× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: e4de1d084bee03cc2c32f0debfbea477b1c5caa1edfe5845505585d8620937a2
File name: log.exe
Detection ratio: 2 / 57
Analysis date: 2015-03-11 16:32:36 UTC ( 4 years, 2 months ago ) View latest
Antivirus Result Update
NANO-Antivirus Trojan.Win32.Androm.dozilw 20150311
Qihoo-360 HEUR/QVM07.1.Malware.Gen 20150311
Ad-Aware 20150311
AegisLab 20150311
Yandex 20150311
AhnLab-V3 20150311
Alibaba 20150311
ALYac 20150312
Antiy-AVL 20150311
Avast 20150311
AVG 20150311
Avira (no cloud) 20150311
AVware 20150312
Baidu-International 20150311
BitDefender 20150311
Bkav 20150311
ByteHero 20150311
CAT-QuickHeal 20150311
ClamAV 20150311
CMC 20150304
Comodo 20150311
Cyren 20150311
DrWeb 20150311
Emsisoft 20150311
ESET-NOD32 20150311
F-Prot 20150311
F-Secure 20150311
Fortinet 20150310
GData 20150311
Ikarus 20150311
Jiangmin 20150310
K7AntiVirus 20150311
K7GW 20150311
Kaspersky 20150311
Kingsoft 20150311
Malwarebytes 20150311
McAfee 20150311
McAfee-GW-Edition 20150311
Microsoft 20150311
eScan 20150311
Norman 20150311
nProtect 20150311
Panda 20150311
Rising 20150311
Sophos AV 20150311
SUPERAntiSpyware 20150311
Symantec 20150311
Tencent 20150311
TheHacker 20150310
TotalDefense 20150311
TrendMicro 20150311
TrendMicro-HouseCall 20150311
VBA32 20150311
VIPRE 20150312
ViRobot 20150311
Zillya 20150310
Zoner 20150311
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-03-09 18:38:05
Entry Point 0x00004C58
Number of sections 6
PE sections
Overlays
MD5 d5e7348eed8c9434638f245ac39a12dc
File type data
Offset 143360
Size 58
Entropy 4.59
PE imports
SelectObject
CreateSolidBrush
CreatePen
BitBlt
GetModuleHandleW
GetStartupInfoW
Ord(3820)
Ord(2406)
Ord(6113)
Ord(4621)
Ord(5298)
Ord(1634)
Ord(2980)
Ord(6371)
Ord(967)
Ord(2438)
Ord(523)
Ord(5237)
Ord(4073)
Ord(4128)
Ord(6048)
Ord(5996)
Ord(2362)
Ord(5257)
Ord(3733)
Ord(5736)
Ord(5236)
Ord(4523)
Ord(5727)
Ord(3744)
Ord(4616)
Ord(3167)
Ord(6332)
Ord(2873)
Ord(4717)
Ord(1987)
Ord(4852)
Ord(1569)
Ord(4539)
Ord(6370)
Ord(815)
Ord(4525)
Ord(3257)
Ord(5208)
Ord(641)
Ord(3917)
Ord(861)
Ord(3449)
Ord(2388)
Ord(3566)
Ord(338)
Ord(4343)
Ord(2502)
Ord(3076)
Ord(4414)
Ord(4233)
Ord(5256)
Ord(1739)
Ord(4430)
Ord(3142)
Ord(3060)
Ord(3193)
Ord(5285)
Ord(4617)
Ord(2021)
Ord(5793)
Ord(5233)
Ord(6330)
Ord(2069)
Ord(1165)
Ord(2486)
Ord(617)
Ord(366)
Ord(825)
Ord(4604)
Ord(5710)
Ord(4329)
Ord(5276)
Ord(4146)
Ord(4441)
Ord(4401)
Ord(2874)
Ord(540)
Ord(4606)
Ord(4335)
Ord(4692)
Ord(674)
Ord(1196)
Ord(5807)
Ord(1767)
Ord(2371)
Ord(3568)
Ord(4480)
Ord(4229)
Ord(5478)
Ord(5475)
Ord(823)
Ord(2047)
Ord(4537)
Ord(4405)
Ord(4913)
Ord(4958)
Ord(813)
Ord(5278)
Ord(2504)
Ord(5006)
Ord(4607)
Ord(5157)
Ord(4298)
Ord(541)
Ord(6051)
Ord(5261)
Ord(3074)
Ord(3345)
Ord(2613)
Ord(3592)
Ord(4609)
Ord(4884)
Ord(4459)
Ord(554)
Ord(4381)
Ord(2109)
Ord(2910)
Ord(2619)
Ord(3688)
Ord(2977)
Ord(2116)
Ord(4418)
Ord(5784)
Ord(2641)
Ord(1834)
Ord(4268)
Ord(3053)
Ord(796)
Ord(1937)
Ord(2382)
Ord(4831)
Ord(5070)
Ord(2618)
Ord(4158)
Ord(5573)
Ord(791)
Ord(975)
Ord(6076)
Ord(2715)
Ord(4426)
Ord(3398)
Ord(4269)
Ord(4992)
Ord(5297)
Ord(4608)
Ord(4461)
Ord(520)
Ord(4817)
Ord(3743)
Ord(986)
Ord(2377)
Ord(4893)
Ord(6211)
Ord(4419)
Ord(323)
Ord(4074)
Ord(1719)
Ord(2640)
Ord(1089)
Ord(773)
Ord(4421)
Ord(4773)
Ord(807)
Ord(4520)
Ord(3254)
Ord(2506)
Ord(4947)
Ord(3341)
Ord(4237)
Ord(4451)
Ord(5304)
Ord(5273)
Ord(3712)
Ord(2971)
Ord(2534)
Ord(1817)
Ord(4347)
Ord(5248)
Ord(1658)
Ord(501)
Ord(324)
Ord(560)
Ord(2391)
Ord(5296)
Ord(2527)
Ord(1768)
Ord(4704)
Ord(3793)
Ord(4955)
Ord(3826)
Ord(5193)
Ord(4847)
Ord(5468)
Ord(1720)
Ord(4075)
Ord(2854)
Ord(4857)
Ord(652)
Ord(5094)
Ord(4420)
Ord(5596)
Ord(5097)
Ord(1131)
Ord(1244)
Ord(2546)
Ord(4435)
Ord(5303)
Ord(4518)
Ord(6171)
Ord(2717)
Ord(4583)
Ord(6617)
Ord(561)
Ord(4292)
Ord(1083)
Ord(1143)
Ord(3054)
Ord(3658)
Ord(6372)
Ord(3131)
Ord(4154)
Ord(2024)
Ord(5059)
Ord(3825)
Ord(4072)
Ord(640)
Ord(4103)
Ord(529)
Ord(4370)
Ord(4969)
Ord(800)
Ord(296)
Ord(5649)
Ord(5239)
Ord(5286)
Ord(4690)
Ord(3621)
__wgetmainargs
__p__fmode
strcat
__dllonexit
strncat
strlen
_except_handler3
_itoa
_onexit
abs
exit
_XcptFilter
__setusermatherr
__p__commode
sprintf
__CxxFrameHandler
_adjust_fdiv
atoi
_exit
strcpy
_initterm
_controlfp
_wcmdln
strcmp
__set_app_type
SetTimer
SendMessageW
UpdateWindow
FillRect
LoadBitmapW
LoadCursorW
KillTimer
LoadIconW
EnableWindow
InvalidateRect
GetDC
SetCursor
Number of PE resources by type
RT_STRING 15
RT_DIALOG 4
RT_BITMAP 3
RT_GROUP_CURSOR 2
RT_CURSOR 2
RT_ICON 1
Struct(241) 1
GIF 1
RT_MENU 1
RT_ACCELERATOR 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
CHINESE SIMPLIFIED 29
NEUTRAL 3
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2015:03:09 19:38:05+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
28672

LinkerVersion
6.0

FileTypeExtension
exe

InitializedDataSize
110592

SubsystemVersion
4.0

EntryPoint
0x4c58

OSVersion
4.0

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 ee265704cf0a371029ed28e958e06549
SHA1 b8d70ada4c39099d72cb02519ef99ef1a8eca4dd
SHA256 e4de1d084bee03cc2c32f0debfbea477b1c5caa1edfe5845505585d8620937a2
ssdeep
1536:WascgxOuIebdGEp8A99WUGZT3ONmUw7qeUlrMdVYCZuYOU24Ip3eN8xtJ+25:GR9A9t32KUlrM/YCZu1wG+w

authentihash b3e28cdaee72281cf4aff87fc1f0e2c509eab580649b17138cdc05083c8cd1e8
imphash a97a77ce7f15c37a55c880e1886bb7d5
File size 140.1 KB ( 143418 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Tags
peexe overlay

VirusTotal metadata
First submission 2015-03-11 14:30:41 UTC ( 4 years, 2 months ago )
Last submission 2016-12-08 22:02:54 UTC ( 2 years, 5 months ago )
File names 3mxyM7JKi.gz
LOG.exe
msmichrba.exe
e4de1d084bee03cc2c32f0debfbea477b1c5caa1edfe5845505585d8620937a2.bin
log.exe
DYNAMO.EXE
msjzd.exe
log.exe_
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Code injections in the following processes
Opened mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
UDP communications