× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: e411716ce24825e69335024394d020f41561af38eab68386f72ab1644e7a04f3
File name: specials.php%3fblue=282&request=4&cert=477&students=171&flash=499...
Detection ratio: 8 / 48
Analysis date: 2014-01-16 03:55:09 UTC ( 4 years, 11 months ago ) View latest
Antivirus Result Update
CMC Packed.Win32.Zcrypt.3!O 20140115
ESET-NOD32 a variant of Win32/Injector.AVKE 20140116
Fortinet W32/Tepfer.AAX!tr.pws 20140116
Kaspersky Trojan-PSW.Win32.Fareit.ancq 20140116
Malwarebytes Spyware.Passwords.ED 20140116
McAfee-GW-Edition Heuristic.BehavesLike.Win32.Suspicious-BAY.G 20140116
Rising PE:Trojan.Injector!1.9DEE 20140115
TotalDefense Win32/Inject.C!generic 20140115
Ad-Aware 20140116
Yandex 20140115
AntiVir 20140116
Antiy-AVL 20140115
Avast 20140116
AVG 20140115
Baidu-International 20131213
BitDefender 20140116
Bkav 20140116
ByteHero 20140114
CAT-QuickHeal 20140115
ClamAV 20140116
Commtouch 20140116
Comodo 20140116
DrWeb 20140116
Emsisoft 20140116
F-Prot 20140116
F-Secure 20140116
GData 20140116
Ikarus 20140116
Jiangmin 20140115
K7AntiVirus 20140115
K7GW 20140115
Kingsoft 20130829
McAfee 20140116
Microsoft 20140116
eScan 20140116
NANO-Antivirus 20140116
Norman 20140115
nProtect 20140116
Panda 20140115
Sophos AV 20140116
SUPERAntiSpyware 20140116
Symantec 20140116
TheHacker 20140115
TrendMicro 20140115
TrendMicro-HouseCall 20140116
VBA32 20140115
VIPRE 20140116
ViRobot 20140115
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Publisher ergrghuyje
Product ezefhyrhyy
File version 3.8
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1972-07-28 07:49:14
Entry Point 0x00001000
Number of sections 5
PE sections
PE imports
InitCommonControlsEx
GetObjectA
DeleteDC
DeleteObject
BitBlt
GetStockObject
CreateBitmap
SetPixel
GetDIBits
SelectObject
CreateDIBSection
CreateCompatibleDC
GetObjectType
HeapFree
EnterCriticalSection
FileTimeToSystemTime
FreeLibrary
HeapDestroy
ExitProcess
TlsAlloc
GetVersionExA
LoadLibraryA
GetLocalTime
DeleteCriticalSection
FileTimeToLocalFileTime
GetProcAddress
GetModuleHandleA
WideCharToMultiByte
SetFilePointer
FindFirstFileA
WriteFile
CloseHandle
HeapReAlloc
InitializeCriticalSection
HeapCreate
FindClose
Sleep
SetEndOfFile
CreateFileA
HeapAlloc
LeaveCriticalSection
_CIasin
malloc
fabs
floor
log10
memset
fclose
strcat
free
_stricmp
memmove
mktime
strcpy
sprintf
_CIatan
ceil
strlen
memcpy
localtime
RevokeDragDrop
CoUninitialize
CoInitialize
RemovePropA
LoadCursorA
LoadIconA
DestroyIcon
UnregisterClassA
FillRect
DestroyAcceleratorTable
SendMessageA
GetWindow
SetActiveWindow
DestroyWindow
mciSendCommandA
WSAStartup
closesocket
WSACleanup
Number of PE resources by type
RT_ICON 6
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 8
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
2.51

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
0.0.0.0

LanguageCode
Unknown (1007)

FileFlagsMask
0x0000

CharacterSet
Unicode

InitializedDataSize
19968

MIMEType
application/octet-stream

FileVersion
3.8

TimeStamp
1972:07:28 08:49:14+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
3.8

SubsystemVersion
4.0

OSVersion
4.0

FileOS
DOS

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
ergrghuyje

CodeSize
328965

ProductName
ezefhyrhyy

ProductVersionNumber
0.0.0.0

EntryPoint
0x1000

ObjectFileType
Executable application

PCAP parents
File identification
MD5 f4f5b9b1c2308102a9944bb710791dd5
SHA1 72aa3a639be9b471bc3d9857018355303276d100
SHA256 e411716ce24825e69335024394d020f41561af38eab68386f72ab1644e7a04f3
ssdeep
6144:QhPrLWN+syxf30/ppEdpQXU9PL1xE20mCS+rrnNXQLPMCQsX0bEhQq7tp8Wow3iJ:QZPoyxfk6mXe127hgLOm5hf7tmWAljv

File size 429.1 KB ( 439415 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.2%)
Win32 Executable (generic) (26.2%)
Win16/32 Executable Delphi generic (12.0%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2014-01-16 03:55:09 UTC ( 4 years, 11 months ago )
Last submission 2014-01-18 15:15:00 UTC ( 4 years, 11 months ago )
File names 5nwzvip0.exe
specials.php%3fblue=282&request=4&cert=477&students=171&flash=499&stats=184&polls=711&skins=152&fonts=336
specials.php
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
Behaviour characterization
Zemana
dll-injection

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created processes
Terminated processes
Opened mutexes
Runtime DLLs
UDP communications