc2601c9ffd1e1fad95b242a8f68bace2b0ca1aebb178edcb027ba3e
File name: k1.exe
Detection ratio: 18 / 54
Analysis date: 2014-07-01 18:40:14 UTC ( 4 years, 8 months ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKD.1733767 20140701
AhnLab-V3 Trojan/Win32.Agent 20140701
AVG Crypt3.ABOX 20140701
BitDefender Trojan.GenericKD.1733767 20140701
CMC Packed.Win32.TDSS.1!O 20140630
Emsisoft Trojan.GenericKD.1733767 (B) 20140701
ESET-NOD32 a variant of Win32/Kryptik.CDIK 20140701
F-Secure Trojan.GenericKD.1733767 20140701
Fortinet W32/Kryptik.CDIK!tr 20140701
GData Trojan.GenericKD.1733767 20140701
Kaspersky Trojan-Spy.Win32.Zbot.tjuz 20140701
Malwarebytes Trojan.Ransom.ED 20140701
McAfee-GW-Edition Heuristic.LooksLike.Win32.Suspicious.J 20140701
Microsoft PWS:Win32/Zbot 20140701
eScan Trojan.GenericKD.1733767 20140701
Panda Trj/CI.A 20140701
Rising PE:Malware.XPACK-LNR/Heur!1.5594 20140701
Symantec WS.Reputation.1 20140701
AegisLab 20140701
Yandex 20140630
AntiVir 20140701
Antiy-AVL 20140701
Avast 20140701
Baidu-International 20140701
Bkav 20140701
ByteHero 20140701
CAT-QuickHeal 20140701
ClamAV 20140701
Commtouch 20140701
Comodo 20140701
DrWeb 20140701
F-Prot 20140701
Ikarus 20140701
Jiangmin 20140701
K7AntiVirus 20140701
K7GW 20140701
Kingsoft 20140701
McAfee 20140701
NANO-Antivirus 20140701
Norman 20140701
nProtect 20140701
Qihoo-360 20140701
Sophos AV 20140701
SUPERAntiSpyware 20140701
Tencent 20140701
TheHacker 20140630
TotalDefense 20140701
TrendMicro 20140701
TrendMicro-HouseCall 20140701
VBA32 20140701
VIPRE 20140701
ViRobot 20140701
Zillya 20140701
Zoner 20140701
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2005-06-17 15:03:00
Entry Point 0x00001000
Number of sections 6
PE sections
PE imports
GetDeviceCaps
DeleteDC
CreateFontIndirectW
GetStockObject
GetObjectW
BitBlt
CreateCompatibleDC
DeleteObject
CreateCompatibleBitmap
GlobalGetAtomNameW
Toolhelp32ReadProcessMemory
FileTimeToDosDateTime
EnumSystemLocalesW
GetEnvironmentStringsA
GetTapeStatus
GetDriveTypeA
QueryPerformanceCounter
AssignProcessToJobObject
IsBadWritePtr
SetThreadPriorityBoost
GlobalUnlock
lstrcmpiW
EndUpdateResourceA
FillConsoleOutputCharacterW
GetSystemDefaultLangID
OpenProcess
GetProfileSectionW
WritePrivateProfileSectionW
SetErrorMode
ClearCommBreak
SetCommMask
GetBinaryTypeA
ReadProcessMemory
GetDateFormatW
GetProcessHeap
GetTimeFormatW
CreateDirectoryExW
ReadFileEx
LocalFlags
SetNamedPipeHandleState
SetUnhandledExceptionFilter
LocalShrink
SetHandleInformation
SetThreadExecutionState
SetFileAttributesA
FindCloseChangeNotification
GetProcessShutdownParameters
GetStringTypeExW
AllocConsole
GetPrivateProfileSectionA
GetStringTypeExA
GetModuleHandleA
GetClipboardFormatNameA
ChangeMenuA
mouse_event
HideCaret
PostQuitMessage
GetShellWindow
GetForegroundWindow
SetMenuItemInfoW
RemoveMenu
Number of PE resources by type
RT_GROUP_CURSOR 1
RT_CURSOR 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 2
GERMAN 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2005:06:17 16:03:00+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
166400

LinkerVersion
1.64

FileAccessDate
2014:07:01 19:32:00+01:00

EntryPoint
0x1000

InitializedDataSize
50197

SubsystemVersion
4.1

ImageVersion
0.0

OSVersion
1.0

FileCreateDate
2014:07:01 19:32:00+01:00

UninitializedDataSize
0

File identification
MD5 62201cbff13519139619c75003954d02
SHA1 7aaca76f4604b3d17cfccd741804433aef0c30df
SHA256 e0d56d56cc2601c9ffd1e1fad95b242a8f68bace2b0ca1aebb178edcb027ba3e
ssdeep
1536:kR5Xmjlwmlhh2fbTJaLUg2wJ0v7dOe5NrzUwcgwp93AmOp6HtBtmOQB:kRxmB1ob60Ye51zUwcSINBtmOQB

imphash 58881b2724449c84b9da4dac16e4618c
File size 212.5 KB ( 217600 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable (generic) (42.4%)
Win16/32 Executable Delphi generic (19.5%)
Generic Win/DOS Executable (18.8%)
DOS Executable Generic (18.8%)
VXD Driver (0.2%)
Tags
peexe

VirusTotal metadata
First submission 2014-07-01 18:40:14 UTC ( 4 years, 8 months ago )
Last submission 2014-07-01 18:40:14 UTC ( 4 years, 8 months ago )
File names k1.exe
HD4C3D.lnk
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.