× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: ecba2d493ce276a3d5137a8b935b108cd7c8789f80093a248924951d3ae93c36
File name: portable.exe
Detection ratio: 15 / 56
Analysis date: 2015-09-22 06:15:11 UTC ( 1 year, 11 months ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Graftor.246215 20150922
Arcabit Trojan.Graftor.D3C1C7 20150922
Avast Win32:Malware-gen 20150922
BitDefender Gen:Variant.Graftor.246215 20150922
Cyren W32/Agent.XL.gen!Eldorado 20150922
DrWeb BackDoor.IRC.NgrBot.566 20150922
Emsisoft Gen:Variant.Graftor.246215 (B) 20150922
ESET-NOD32 a variant of Win32/Kryptik.DXVI 20150922
F-Prot W32/Agent.XL.gen!Eldorado 20150919
Fortinet W32/Kryptik.DXVI!tr 20150922
GData Gen:Variant.Graftor.246215 20150922
Kaspersky Trojan-Spy.Win32.Zbot.vzrf 20150922
Malwarebytes Trojan.FakeMS.PasswordStealer 20150922
McAfee-GW-Edition BehavesLike.Win32.PackedAP.fh 20150922
eScan Gen:Variant.Graftor.246215 20150922
AegisLab 20150921
Yandex 20150921
AhnLab-V3 20150922
Alibaba 20150922
ALYac 20150922
Antiy-AVL 20150922
AVG 20150922
AVware 20150922
Baidu-International 20150921
Bkav 20150919
ByteHero 20150922
CAT-QuickHeal 20150922
ClamAV 20150921
CMC 20150921
Comodo 20150922
F-Secure 20150922
Ikarus 20150922
Jiangmin 20150921
K7AntiVirus 20150922
K7GW 20150922
Kingsoft 20150922
McAfee 20150922
Microsoft 20150922
NANO-Antivirus 20150922
nProtect 20150921
Panda 20150921
Qihoo-360 20150922
Rising 20150921
Sophos AV 20150922
SUPERAntiSpyware 20150921
Symantec 20150921
Tencent 20150922
TheHacker 20150921
TotalDefense 20150921
TrendMicro 20150922
TrendMicro-HouseCall 20150922
VBA32 20150920
VIPRE 20150922
ViRobot 20150922
Zillya 20150921
Zoner 20150922
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Microsoft® Visual Studio® 2008
Original name XDCMAKE.EXE
Internal name XDCMAKE.EXE
File version 15.00.21022.08 built by: RTM
Description Microsoft® XML Document Contents Merge Tool
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-09-21 12:58:02
Entry Point 0x0001E632
Number of sections 4
PE sections
Overlays
MD5 a4406dcafcd10da7f3f81d4bbba5bc68
File type data
Offset 403456
Size 1273
Entropy 7.71
PE imports
CloseServiceHandle
RegCloseKey
OpenProcessToken
RegSetValueExW
RegOpenKeyExW
OpenSCManagerW
LockServiceDatabase
RegCreateKeyW
AdjustTokenPrivileges
QueryServiceLockStatusW
LookupPrivilegeValueW
RegEnumKeyW
UnlockServiceDatabase
RegQueryValueExW
SetMetaRgn
CreateHatchBrush
CreateFontIndirectW
CreateFontW
PatBlt
SetWindowOrgEx
CreatePen
GetBkMode
SaveDC
TextOutA
SetTextAlign
OffsetWindowOrgEx
GetClipBox
GetROP2
GetTextMetricsW
ModifyWorldTransform
StrokeAndFillPath
GetPixel
Rectangle
GetDeviceGammaRamp
GetDeviceCaps
PlayEnhMetaFile
GetMetaFileBitsEx
DeleteDC
SetDCPenColor
SetBkMode
SetLayout
EnumICMProfilesW
SetPixel
EndDoc
Arc
StartPage
DeleteObject
GetObjectW
BitBlt
DrawEscape
SetTextColor
GetTextExtentPointW
CreatePatternBrush
GetBrushOrgEx
ExtTextOutW
CreateBitmap
MoveToEx
EnumFontFamiliesExW
GetPath
GetStockObject
LineTo
GdiFlush
SetBrushOrgEx
CreateCompatibleDC
GetTextAlign
GdiAlphaBlend
PolyBezier
GdiTransparentBlt
SetROP2
EndPage
GetStretchBltMode
StartDocW
RestoreDC
CreateSolidBrush
DPtoLP
SelectObject
SetBkColor
BeginPath
GetTextExtentPoint32W
CreateCompatibleBitmap
ReplaceFileA
GetStdHandle
GetConsoleOutputCP
WaitForSingleObject
EncodePointer
GetLocalTime
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
LocalAlloc
FreeEnvironmentStringsW
GetLocaleInfoW
SetStdHandle
GetFileTime
GetCPInfo
GetStringTypeA
GetTempPathW
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
FreeLibrary
IsWow64Process
BeginUpdateResourceW
LoadResource
GetLogicalDriveStringsW
FindClose
TlsGetValue
QueryDosDeviceW
MoveFileW
SetFileAttributesW
SetLastError
GetSystemTime
LocalLock
GetModuleFileNameW
IsDebuggerPresent
HeapAlloc
GetModuleFileNameA
LoadLibraryA
EnumSystemLocalesA
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
FlushInstructionCache
SetFilePointer
SetEnvironmentVariableW
GetSystemDirectoryW
SetUnhandledExceptionFilter
MulDiv
IsProcessorFeaturePresent
DecodePointer
SetEnvironmentVariableA
SetThreadContext
TerminateProcess
WriteConsoleA
GetCurrentThreadId
InterlockedIncrement
WriteConsoleW
CreateToolhelp32Snapshot
InitializeCriticalSectionAndSpinCount
HeapFree
GetMailslotInfo
EnterCriticalSection
SetHandleCount
LoadLibraryW
GetVersionExW
GetOEMCP
QueryPerformanceCounter
GetTickCount
DisableThreadLibraryCalls
TlsAlloc
VirtualProtect
FlushFileBuffers
GlobalUnfix
RtlUnwind
GetStartupInfoA
GetFileSize
SetFileValidData
GetStartupInfoW
ReadProcessMemory
DeleteFileW
GetUserDefaultLCID
CreateFileMappingW
CompareStringW
GetProfileStringA
CreateHardLinkW
FindFirstFileW
IsValidLocale
DuplicateHandle
GetProcAddress
GetProcessAffinityMask
CreateFileW
GetFileType
TlsSetValue
CreateFileA
ExitProcess
LeaveCriticalSection
GetLastError
LCMapStringW
UnmapViewOfFile
GetConsoleCP
LCMapStringA
GetSystemWindowsDirectoryW
SetProcessShutdownParameters
GetEnvironmentStringsW
Process32NextW
CreateProcessW
GetEnvironmentStrings
CompareFileTime
GetCurrentProcessId
GetCommandLineW
WideCharToMultiByte
HeapSize
GetCommandLineA
Process32FirstW
RaiseException
MapViewOfFile
TlsFree
GetModuleHandleA
ReadFile
CloseHandle
GetACP
GetModuleHandleW
GetLongPathNameW
IsValidCodePage
HeapCreate
WriteFile
VirtualFree
Sleep
VirtualAlloc
SHGetSpecialFolderLocation
GetMessagePos
LoadBitmapW
DestroyMenu
PostQuitMessage
SetWindowPos
EndPaint
OpenIcon
VkKeyScanW
GetDC
IsCharAlphaA
GetCursorPos
ReleaseDC
SendMessageW
IsWindowEnabled
GetClientRect
ToAscii
SetCaretPos
DrawTextW
SetScrollPos
CallNextHookEx
IsClipboardFormatAvailable
LoadImageW
CountClipboardFormats
ClientToScreen
GetActiveWindow
RegisterClipboardFormatW
CopyAcceleratorTableW
DestroyWindow
DrawEdge
GetParent
UpdateWindow
CreateCaret
GetMessageW
ShowWindow
DrawFrameControl
GetNextDlgGroupItem
PeekMessageW
EnableWindow
CharUpperW
GetClipboardData
TranslateMessage
GetAsyncKeyState
GetDlgItemTextW
DestroyCaret
GetDlgItemInt
RegisterClassW
SetParent
SetClipboardData
IsZoomed
GetWindowPlacement
DrawMenuBar
IsIconic
DrawFocusRect
CreateMenu
IsDialogMessageW
FillRect
WaitForInputIdle
RealChildWindowFromPoint
CreateWindowExW
GetWindowLongW
GetMenuStringW
IsDialogMessageA
SetFocus
ReleaseCapture
BeginPaint
DefWindowProcW
GetScrollPos
GetKeyboardLayoutNameW
TrackMouseEvent
SetClipboardViewer
GetSystemMetrics
SetWindowLongW
SetScrollRange
GetWindowRect
InflateRect
DrawIcon
DrawTextExW
CharLowerW
SendDlgItemMessageW
PostMessageW
CheckDlgButton
CreateDialogParamW
CreatePopupMenu
ShowCaret
GetClassLongW
DrawIconEx
SetWindowTextW
GetDlgItem
ScreenToClient
GetKeyboardState
GetMenuItemCount
GetMenuState
SetWindowsHookExW
LoadCursorW
GetMenuItemID
InsertMenuW
SetForegroundWindow
OpenClipboard
EmptyClipboard
MapDialogRect
GetScrollRange
EndDialog
HideCaret
MessageBeep
LoadMenuW
CheckMenuItem
ShowScrollBar
MessageBoxW
GetMenu
UnhookWindowsHookEx
RegisterClipboardFormatA
MoveWindow
ChangeClipboardChain
GetClassWord
GetMenuItemRect
GetSysColor
SetDlgItemTextW
GetKeyState
EnableMenuItem
GetWindowRgnBox
IsWindowVisible
SystemParametersInfoW
WinHelpA
MonitorFromWindow
FrameRect
DeleteMenu
InvalidateRect
CallWindowProcW
GetClassNameW
DefDlgProcA
CallWindowProcA
GetCursor
GetFocus
wsprintfW
CloseClipboard
SetMenu
SetCursor
UnDecorateSymbolName
OleGetClipboard
Number of PE resources by type
RT_DIALOG 15
RT_ICON 6
RT_BITMAP 2
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 25
NEUTRAL 1
PE resources
ExifTool file metadata
SubsystemVersion
5.0

LinkerVersion
9.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
15.0.21022.8

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
222208

EntryPoint
0x1e632

OriginalFileName
XDCMAKE.EXE

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights reserved.

FileVersion
15.00.21022.08 built by: RTM

TimeStamp
2015:09:21 13:58:02+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
XDCMAKE.EXE

ProductVersion
9.00.21022.08

FileDescription
Microsoft XML Document Contents Merge Tool

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
180224

ProductName
Microsoft Visual Studio 2008

ProductVersionNumber
9.0.21022.8

FileTypeExtension
exe

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 86255ec982e822f6b57855d3866618ae
SHA1 476f755723050894d5efef0d3588539c748d1386
SHA256 ecba2d493ce276a3d5137a8b935b108cd7c8789f80093a248924951d3ae93c36
ssdeep
6144:+FZChMLamrNGqMkQV5rMASqKR3zzVjkScLP61WWNVZpRsLFe:+qhML5rNgNV5rtIDpLiPRsX6o

authentihash 6416d9ddd9ee969f44e57101862db9a23323b4a8cd9bc5de9950a33f60876fd1
imphash d192c11959bb0d9c795eddca397d3435
File size 395.2 KB ( 404729 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe overlay

VirusTotal metadata
First submission 2015-09-22 06:15:11 UTC ( 1 year, 11 months ago )
Last submission 2017-01-09 04:35:01 UTC ( 7 months, 1 week ago )
File names XDCMAKE.EXE
2.exe
06.exe
8C.tmp
ZeuS_binary_86255ec982e822f6b57855d3866618ae.exe
ZeuS_binary_86255ec982e822f6b57855d3866618ae.exe
2.exe
ZeuS_binary_86255ec982e822f6b57855d3866618ae.exe
ZeuS_binary_86255ec982e822f6b57855d3866618ae.exe
kk.exe
Malware33..exe
portable.exe
ecba2d493ce276a3d5137a8b935b108cd7c8789f80093a248924951d3ae93c36.exe
Advanced heuristic and reputation engines
TrendMicro-HouseCall
TrendMicro's heuristic engine has flagged this file as: TROJ_GEN.R03EC0CDI16.

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Created mutexes
Opened mutexes
Runtime DLLs