× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: ea91f19da1091ec2df6d67f4bc48c71779e1d60722169387eb556abea3b891b2
File name: edg1.exe
Detection ratio: 4 / 57
Analysis date: 2015-04-02 12:51:36 UTC ( 2 years, 2 months ago ) View latest
Antivirus Result Update
ESET-NOD32 Win32/Dridex.M 20150402
Kaspersky UDS:DangerousObject.Multi.Generic 20150402
Norman Kryptik.CFBH 20150402
Tencent Trojan.Win32.Qudamah.Gen.24 20150402
Ad-Aware 20150402
AegisLab 20150402
Yandex 20150401
AhnLab-V3 20150402
Alibaba 20150402
ALYac 20150402
Antiy-AVL 20150402
Avast 20150402
AVG 20150402
Avira (no cloud) 20150402
AVware 20150402
Baidu-International 20150402
BitDefender 20150402
Bkav 20150402
ByteHero 20150402
CAT-QuickHeal 20150402
ClamAV 20150401
CMC 20150402
Comodo 20150402
Cyren 20150402
DrWeb 20150402
Emsisoft 20150402
F-Prot 20150401
F-Secure 20150402
Fortinet 20150402
GData 20150402
Ikarus 20150402
Jiangmin 20150401
K7AntiVirus 20150402
K7GW 20150402
Kingsoft 20150402
Malwarebytes 20150402
McAfee 20150402
McAfee-GW-Edition 20150401
Microsoft 20150402
eScan 20150402
NANO-Antivirus 20150402
nProtect 20150402
Panda 20150401
Qihoo-360 20150402
Rising 20150402
Sophos 20150402
SUPERAntiSpyware 20150402
Symantec 20150402
TheHacker 20150401
TotalDefense 20150402
TrendMicro 20150402
TrendMicro-HouseCall 20150402
VBA32 20150402
VIPRE 20150402
ViRobot 20150402
Zillya 20150402
Zoner 20150402
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-11-10 10:14:15
Entry Point 0x0000E006
Number of sections 3
PE sections
PE imports
LsaSetTrustedDomainInformation
ImageList_Create
PlgBlt
ImmGetVirtualKey
DefineDosDeviceW
GetSystemTimeAsFileTime
FlushConsoleInputBuffer
CreateMutexA
GlobalFindAtomA
DefineDosDeviceA
GetVersionExA
GetEnvironmentStringsW
GlobalUnlock
FlushViewOfFile
GetSystemDirectoryA
DisconnectNamedPipe
GetStartupInfoA
FileTimeToDosDateTime
GetCurrentDirectoryW
AddAtomA
GetStartupInfoW
GetFileInformationByHandle
GlobalLock
GetPrivateProfileStringW
GetProcessHeap
GetFileTime
FindResourceExA
GetModuleHandleA
ConvertDefaultLocale
GetTimeFormatA
FreeConsole
GetACP
GetModuleHandleW
FileTimeToLocalFileTime
GetPrivateProfileSectionW
GetLongPathNameW
FreeLibraryAndExitThread
GetNumberFormatA
CreateFileW
AllocConsole
FormatMessageA
GetFullPathNameW
ExitProcess
GetNumberFormatW
_except_handler3
__p__fmode
_acmdln
_exit
_adjust_fdiv
_controlfp
exit
_XcptFilter
__getmainargs
_initterm
__setusermatherr
__p__commode
__set_app_type
Ord(74)
Ord(45)
Ord(60)
Ord(38)
Ord(46)
Ord(55)
Ord(165)
Ord(16)
Ord(64)
Ord(19)
Ord(28)
Ord(511)
Ord(603)
Ord(611)
VarR4FromDisp
VarUI1FromR4
RasSetEntryPropertiesA
RasEnumConnectionsA
RasGetCountryInfoA
RasGetEntryPropertiesA
RasGetConnectStatusW
RasRenameEntryW
RasCreatePhonebookEntryW
RasGetProjectionInfoA
RasGetProjectionInfoW
RasSetEntryDialParamsW
RasGetErrorStringA
RasGetConnectStatusA
RasGetCountryInfoW
RasGetEntryDialParamsW
RasRenameEntryA
RasDeleteEntryA
RpcSsDisableAllocate
SetupDiEnumDeviceInterfaces
SetupDiBuildClassInfoList
SetupOpenAppendInfFileA
SetupDiGetDriverInfoDetailA
SetupGetMultiSzFieldA
SetupDiSetDeviceRegistryPropertyW
SetupGetBinaryField
SetupDiOpenDeviceInfoW
SetupDiDrawMiniIcon
SetupCopyOEMInfA
SetupGetInfFileListA
SetupDiGetClassImageListExW
SetupDeleteErrorW
SetupDiSetDeviceInstallParamsA
SetupDiSetClassInstallParamsW
SetupRemoveFromSourceListW
SetupDiGetHwProfileFriendlyNameA
SetupDiSelectDevice
SetupGetInfInformationA
SetupDiGetHwProfileFriendlyNameExA
SetupPromptForDiskW
SetupAdjustDiskSpaceListW
SetupDiSetSelectedDriverA
SetupSetPlatformPathOverrideW
SetupDiGetClassImageIndex
SetupDiCreateDeviceInterfaceW
SetupQueryFileLogA
SetupDiGetClassDescriptionA
SetupGetFileCompressionInfoA
SetupDiCreateDeviceInfoListExA
SetupDiCreateDevRegKeyA
SetupQueryInfVersionInformationW
SetupLogErrorW
SetupGetSourceFileLocationA
SetupQueueRenameA
SetupFindFirstLineW
SetupIterateCabinetW
SetupInstallFileExW
SetupDiClassNameFromGuidW
SetupGetSourceFileSizeA
SetupDiInstallClassW
SetupQueryDrivesInDiskSpaceListW
SetupGetLineTextA
SetupQuerySpaceRequiredOnDriveW
SetupInstallFileExA
SetupDiGetClassDevPropertySheetsW
SetupDiCreateDeviceInfoList
SetupQueueDeleteW
RegisterWindowMessageW
GetCaretBlinkTime
EnumDesktopsA
GetMessageA
DrawTextExW
HideCaret
OffsetRect
CreateAcceleratorTableW
CreateCaret
DrawAnimatedRects
DestroyMenu
CharPrevW
DefMDIChildProcA
CheckMenuRadioItem
GrayStringW
GetTabbedTextExtentA
PostMessageA
CharUpperW
EnumChildWindows
AppendMenuW
GetWindowDC
DialogBoxParamA
OpenWindowStationA
CopyImage
GetCursorPos
IsCharAlphaNumericA
DrawStateA
IsZoomed
PackDDElParam
BringWindowToTop
CreateIconIndirect
InvertRect
InSendMessage
FillRect
DefDlgProcA
ModifyMenuW
SetDlgItemInt
GetDialogBaseUnits
ReuseDDElParam
GetKeyState
CharToOemA
HttpSendRequestExW
RetrieveUrlCacheEntryFileA
InternetOpenA
InternetHangUp
InternetCanonicalizeUrlA
HttpSendRequestExA
GetUrlCacheEntryInfoA
GopherOpenFileA
InternetReadFileExW
InternetConnectA
FtpSetCurrentDirectoryA
InternetGetCookieA
GopherOpenFileW
GetUrlCacheEntryInfoW
InternetAttemptConnect
InternetGetLastResponseInfoW
InternetCombineUrlW
HttpQueryInfoW
FtpGetFileW
InternetReadFile
CommitUrlCacheEntryW
GopherGetLocatorTypeW
InternetCheckConnectionA
GopherCreateLocatorA
FindFirstUrlCacheEntryExA
GopherGetLocatorTypeA
FtpOpenFileA
FindNextUrlCacheEntryA
DeleteUrlCacheEntry
InternetCrackUrlA
FindNextUrlCacheEntryExA
mmioFlush
mmioSeek
ConnectToPrinterDlg
GetPrinterDataExW
ConfigurePortW
DeletePrinterConnectionA
OpenPrinterA
EnumPortsW
ResetPrinterA
EnumPrinterKeyA
DocumentPropertiesA
AddPortA
WritePrinter
EnumPrinterDriversA
AddMonitorA
DeletePrintProcessorA
OpenPrinterW
GetPrintProcessorDirectoryW
DeletePrintProvidorW
PrinterMessageBoxA
FindTextW
GetSaveFileNameW
GetSaveFileNameA
ReplaceTextA
CoReleaseMarshalData
SetConvertStg
CoRegisterSurrogate
PdhGetDllVersion
PdhOpenLogA
PdhCalculateCounterFromRawValue
PdhValidatePathA
PdhMakeCounterPathW
PdhSelectDataSourceA
PdhEnumMachinesA
PdhBrowseCountersW
PdhExpandCounterPathA
PdhGetCounterTimeBase
PdhOpenLogW
PdhSelectDataSourceW
PdhLookupPerfIndexByNameW
PdhGetDefaultPerfObjectA
PdhParseCounterPathW
PdhValidatePathW
IsAsyncMoniker
CoInternetCreateZoneManager
CoInternetGetSession
HlinkNavigateString
GetClassFileOrMime
IsValidURL
CreateAsyncBindCtxEx
HlinkSimpleNavigateToString
CoInternetParseUrl
URLDownloadToCacheFileW
URLOpenPullStreamA
CoInternetGetProtocolFlags
URLOpenBlockingStreamW
CoInternetCreateSecurityManager
WriteHitLogging
FindMimeFromData
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2012:11:10 11:14:15+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
57344

LinkerVersion
6.0

EntryPoint
0xe006

InitializedDataSize
2977792

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 9565b17a4f1221fee473d0d8660dc26d
SHA1 0916a00988389e57c7590219f823444450b77c66
SHA256 ea91f19da1091ec2df6d67f4bc48c71779e1d60722169387eb556abea3b891b2
ssdeep
1536:ca+IXIDRYRQooHNwXr1SuIeUQ9Z7S/eh4tX+tgsq818pSammuZQZi1cDMQsd+5eO:cbIYD+ToGQebSWhysq8kS/ZdKPSB

authentihash 6711698c41aeddfb47446ac8400ac48d8984240904ea8c522ab06fd1bd88fb77
imphash 9f2d1abd20ccae6336e655ecbfe0b9c8
File size 128.3 KB ( 131359 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (35.8%)
Win64 Executable (generic) (31.7%)
Windows Screen Saver (15.0%)
Win32 Dynamic Link Library (generic) (7.5%)
Win32 Executable (generic) (5.1%)
Tags
peexe

VirusTotal metadata
First submission 2015-04-02 12:51:36 UTC ( 2 years, 2 months ago )
Last submission 2015-04-02 17:11:43 UTC ( 2 years, 2 months ago )
File names edgB.exe
edg1.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Code injections in the following processes
Opened mutexes
Runtime DLLs
UDP communications