× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: eadb889891dcc1269dad46415aba9bc913b50622aa2f8748001dd7f6f83dacc9
File name: eadb889891dcc1269dad46415aba9bc913b50622aa2f8748001dd7f6f83dacc9.vir
Detection ratio: 35 / 54
Analysis date: 2016-01-26 14:00:21 UTC ( 7 months ago )
Antivirus Result Update
ALYac Gen:Variant.Zusy.26728 20160126
AVG Dropper.Generic6.CMOO 20160126
AVware Trojan.Win32.Redosdru.C (v) 20160111
Ad-Aware Gen:Variant.Zusy.26728 20160126
AegisLab Troj.W32.Generic!c 20160126
Yandex Trojan.DR.Agent!3saErPJN6Kw 20160125
AhnLab-V3 Trojan/Win32.Magania 20160125
Antiy-AVL Trojan[:HEUR]/Win32.Unknown 20160126
Arcabit Trojan.Zusy.D6868 20160126
Avast Win32:Trojan-gen 20160126
Avira (no cloud) TR/Dropper.Gen2 20160126
BitDefender Gen:Variant.Zusy.26728 20160126
Comodo UnclassifiedMalware 20160126
DrWeb Trojan.KillProc.19539 20160126
ESET-NOD32 a variant of Win32/TrojanDropper.Agent.POZ 20160126
Emsisoft Gen:Variant.Zusy.26728 (B) 20160126
F-Secure Gen:Variant.Zusy.26728 20160126
Fortinet W32/Grp.KC!tr 20160126
GData Gen:Variant.Zusy.26728 20160126
Ikarus Virus.Win32.Dialer 20160126
Jiangmin Heur:Backdoor/PcClient 20160126
K7AntiVirus Riskware ( 0049ee041 ) 20160126
K7GW Riskware ( 0049ee041 ) 20160126
Kaspersky HEUR:Trojan.Win32.Generic 20160126
McAfee Artemis!79D4538531D7 20160126
McAfee-GW-Edition Artemis!Trojan 20160126
eScan Gen:Variant.Zusy.26728 20160126
NANO-Antivirus Trojan.Win32.KillProc.baljzt 20160126
Panda Trj/CI.A 20160125
Qihoo-360 HEUR/Malware.QVM07.Gen 20160126
Rising PE:Backdoor.Server!1.64E0 [F] 20160126
Symantec Trojan.Gen 20160125
VBA32 BScope.Trojan.SvcHorse.01643 20160125
VIPRE Trojan.Win32.Redosdru.C (v) 20160126
Zillya Dropper.Agent.Win32.117991 20160126
Alibaba 20160126
Baidu-International 20160126
ByteHero 20160126
CAT-QuickHeal 20160125
CMC 20160111
ClamAV 20160126
Cyren 20160126
F-Prot 20160126
Malwarebytes 20160126
Microsoft 20160126
SUPERAntiSpyware 20160126
Sophos 20160126
TheHacker 20160124
TotalDefense 20160126
TrendMicro 20160126
TrendMicro-HouseCall 20160126
ViRobot 20160126
Zoner 20160126
nProtect 20160126
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Signature verification The digital signature of the object did not verify.
Packers identified
PEiD Armadillo v1.71
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-09-27 09:28:06
Entry Point 0x00002D00
Number of sections 4
PE sections
Overlays
MD5 4567437bf608afd6932bc713ee37e0be
File type data
Offset 167936
Size 9072
Entropy 7.37
PE imports
RegDeleteKeyA
LookupAccountNameA
RegCloseKey
SetSecurityDescriptorDacl
RegQueryValueExA
GetSecurityDescriptorControl
AddAccessAllowedAce
GetUserNameA
RegDeleteValueA
GetFileSecurityA
RegCreateKeyExA
RegOpenKeyExA
GetLastError
HeapFree
GetStdHandle
LCMapStringW
SetHandleCount
lstrlenA
GetOEMCP
LCMapStringA
HeapDestroy
ExitProcess
IsBadWritePtr
FlushFileBuffers
GetEnvironmentStringsW
GetVersionExA
LoadLibraryA
RtlUnwind
GetModuleFileNameA
FreeEnvironmentStringsA
GetStartupInfoA
GetEnvironmentStrings
IsBadReadPtr
lstrcatA
DeleteFileA
GetCPInfo
UnhandledExceptionFilter
MultiByteToWideChar
IsBadCodePtr
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
GetProcessHeap
SetStdHandle
SetFilePointer
RaiseException
WideCharToMultiByte
GetStringTypeA
GetModuleHandleA
ReadFile
SetUnhandledExceptionFilter
lstrcpyA
GetCurrentProcess
CloseHandle
GetACP
HeapReAlloc
GetStringTypeW
GetVersion
TerminateProcess
GetEnvironmentVariableA
HeapCreate
WriteFile
VirtualFree
Sleep
GetFileType
SetEndOfFile
CreateFileA
HeapAlloc
GetCurrentThreadId
FindResourceA
VirtualAlloc
SetLastError
NetUserGetLocalGroups
NetApiBufferFree
GetMessageA
GetInputState
PostThreadMessageA
Number of PE resources by type
MSMPRES 1
Number of PE resources by language
NEUTRAL 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2012:09:27 10:28:06+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
28672

LinkerVersion
6.0

EntryPoint
0x2d00

InitializedDataSize
135168

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 79d4538531d723983329fa34946db13c
SHA1 09331281b62f14fc8cc935b5d0a4966791bb0d72
SHA256 eadb889891dcc1269dad46415aba9bc913b50622aa2f8748001dd7f6f83dacc9
ssdeep
3072:mvYqAHtEFTLGsEYWqamp3zQL6mq7gwrgiv2KQBdnNH2:mvIuFTLAYWqdpDQL6mq7gcgiABO

authentihash e2f4c6cfc85098421627211cc7a7f2901b7a76301758539ba666e897c9d58819
imphash b91935636212c20ac5f9d75415c92f79
File size 172.9 KB ( 177008 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.4%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe armadillo overlay

VirusTotal metadata
First submission 2012-10-24 03:03:32 UTC ( 3 years, 10 months ago )
Last submission 2016-01-26 14:00:21 UTC ( 7 months ago )
File names 79d4538531d723983329fa34946
itougiscrt.txt
eadb889891dcc1269dad46415aba9bc913b50622aa2f8748001dd7f6f83dacc9.vir
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Written files
Deleted files
Set keys
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
UDP communications