× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: eb161fdf0dd6e0b340a60540dd62f1e6eeaf4cb750440a7bcd7c007ce7e01024
File name: EB161FDF0DD6E0B340A60540DD62F1E6EEAF4CB750440A7BCD7C007CE7E01024
Detection ratio: 43 / 54
Analysis date: 2014-08-05 06:23:48 UTC ( 4 years, 6 months ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKD.1709949 20140805
Yandex Backdoor.Azbreg!ZgAfRNJtUaE 20140804
AhnLab-V3 Dropper/Win32.Necurs 20140804
AntiVir TR/Lethic.B.135 20140805
Antiy-AVL Trojan[Backdoor]/Win32.Azbreg 20140805
Avast Win32:Malware-gen 20140805
AVG Win32/Cryptor 20140805
AVware Trojan.Win32.Generic!BT 20140805
Baidu-International Backdoor.Win32.Azbreg.aO 20140804
BitDefender Trojan.GenericKD.1709949 20140805
CAT-QuickHeal Backdoor.Azbreg.r4 20140805
Commtouch W32/Trojan.ZHKK-1239 20140805
Comodo UnclassifiedMalware 20140805
DrWeb BackDoor.Siggen.57698 20140805
Emsisoft Trojan.GenericKD.1709949 (B) 20140805
ESET-NOD32 Win32/Lethic.AA 20140805
F-Secure Trojan.GenericKD.1709949 20140805
Fortinet W32/Azbreg.ZWR!tr.bdr 20140805
GData Trojan.GenericKD.1709949 20140805
Ikarus Backdoor.Win32.Azbreg 20140805
Jiangmin Worm/Ngrbot.bub 20140805
K7AntiVirus Trojan ( 000e4c811 ) 20140805
K7GW Trojan ( 050000001 ) 20140805
Kaspersky Backdoor.Win32.Azbreg.zwr 20140805
Kingsoft Win32.Hack.Azbreg.z.(kcloud) 20140805
Malwarebytes Trojan.Ransom.ED 20140805
McAfee RDN/Generic Dropper!up 20140805
McAfee-GW-Edition RDN/Generic Dropper!up 20140804
Microsoft Trojan:Win32/Lethic.B 20140805
eScan Trojan.GenericKD.1709949 20140805
NANO-Antivirus Trojan.Win32.Azbreg.daxhjy 20140805
Norman Suspicious_Gen4.GLFTZ 20140804
nProtect Trojan.GenericKD.1709949 20140804
Panda Trj/Genetic.gen 20140804
Qihoo-360 Win32/Trojan.Multi.daf 20140805
Rising PE:Trojan.Win32.Generic.16D88FD9!383291353 20140804
Sophos AV Mal/Ransom-CR 20140805
Symantec WS.Reputation.1 20140805
Tencent Win32.Backdoor.Azbreg.Edyk 20140805
TrendMicro TROJ_GEN.R0CBC0DFB14 20140805
TrendMicro-HouseCall TROJ_CROWTI.SMN1 20140805
VBA32 BScope.Malware-Cryptor.Ngrbot 20140804
VIPRE Trojan.Win32.Generic!BT 20140805
AegisLab 20140805
Bkav 20140804
ByteHero 20140805
ClamAV 20140805
CMC 20140804
F-Prot 20140805
SUPERAntiSpyware 20140804
TheHacker 20140805
TotalDefense 20140804
ViRobot 20140805
Zoner 20140729
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-06-08 09:15:48
Entry Point 0x00003199
Number of sections 4
PE sections
PE imports
GetStdHandle
WaitForSingleObject
FindFirstFileW
EncodePointer
GetFileAttributesW
GetLocalTime
VirtualAllocEx
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
LocalAlloc
SetFilePointer
LoadLibraryExW
FreeEnvironmentStringsW
SetStdHandle
GetFileTime
IsDBCSLeadByteEx
GetTempPathA
GetCPInfo
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
GetExitCodeProcess
LocalFree
LocalSize
ResumeThread
InitializeCriticalSection
FindClose
TlsGetValue
FormatMessageA
SetLastError
LocalLock
WriteProcessMemory
GetModuleFileNameW
TryEnterCriticalSection
IsDebuggerPresent
HeapAlloc
GetVersionExA
GetModuleFileNameA
FindNextVolumeW
LoadLibraryA
HeapSetInformation
SetThreadPriority
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
MoveFileW
CreateMutexA
GetVolumeNameForVolumeMountPointA
CreateSemaphoreA
CreateThread
LocalFlags
GetExitCodeThread
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
GetNumberOfConsoleMouseButtons
ExitThread
DecodePointer
SetEnvironmentVariableA
GlobalMemoryStatus
GetVersion
SetCurrentDirectoryW
GlobalAlloc
FindAtomA
GetCurrentThreadId
LeaveCriticalSection
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
TerminateThread
LoadLibraryW
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
VirtualProtect
FlushFileBuffers
FillConsoleOutputCharacterW
RtlUnwind
GetSystemDirectoryA
FreeLibrary
CreateRemoteThread
ChangeTimerQueueTimer
GetFileSize
AddAtomA
OpenProcess
GetStartupInfoW
ReadProcessMemory
DeleteFileW
GetProcAddress
CreateFileMappingW
CompareStringW
RemoveDirectoryW
UnmapViewOfFile
FindFirstFileA
FindNextFileA
TerminateProcess
WaitForMultipleObjects
GetTimeZoneInformation
CreateFileW
GetFileType
TlsSetValue
CreateFileA
ExitProcess
LocalUnlock
InterlockedIncrement
GetLastError
LCMapStringW
HeapCreate
GlobalFree
GetConsoleCP
FindNextFileW
GetEnvironmentStringsW
VirtualQuery
GetQueuedCompletionStatus
GetAtomNameA
VirtualFreeEx
GetCurrentProcessId
CreateIoCompletionPort
WideCharToMultiByte
HeapSize
GetCommandLineA
GetCurrentThread
OpenMutexA
SuspendThread
ReleaseSemaphore
MapViewOfFile
TlsFree
GetModuleHandleA
ReadFile
CloseHandle
GetACP
GetModuleHandleW
IsValidCodePage
SetConsoleMode
PostQueuedCompletionStatus
VirtualFree
Sleep
VirtualAlloc
ShellExecuteA
RedrawWindow
GetMessagePos
SetWindowRgn
EnableScrollBar
DestroyMenu
PostQuitMessage
GetForegroundWindow
LoadBitmapA
SetWindowPos
IsWindow
DispatchMessageA
EndPaint
ScrollWindowEx
SetMenuItemInfoA
CharUpperBuffA
WindowFromPoint
DrawIcon
GetMessageTime
SetActiveWindow
GetMenuItemID
ChangeClipboardChain
GetCursorPos
MapDialogRect
GetClassInfoA
SendMessageW
UnregisterClassA
SendMessageA
GetClientRect
CharLowerBuffA
SetScrollPos
CreateIconFromResourceEx
CallNextHookEx
LoadMenuIndirectA
IsClipboardFormatAvailable
GetKeyboardState
ClientToScreen
GetTopWindow
EnumClipboardFormats
MsgWaitForMultipleObjects
ScrollWindow
GetWindowTextA
GetKeyState
PtInRect
DrawEdge
GetParent
UpdateWindow
SetPropA
EqualRect
EnumWindows
DefMDIChildProcA
CreateCaret
ShowWindow
SetClassLongA
GetPropA
GetMenuState
PeekMessageW
TranslateMDISysAccel
EnableWindow
SetWindowPlacement
PeekMessageA
ChildWindowFromPoint
IsCharAlphaA
TranslateMessage
IsWindowEnabled
GetWindow
DestroyCaret
ActivateKeyboardLayout
InsertMenuItemA
CreatePopupMenu
GetIconInfo
LoadStringA
SetParent
SetClipboardData
GetSystemMetrics
IsZoomed
GetWindowPlacement
GetKeyboardLayoutList
DrawMenuBar
CharLowerA
IsIconic
RegisterClassA
GetMenuItemCount
TabbedTextOutA
GetWindowLongA
CreateWindowExA
OemToCharA
GetActiveWindow
ShowOwnedPopups
FillRect
EnumThreadWindows
CharNextA
GetSysColorBrush
IsWindowUnicode
GetWindowLongW
GetUpdateRect
DestroyWindow
IsChild
IsDialogMessageA
SetFocus
MapVirtualKeyA
GetKeyboardLayoutNameA
SetCapture
BeginPaint
OffsetRect
SetCaretPos
GetScrollPos
KillTimer
RegisterWindowMessageA
DefWindowProcA
DrawFocusRect
SetClipboardViewer
SendDlgItemMessageA
IsCharAlphaNumericA
SetWindowLongW
SetScrollRange
GetWindowRect
InflateRect
PostMessageA
ReleaseCapture
EnumChildWindows
GetScrollRange
SetWindowLongA
SetKeyboardState
WaitMessage
SetWindowTextA
CheckMenuItem
GetSubMenu
GetLastActivePopup
DrawIconEx
SetTimer
GetDlgItem
BringWindowToTop
ScreenToClient
GetClassLongA
InsertMenuA
CreateDialogIndirectParamA
LoadCursorA
LoadIconA
TrackPopupMenu
SetWindowsHookExA
GetMenuStringA
ValidateRect
IsDialogMessageW
GetSystemMenu
GetDC
SetForegroundWindow
OpenClipboard
GetAsyncKeyState
ReleaseDC
IntersectRect
GetScrollInfo
GetKeyboardLayout
GetCapture
RemovePropA
FindWindowA
MessageBeep
GetCaretPos
RemoveMenu
GetWindowThreadProcessId
ShowScrollBar
GetMenu
DestroyIcon
DrawFrameControl
UnhookWindowsHookEx
RegisterClipboardFormatA
CallWindowProcA
MessageBoxA
GetClassNameA
GetWindowDC
DestroyCursor
AdjustWindowRectEx
LookupIconIdFromDirectoryEx
LoadKeyboardLayoutA
GetSysColor
SetScrollInfo
GetMenuItemInfoA
SystemParametersInfoA
GetDoubleClickTime
EnableMenuItem
GetKeyNameTextA
IsWindowVisible
EmptyClipboard
GetDesktopWindow
GetClipboardData
CharToOemA
GetDCEx
UnionRect
DispatchMessageW
FrameRect
SetRect
DeleteMenu
InvalidateRect
DefFrameProcA
DrawTextA
CreateIcon
IsRectEmpty
GetCursor
GetFocus
CreateMenu
CloseClipboard
SetCursor
SetMenu
MapWindowPoints
Number of PE resources by type
RT_STRING 7
RT_DIALOG 3
JPEG 1
Number of PE resources by language
GERMAN NEUTRAL 7
SWEDISH 3
ENGLISH SPANISH HONDURAS 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2014:06:08 10:15:48+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
39936

LinkerVersion
9.0

FileAccessDate
2014:08:05 07:13:11+01:00

EntryPoint
0x3199

InitializedDataSize
49152

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

FileCreateDate
2014:08:05 07:13:11+01:00

UninitializedDataSize
0

File identification
MD5 1fe65f631b72cea612b11542a5ea89b3
SHA1 d01f6cbd4bdf67d99419eb86c5e8de40ed3cbfc5
SHA256 eb161fdf0dd6e0b340a60540dd62f1e6eeaf4cb750440a7bcd7c007ce7e01024
ssdeep
1536:dvB7iV8YfnVXpwg9piLWvmMkQaXgiZXgDUgMUY/ScDy6RpYxjiDZkEdvisaE05:NB70bfVZjiLWvnaXLZXSUHScu6R6xjiK

imphash 16aab160365d58e3d5628ee2797cba25
File size 88.0 KB ( 90112 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2014-06-08 11:55:18 UTC ( 4 years, 8 months ago )
Last submission 2014-06-08 11:55:18 UTC ( 4 years, 8 months ago )
File names EB161FDF0DD6E0B340A60540DD62F1E6EEAF4CB750440A7BCD7C007CE7E01024
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Created processes
Code injections in the following processes
Opened mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.