× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: eb0eb614b7c659319fe25b99ab5baaa7f312a4e46d2cb305d32fc22dec867416
File name: LSxklJH.exe
Detection ratio: 50 / 56
Analysis date: 2016-06-05 09:03:07 UTC ( 2 years, 8 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.2018992 20160605
AegisLab Troj.W32.Generic!c 20160604
AhnLab-V3 Trojan/Win32.MDA 20160604
ALYac Trojan.GenericKD.2018992 20160605
Antiy-AVL Trojan/Win32.Yakes 20160605
Arcabit Trojan.Generic.D1ECEB0 20160605
Avast Win32:Androp [Drp] 20160605
AVG Inject2.BHMI 20160605
Avira (no cloud) TR/Crypt.Xpack.113298 20160604
AVware Trojan.Win32.Generic!BT 20160604
Baidu Win32.Trojan.WisdomEyes.151026.9950.9969 20160603
Baidu-International Worm.Win32.Dorkbot.B 20160605
BitDefender Trojan.GenericKD.2018992 20160605
Bkav W32.AppdataPfomobAB.Trojan 20160604
CAT-QuickHeal TrojanRansom.Crowti.A4 20160604
Comodo UnclassifiedMalware 20160605
Cyren W32/Trojan.KESB-2915 20160605
DrWeb BackDoor.NewFiz.1 20160605
ESET-NOD32 Win32/Dorkbot.B 20160604
F-Prot W32/Trojan2.OOHC 20160605
F-Secure Trojan.GenericKD.2018992 20160604
Fortinet W32/Generic.AC.2102870 20160605
GData Trojan.GenericKD.2018992 20160605
Ikarus Trojan.Win32.Yakes 20160605
Jiangmin Trojan/Yakes.pgx 20160605
K7AntiVirus Trojan ( 004b20b81 ) 20160605
K7GW Trojan ( 004b20b81 ) 20160605
Kaspersky HEUR:Trojan.Win32.Generic 20160605
Malwarebytes Trojan.Agent.DED 20160605
McAfee RDN/Generic.bfr!hy 20160605
McAfee-GW-Edition BehavesLike.Win32.PWSZbot.dc 20160605
Microsoft Worm:Win32/Dorkbot.I 20160605
eScan Trojan.GenericKD.2018992 20160605
NANO-Antivirus Trojan.Win32.Yakes.dkodqr 20160605
nProtect Trojan/W32.Yakes.219136.F 20160603
Panda Trj/Genetic.gen 20160605
Qihoo-360 Malware.Radar01.Gen 20160605
Rising Malware.Generic!VDSPmdWutdQ@5 (Thunder) 20160605
Sophos AV Mal/Wonton-J 20160605
SUPERAntiSpyware Trojan.Agent/Gen-Injector 20160605
Symantec Trojan.Gen 20160605
Tencent Win32.Worm.Dorkbot.Wrge 20160605
TotalDefense Win32/Dorkbot.KCUQTRD 20160605
TrendMicro TROJ_SPNV.01LH14 20160605
TrendMicro-HouseCall TROJ_SPNV.01LH14 20160605
VBA32 Heur.Malware-Cryptor.Ngrbot 20160603
VIPRE Trojan.Win32.Generic!BT 20160605
ViRobot Backdoor.Win32.Agent.219136.H[h] 20160604
Yandex Trojan.Yakes!/nob9JTryD4 20160604
Zillya Trojan.Yakes.Win32.28028 20160603
Alibaba 20160603
ClamAV 20160605
CMC 20160602
Kingsoft 20160605
TheHacker 20160604
Zoner 20160605
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (C) Adjective 2005-2013

Product Adjective
File version 6.0.0.3
Description Combination Jones origin seldom tribe
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-12-09 09:09:16
Entry Point 0x00006B12
Number of sections 4
PE sections
PE imports
RegDeleteKeyA
LookupPrivilegeValueA
RegCloseKey
OpenProcessToken
AdjustTokenPrivileges
RegQueryValueExA
RegSetValueA
GetUserNameA
RegOpenKeyExA
RegCreateKeyA
CreateToolbarEx
InitCommonControlsEx
ImageList_Destroy
ImageList_SetBkColor
ImageList_Create
ImageList_Remove
ImageList_ReplaceIcon
GetOpenFileNameA
GetSaveFileNameA
GetObjectA
SelectObject
GetStockObject
CreateFontIndirectA
SetBkMode
DeleteObject
SetTextColor
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
ReleaseMutex
SetHandleCount
GetConsoleCP
GetOEMCP
QueryPerformanceCounter
IsDebuggerPresent
GetTickCount
TlsAlloc
GetEnvironmentStringsW
FlushFileBuffers
GetModuleFileNameA
RtlUnwind
LoadLibraryA
GlobalSize
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetEnvironmentStrings
GetConsoleMode
GetLocaleInfoA
GetCurrentProcessId
GetConsoleOutputCP
WriteConsoleW
WideCharToMultiByte
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
HeapSize
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
GetStringTypeA
SetStdHandle
SetFilePointer
RaiseException
CreateFileA
CloseHandle
GetCPInfo
TlsFree
GetModuleHandleA
FindFirstFileExA
SetUnhandledExceptionFilter
WriteFile
GetStartupInfoA
GetVolumeNameForVolumeMountPointW
GetSystemTimeAsFileTime
GetACP
HeapReAlloc
GetStringTypeW
GetModuleHandleW
HeapAlloc
TerminateProcess
LCMapStringA
WriteConsoleA
IsValidCodePage
HeapCreate
OpenEventW
VirtualFree
TlsGetValue
Sleep
GetFileType
TlsSetValue
SetMailslotInfo
ExitProcess
GetCurrentThreadId
LeaveCriticalSection
VirtualAlloc
SetLastError
InterlockedIncrement
glMapGrid2f
glColorMask
glRasterPos4f
glIndexdv
glRasterPos3dv
glNormal3f
glGetMaterialfv
glDeleteLists
SHGetFileInfoA
DragFinish
DragAcceptFiles
SHBrowseForFolderA
DragQueryFileA
SHGetPathFromIDListA
SHGetMalloc
ShellExecuteA
SetFocus
RedrawWindow
SetDlgItemTextA
ClientToScreen
EmptyClipboard
IsDlgButtonChecked
EndDialog
DestroyWindow
SetMenuItemInfoA
CheckRadioButton
KillTimer
DestroyMenu
CheckMenuRadioItem
PostQuitMessage
FindWindowA
SetWindowLongA
SetWindowPos
RemoveMenu
SetDlgItemInt
GetSystemMetrics
IsWindow
GetMenu
GetWindowRect
DispatchMessageA
EnableWindow
SetWindowPlacement
PostMessageA
MoveWindow
GetDlgItemTextA
MessageBoxA
GetSystemMenu
ChildWindowFromPoint
DestroyCursor
wvsprintfA
TranslateMessage
DialogBoxParamA
CharUpperA
SetActiveWindow
InsertMenuItemA
GetCursorPos
CreatePopupMenu
SendMessageA
GetClassInfoA
CheckMenuItem
DestroyIcon
UnregisterClassA
SetClipboardData
GetClipboardData
GetWindowPlacement
wsprintfA
CloseClipboard
GetClientRect
SetTimer
GetDlgItem
CreateDialogParamA
CharLowerBuffA
AppendMenuA
EnableMenuItem
RegisterClassA
InvalidateRect
LoadAcceleratorsA
GetWindowLongA
GetSysColor
LoadCursorA
LoadIconA
TrackPopupMenu
GetMessageA
SetWindowTextA
TranslateAcceleratorA
DefDlgProcA
SendDlgItemMessageA
GetSubMenu
DestroyAcceleratorTable
CheckDlgButton
GetSysColorBrush
EnumClipboardFormats
CallWindowProcA
IsMenu
GetActiveWindow
GetWindowTextA
OpenClipboard
IsDialogMessageA
SetCursor
Number of PE resources by type
RT_GROUP_CURSOR 10
RT_CURSOR 10
RT_BITMAP 2
RT_VERSION 1
JPEG 1
Number of PE resources by language
LITHUANIAN 23
NEUTRAL 1
PE resources
ExifTool file metadata
CodeSize
85504

SubsystemVersion
5.0

LinkerVersion
9.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
8.5.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Combination Jones origin seldom tribe

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Windows, Latin1

InitializedDataSize
132608

FileOS
Windows 16-bit

EntryPoint
0x6b12

MIMEType
application/octet-stream

LegalCopyright
Copyright (C) Adjective 2005-2013

FileVersion
6.0.0.3

TimeStamp
2014:12:09 10:09:16+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Oldest.exe

ProductVersion
6.0

UninitializedDataSize
0

OSVersion
5.0

OriginalFilename
Oldest.exe

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Research needle - www.Adjective.com

LegalTrademarks
Adjective

ProductName
Adjective

ProductVersionNumber
5.3.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 d3a4ecbd6cd80e654a5d36b7077209a6
SHA1 80dba190b31cc6f00014d020af40eda98fd237c0
SHA256 eb0eb614b7c659319fe25b99ab5baaa7f312a4e46d2cb305d32fc22dec867416
ssdeep
6144:pvdKTJDb66pL7rUqbuROz3rbKWJd4da/n:pv+/zLNx3Pms/n

authentihash 0edf90e50f3198c0f85e10c0e28d53b0854956ec7b1f86f221a44511751bc331
imphash 5c922ec35e9f9b88a4e812a8a8d519a9
File size 214.0 KB ( 219136 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe usb-autorun

VirusTotal metadata
First submission 2014-12-09 15:37:17 UTC ( 4 years, 2 months ago )
Last submission 2018-05-08 03:55:12 UTC ( 9 months, 2 weeks ago )
File names gklor.exe
19d02f40-sample
LSxklJH.exe
NSPOycs.exe
c731200
xdANPpr.exe
Explorer.exe
OOWbBDe.exe
HXNaLqu.exe
oQkLDuq.exe
eb0eb614b7c659319fe25b99ab5baaa7f312a4e46d2cb305d32fc22dec867416.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Shell commands
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.