× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: e13364a6111e57e764ca25121e440fdb47d2a4edb2b3520861488c182b48fefd
File name: e13364a6111e57e764ca25121e440fdb47d2a4edb2b3520861488c182b48fefd
Detection ratio: 14 / 57
Analysis date: 2015-03-23 17:25:52 UTC ( 4 years ago ) View latest
Antivirus Result Update
Avast Win32:Malware-gen 20150323
AVG Zbot.ZWY 20150323
Baidu-International Trojan.Win32.Zbot.ACB 20150323
Bkav HW32.Packed.858F 20150323
CMC Trojan.Win32.Krap.2!O 20150323
ESET-NOD32 Win32/Spy.Zbot.ACB 20150323
Kaspersky Trojan-Spy.Win32.Zbot.vfjx 20150323
McAfee Generic Obfuscated.g 20150323
Microsoft PWS:Win32/Zbot.gen!VM 20150323
Rising PE:Malware.XPACK-LNR/Heur!1.5594 20150323
Sophos AV Mal/Generic-S 20150323
Symantec Suspicious.Cloud 20150323
Tencent Trojan.Win32.YY.Gen.1 20150323
TrendMicro-HouseCall TROJ_GEN.R011B03CN15 20150323
Ad-Aware 20150323
AegisLab 20150323
Yandex 20150322
AhnLab-V3 20150323
Alibaba 20150323
ALYac 20150323
Antiy-AVL 20150323
Avira (no cloud) 20150324
AVware 20150323
BitDefender 20150323
ByteHero 20150323
CAT-QuickHeal 20150323
ClamAV 20150323
Comodo 20150323
Cyren 20150323
DrWeb 20150323
Emsisoft 20150323
F-Prot 20150323
F-Secure 20150323
Fortinet 20150323
GData 20150323
Ikarus 20150323
Jiangmin 20150322
K7AntiVirus 20150323
K7GW 20150323
Kingsoft 20150323
Malwarebytes 20150323
McAfee-GW-Edition 20150323
eScan 20150323
NANO-Antivirus 20150323
Norman 20150323
nProtect 20150323
Panda 20150323
Qihoo-360 20150323
SUPERAntiSpyware 20150321
TheHacker 20150322
TotalDefense 20150323
TrendMicro 20150323
VBA32 20150322
VIPRE 20150323
ViRobot 20150323
Zillya 20150323
Zoner 20150323
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © 2014

Publisher Starfish Software, Inc.
Product loadings neoprene
Original name progressing.exe
Internal name relative
File version 1, 0, 0, 1
Description metastasis
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2006-02-16 07:41:47
Entry Point 0x00003325
Number of sections 4
PE sections
Overlays
MD5 f2078aac36824c9eb18519a22207717f
File type data
Offset 126976
Size 142597
Entropy 7.79
PE imports
SetClusterGroupName
GetClusterNetInterface
ClusterRegQueryValue
ClusterResourceOpenEnum
AddClusterResourceDependency
DeleteClusterGroup
ClusterEnum
CloseClusterNetInterface
GetClusterNodeKey
ClusterNetInterfaceControl
DeleteClusterResource
OfflineClusterGroup
EvictClusterNode
SetClusterNetworkName
ClusterRegEnumKey
CloseClusterResource
CloseClusterNetwork
GetClusterNetInterfaceState
AddClusterResourceNode
CloseClusterGroup
ClusterNetworkControl
RegisterClusterNotify
DeleteClusterResourceType
OpenCluster
OpenClusterNetwork
GetClusterGroupState
PauseClusterNode
ClusterRegQueryInfoKey
ClusterNetworkEnum
GetClusterResourceNetworkName
RemoveClusterResourceDependency
RemoveClusterResourceNode
OpenClusterResource
GetClusterResourceState
CreateClusterGroup
ClusterRegDeleteKey
ClusterRegDeleteValue
ClusterRegSetKeySecurity
CanResourceBeDependent
ClusterResourceCloseEnum
ClusterNodeOpenEnum
OfflineClusterResource
ClusterGroupOpenEnum
ClusterGroupControl
ChangeClusterResourceGroup
CloseClusterNode
CloseCluster
OpenClusterNetInterface
GetClusterInformation
CreateClusterResourceType
ClusterResourceEnum
ClusterNodeCloseEnum
OnlineClusterGroup
CreateClusterResource
ClusterOpenEnum
ClusterRegEnumValue
SetClusterResourceName
GetClusterQuorumResource
GetClusterKey
ClusterCloseEnum
GetClusterNetworkState
GetClusterGroupKey
CloseClusterNotifyPort
ClusterNodeEnum
GetClusterNodeState
SetClusterQuorumResource
ImageList_Copy
Polygon
GdiGetBatchLimit
GetClipRgn
MoveToEx
CopyMetaFileW
SetDIBColorTable
EnumMetaFile
LineDDA
GetPrivateProfileSectionNamesA
FileTimeToSystemTime
GetOverlappedResult
HeapDestroy
GetPrivateProfileSectionNamesW
DefineDosDeviceW
DisconnectNamedPipe
GetConsoleMode
FreeEnvironmentStringsW
GetFileTime
GetTempPathA
GetCPInfo
FormatMessageW
EnumResourceLanguagesA
GetStringTypeW
GetFullPathNameA
HeapLock
FreeLibraryAndExitThread
BeginUpdateResourceW
GlobalCompact
GetStringTypeExW
AllocConsole
FindNextChangeNotification
EnumDateFormatsA
DebugBreak
VerLanguageNameA
GetEnvironmentVariableA
CopyFileW
GetLargestConsoleWindowSize
GetNumberOfConsoleInputEvents
HeapAlloc
VerLanguageNameW
FatalExit
FoldStringA
FatalAppExitW
GetVolumeInformationA
GetVolumeInformationW
EnumCalendarInfoW
GetProfileSectionA
FlushInstructionCache
GetProfileIntA
GlobalAddAtomW
GetMailslotInfo
GetStringTypeExA
ClearCommError
GlobalUnWire
GetDiskFreeSpaceExA
GetNumberFormatA
DebugActiveProcess
FindAtomA
GetCurrentThreadId
GetNumberFormatW
CallNamedPipeW
GetSystemTime
GetThreadPriorityBoost
GetLastError
GetVersionExW
GetTickCount
DisableThreadLibraryCalls
CallNamedPipeA
GetVersionExA
FillConsoleOutputCharacterW
EndUpdateResourceA
GetStartupInfoA
GetFileSize
AddAtomA
Process32First
DeleteFileA
GetCommProperties
GetStartupInfoW
GetPrivateProfileIntW
FillConsoleOutputAttribute
GenerateConsoleCtrlEvent
CreateFileMappingW
EnumResourceNamesW
GetTimeFormatW
GlobalReAlloc
ExpandEnvironmentStringsW
FlushFileBuffers
FindNextFileW
GlobalFix
GetProfileStringA
GetTimeFormatA
GetTempFileNameA
GetComputerNameA
GetBinaryTypeA
GetNamedPipeHandleStateW
CreateEventW
CreateEventA
GetFileType
GetPrivateProfileSectionA
CreateFileA
BuildCommDCBA
GlobalGetAtomNameW
DosDateTimeToFileTime
GetShortPathNameW
FindFirstChangeNotificationA
GlobalFree
CompareStringW
DefineDosDeviceA
GetEnvironmentStringsW
GetDevicePowerState
CreateNamedPipeA
GetShortPathNameA
EnumTimeFormatsW
GetEnvironmentStrings
BuildCommDCBAndTimeoutsA
GetDiskFreeSpaceExW
GetCommandLineW
GetBinaryTypeW
GetCPInfoExA
HeapSize
GetCommandLineA
CancelIo
EnumSystemCodePagesA
GetPriorityClass
GetACP
FreeResource
GetFileAttributesExW
GetSystemTimeAdjustment
CreateProcessA
FindResourceW
GetFileAttributesExA
GetProcessVersion
EnumResourceNamesA
FindResourceA
LZDone
GetExpandedNameW
CopyLZFile
LZOpenFileA
GetExpandedNameA
WNetGetNetworkInformationA
WNetGetProviderNameW
WNetGetNetworkInformationW
WNetDisconnectDialog
WNetCancelConnectionW
WNetGetProviderNameA
WNetUseConnectionA
WNetGetUniversalNameW
WNetAddConnection2W
WNetGetConnectionA
WNetAddConnection2A
WNetGetUniversalNameA
WNetUseConnectionW
WNetGetLastErrorA
MultinetGetConnectionPerformanceW
WNetEnumResourceA
WNetOpenEnumW
WNetAddConnectionW
WNetOpenEnumA
MultinetGetConnectionPerformanceA
WNetEnumResourceW
WNetGetLastErrorW
WNetAddConnectionA
WNetGetUserA
WNetCloseEnum
WNetConnectionDialog1A
WNetDisconnectDialog1W
WNetAddConnection3W
WNetCancelConnection2W
WNetConnectionDialog1W
WNetAddConnection3A
WNetCancelConnection2A
WNetDisconnectDialog1A
AlphaBlend
_except_handler3
VarI4FromBool
VarR8FromI2
VarI1FromI4
OleLoadPictureFile
VarI1FromUI2
VarCyMul
VarUI1FromDisp
VarUI4FromBool
SetErrorInfo
SafeArrayAllocData
RasEnumConnectionsA
RasValidateEntryNameA
RasRenameEntryW
RasGetProjectionInfoW
RasValidateEntryNameW
RasEnumConnectionsW
RasCreatePhonebookEntryA
RasGetEntryPropertiesA
RasEnumEntriesW
RasHangUpW
RasSetEntryDialParamsA
RasGetEntryPropertiesW
RasGetProjectionInfoA
RasEditPhonebookEntryW
RasEnumEntriesA
RasGetCountryInfoA
RasGetConnectStatusW
RasGetEntryDialParamsA
RasGetConnectStatusA
RasSetEntryPropertiesW
RasGetEntryDialParamsW
RasDeleteEntryW
RasEnumDevicesW
RasDialW
RasEnumDevicesA
RasGetErrorStringA
RasEditPhonebookEntryA
SHGetPathFromIDListW
SHGetSpecialFolderPathW
SHBrowseForFolderA
SHGetDataFromIDListA
CommandLineToArgvW
LoadMenuIndirectA
CharLowerA
HiliteMenuItem
UpdateWindow
IsCharLowerA
LoadBitmapW
PostMessageA
SetCaretPos
EnableScrollBar
CharLowerW
CharPrevExA
SetParent
DefMDIChildProcA
PtInRect
IsDialogMessageA
SetCursor
CoFileTimeNow
OleLockRunning
OleConvertIStorageToOLESTREAM
IIDFromString
FmtIdToPropStgName
StgOpenStorageOnILockBytes
CoGetTreatAsClass
ReadClassStg
STGMEDIUM_UserFree
ReleaseStgMedium
OleSetContainedObject
CoRegisterMallocSpy
GetConvertStg
OleSave
CoRegisterMessageFilter
StgOpenPropStg
OleDuplicateData
CoIsOle1Class
CreateILockBytesOnHGlobal
CoRevokeMallocSpy
OleSetAutoConvert
OleNoteObjectVisible
GetClassFile
OleCreateLinkFromDataEx
CoIsHandlerConnected
HACCEL_UserFree
GetRunningObjectTable
CLSIDFromProgID
CreateBindCtx
CoGetStdMarshalEx
BindMoniker
WriteFmtUserTypeStg
Number of PE resources by type
RT_MENU 1
RT_VERSION 1
RT_HTML 1
Number of PE resources by language
ENGLISH US 3
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
6.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.0.0.1

UninitializedDataSize
0

LanguageCode
Russian

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
549376

EntryPoint
0x3325

OriginalFileName
progressing.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright 2014

FileVersion
1, 0, 0, 1

TimeStamp
2006:02:16 08:41:47+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
relative

ProductVersion
1, 0, 0, 1

FileDescription
metastasis

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Starfish Software, Inc.

CodeSize
88576

ProductName
loadings neoprene

ProductVersionNumber
1.0.0.1

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 26b0680eba64c0d4b77cdac414c5af56
SHA1 1f756cda9e7accce8f34b0637fe7cf0f4eecebd2
SHA256 e13364a6111e57e764ca25121e440fdb47d2a4edb2b3520861488c182b48fefd
ssdeep
6144:nIYPD4+xqU1XbDxB2gGgMM13/NQi6kdxD:I6V1xB3Z13Gindx

authentihash 21098e1c1c61811040d59be78e605f81959c0b97807e128b230f88f933526200
imphash 7cdfc13d6ef00417964c9e88d260ccd7
File size 263.3 KB ( 269573 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe overlay

VirusTotal metadata
First submission 2015-03-23 17:25:52 UTC ( 4 years ago )
Last submission 2015-04-14 03:15:31 UTC ( 3 years, 11 months ago )
File names relative
progressing.exe
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created processes
Opened mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
UDP communications