× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: ecbd167f76ee38d549d4772f81f18d0ecaca1827a4b9bc952c33229f3eab5a03
File name: 85cdcddcdcdcdccdeeee.exe
Detection ratio: 33 / 56
Analysis date: 2016-08-29 08:08:16 UTC ( 2 years, 5 months ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Zusy.204114 20160829
AhnLab-V3 Trojan/Win32.Garrun.N2089063897 20160828
ALYac Gen:Variant.Zusy.204114 20160829
Arcabit Trojan.Zusy.D31D52 20160829
Avast Win32:Malware-gen 20160829
AVG Generic_r.MSU 20160829
Avira (no cloud) TR/Crypt.Xpack.ioxj 20160829
AVware Trojan.Win32.Generic!BT 20160827
BitDefender Gen:Variant.Zusy.204114 20160829
Bkav W32.FamVT.RazyNHmA.Trojan 20160827
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20160826
Cyren W32/S-e2e07e9d!Eldorado 20160829
DrWeb Trojan.PWS.Steam.12079 20160829
Emsisoft Gen:Variant.Zusy.204114 (B) 20160829
ESET-NOD32 a variant of Win32/Kryptik.FFHA 20160829
F-Prot W32/S-e2e07e9d!Eldorado 20160829
F-Secure Gen:Variant.Zusy.204114 20160829
Fortinet W32/Garrun.CSU!tr 20160829
GData Gen:Variant.Zusy.204114 20160829
Ikarus Trojan.Crypt.XPACK 20160829
K7GW Hacktool ( 655367771 ) 20160829
Kaspersky Trojan.Win32.Garrun.csz 20160829
Malwarebytes Backdoor.Andromeda 20160829
Microsoft Trojan:Win32/Lethic.B 20160829
eScan Gen:Variant.Zusy.204114 20160829
Panda Trj/GdSda.A 20160828
Qihoo-360 HEUR/QVM09.0.6023.Malware.Gen 20160829
Sophos AV Mal/Generic-S 20160829
Symantec Trojan Horse 20160829
Tencent Win32.Trojan.Garrun.Egoi 20160829
TrendMicro TROJ_GEN.R021C0DHS16 20160829
VIPRE Trojan.Win32.Generic!BT 20160829
Yandex Trojan.Garrun! 20160828
AegisLab 20160829
Alibaba 20160829
Antiy-AVL 20160829
Baidu 20160829
CAT-QuickHeal 20160829
ClamAV 20160827
CMC 20160824
Comodo 20160829
Sophos ML 20160826
Jiangmin 20160829
K7AntiVirus 20160829
Kingsoft 20160829
McAfee 20160829
McAfee-GW-Edition 20160829
NANO-Antivirus 20160829
nProtect 20160829
Rising 20160829
SUPERAntiSpyware 20160828
TheHacker 20160829
TotalDefense 20160829
TrendMicro-HouseCall 20160829
VBA32 20160826
ViRobot 20160829
Zillya 20160826
Zoner 20160829
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-08-25 07:12:25
Entry Point 0x00004262
Number of sections 4
PE sections
PE imports
RegDeleteKeyA
RegCloseKey
RegQueryValueExA
RegSetValueExA
RegDeleteValueA
RegCreateKeyExA
RegOpenKeyExA
RegEnumKeyA
RegEnumValueA
GetStdHandle
GetConsoleOutputCP
GetFileAttributesA
HeapDestroy
GetFileAttributesW
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
FreeEnvironmentStringsW
GetLocaleInfoW
SetStdHandle
GetCPInfo
GetStringTypeA
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
SetFileAttributesA
FreeLibrary
MoveFileA
InitializeCriticalSection
TlsGetValue
SetFileAttributesW
SetLastError
IsDebuggerPresent
HeapAlloc
GetVersionExA
GetModuleFileNameA
EnumSystemLocalesA
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
GetModuleHandleA
SetUnhandledExceptionFilter
SetEnvironmentVariableA
TerminateProcess
WriteConsoleA
SetEndOfFile
GetCurrentThreadId
LeaveCriticalSection
WriteConsoleW
HeapFree
EnterCriticalSection
SetHandleCount
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetStartupInfoA
GetFullPathNameA
GetUserDefaultLCID
GetProcessHeap
CompareStringW
CompareStringA
IsValidLocale
GetProcAddress
GetTimeZoneInformation
CreateFileW
GetFileType
TlsSetValue
CreateFileA
ExitProcess
InterlockedIncrement
GetLastError
DosDateTimeToFileTime
LCMapStringW
GetConsoleCP
LCMapStringA
GetEnvironmentStringsW
IsDBCSLeadByte
GetEnvironmentStrings
GetCurrentProcessId
SetFileTime
GetCurrentDirectoryA
HeapSize
GetCommandLineA
RaiseException
TlsFree
SetFilePointer
ReadFile
GlobalFlags
CloseHandle
GetACP
WideCharToMultiByte
IsValidCodePage
HeapCreate
VirtualFree
Sleep
VirtualAlloc
SHGetFileInfoA
SHGetSpecialFolderLocation
SHBrowseForFolderA
SHGetPathFromIDListA
ShellExecuteA
SHFileOperationA
EndDialog
KillTimer
SetProcessDefaultLayout
ShowWindow
SetWindowPos
CharToOemBuffA
MessageBoxW
DispatchMessageA
EnableWindow
PostMessageA
CharUpperW
DialogBoxParamW
MessageBoxA
SetWindowLongA
wvsprintfA
TranslateMessage
DialogBoxParamA
GetWindow
CharUpperA
SetWindowTextA
LoadStringA
GetSystemMetrics
SendMessageA
LoadStringW
SetWindowTextW
GetDlgItem
IsWindow
GetWindowLongA
FindWindowExA
SetTimer
GetClientRect
CopyRect
OemToCharBuffA
GetWindowTextA
DestroyWindow
Number of PE resources by type
RT_DIALOG 12
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 12
ENGLISH AUS 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2016:08:25 08:12:25+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
89088

LinkerVersion
9.0

EntryPoint
0x4262

InitializedDataSize
93696

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
0

File identification
MD5 fbbc936fca18695581257471147f2282
SHA1 cc9ce09d86cb300b933d499b372c40d50612a2c5
SHA256 ecbd167f76ee38d549d4772f81f18d0ecaca1827a4b9bc952c33229f3eab5a03
ssdeep
1536:PybBMMkaDggO0Q38Ck2l+owv5EldePwwpWGIG17/aiyQad9+0SeETwxRy+1yRyVV:PySmOPhwZ/IGFfad9+T5TwxMmtV

authentihash dd99d991c64b09a0d2ef964b8b2feabad5eb177ac0cd891b3d3c29c0956f3294
imphash 7d72ae52b2364839863c994ff3737d90
File size 148.5 KB ( 152064 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2016-08-25 07:39:02 UTC ( 2 years, 6 months ago )
Last submission 2018-05-24 12:29:34 UTC ( 9 months ago )
File names svckost38.exe
85cdcddcdcdcdccdeeee.exe
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Code injections in the following processes
Runtime DLLs
UDP communications