× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: e5908c3637944ba1c49c908821ac1bc1baf80188059740417c03ae4f858c65d5
File name: c075f107ecf3a0c781113550a1c89468b8c98714
Detection ratio: 23 / 55
Analysis date: 2014-10-11 14:57:13 UTC ( 4 years, 5 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.1910128 20141011
Antiy-AVL Trojan[Spy]/Win32.Zbot 20141011
AVG Inject2.AZGL 20141011
Avira (no cloud) TR/Crypt.Xpack.99070 20141011
Baidu-International Trojan.Win32.Zbot.AA 20141011
BitDefender Trojan.GenericKD.1910128 20141011
Bkav HW32.Paked.8827 20141011
Emsisoft Trojan.GenericKD.1910128 (B) 20141011
ESET-NOD32 a variant of Win32/Injector.BNHY 20141011
F-Secure Trojan.GenericKD.1910128 20141011
Fortinet W32/Generik.BNLUICF!tr 20141011
GData Trojan.GenericKD.1910128 20141011
Ikarus Trojan.Win32.Inject 20141011
Kaspersky Trojan-Spy.Win32.Zbot.uitn 20141011
McAfee RDN/Generic PWS.y!bbj 20141011
McAfee-GW-Edition BehavesLike.Win32.PWSQQPass.dh 20141011
eScan Trojan.GenericKD.1910128 20141011
Norman Injector.HIRO 20141011
nProtect Trojan.GenericKD.1910128 20141010
Panda Trj/Chgt.H 20141010
Sophos AV Mal/Generic-S 20141011
Tencent Win32.Trojan-spy.Zbot.Lsmc 20141011
TrendMicro-HouseCall TROJ_GEN.R02PB01JA14 20141011
AegisLab 20141011
Yandex 20141010
AhnLab-V3 20141011
Avast 20141011
AVware 20141011
ByteHero 20141011
CAT-QuickHeal 20141011
ClamAV 20141011
CMC 20141009
Comodo 20141011
Cyren 20141011
DrWeb 20141011
F-Prot 20141009
Jiangmin 20141010
K7AntiVirus 20141010
K7GW 20141011
Kingsoft 20141011
Malwarebytes 20141011
Microsoft 20141011
NANO-Antivirus 20141011
Qihoo-360 20141011
Rising 20141011
SUPERAntiSpyware 20141011
Symantec 20141011
TheHacker 20141010
TotalDefense 20141011
TrendMicro 20141011
VBA32 20141010
VIPRE 20141011
ViRobot 20141011
Zillya 20141011
Zoner 20141010
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1989-09-21 05:39:13
Entry Point 0x001CDC23
Number of sections 5
PE sections
PE imports
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
SetHandleCount
GetModuleFileNameW
GetConsoleCP
GetOEMCP
QueryPerformanceCounter
IsDebuggerPresent
ExitProcess
TlsAlloc
GetEnvironmentStringsW
FlushFileBuffers
RtlUnwind
IsProcessorFeaturePresent
HeapSetInformation
GetCurrentProcess
GetConsoleMode
GetStringTypeW
GetCurrentProcessId
WriteConsoleW
GetCommandLineW
GetCPInfo
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
GetStartupInfoW
FreeEnvironmentStringsW
GetProcAddress
HeapSize
SetStdHandle
WideCharToMultiByte
LoadLibraryW
TlsFree
SetFilePointer
DeleteCriticalSection
GetCurrentThreadId
SetUnhandledExceptionFilter
WriteFile
CloseHandle
GetSystemTimeAsFileTime
GetACP
HeapReAlloc
DecodePointer
GetModuleHandleW
HeapAlloc
TerminateProcess
IsValidCodePage
HeapCreate
CreateFileW
TlsGetValue
Sleep
GetFileType
GetTickCount
TlsSetValue
EncodePointer
OutputDebugStringA
LeaveCriticalSection
SetLastError
InterlockedIncrement
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
1989:09:21 06:39:13+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
16807424

LinkerVersion
10.0

FileAccessDate
2014:11:28 06:49:07+01:00

EntryPoint
0x1cdc23

InitializedDataSize
239104

SubsystemVersion
5.1

ImageVersion
0.0

OSVersion
0.257

FileCreateDate
2014:11:28 06:49:07+01:00

UninitializedDataSize
0

File identification
MD5 aefa774c923c02b879cdcee1d4ec7ad7
SHA1 4f4750a71beffce45c33191c5597cf7592722b2d
SHA256 e5908c3637944ba1c49c908821ac1bc1baf80188059740417c03ae4f858c65d5
ssdeep
6144:UzgM2t1E/vxJDguOB0naeJ/TdT+vUMcuxydGK:UM9t1E/vfnNnaeJ/TdT+vUIxUGK

authentihash 989b433e1598b875c553bdcbb924231434150a42b59f3e8fe02d2d999ad3f73b
imphash 759b3c70e49933144be33f6ac33937c7
File size 264.5 KB ( 270848 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386

TrID Win32 Executable (generic) (52.9%)
Generic Win/DOS Executable (23.5%)
DOS Executable Generic (23.4%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe

VirusTotal metadata
First submission 2014-10-09 01:50:13 UTC ( 4 years, 5 months ago )
Last submission 2014-10-13 14:58:58 UTC ( 4 years, 5 months ago )
File names vti-rescan
flash.ex_
c075f107ecf3a0c781113550a1c89468b8c98714
flash.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.