× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: ed3d622c54b474c6caef540a3147731a1b2c7d4a7563b97731880bb15305d47d
File name: ed3d622c54b474c6caef540a3147731a1b2c7d4a7563b97731880bb15305d47d
Detection ratio: 38 / 56
Analysis date: 2015-01-03 12:21:04 UTC ( 4 years ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.2008370 20150103
Yandex Trojan.Agent!kaM9KnedAMI 20150101
ALYac Trojan.GenericKD.2008370 20150103
Antiy-AVL Trojan/Win32.Yakes 20150103
Avast Win32:Trojan-gen 20150103
AVG Agent5.DOX 20150103
Avira (no cloud) TR/Crypt.ZPACK.95165 20150102
AVware Trojan.Win32.Generic!BT 20150103
Baidu-International Trojan.Win32.Yakes.aU 20150103
BitDefender Trojan.GenericKD.2008370 20150103
CAT-QuickHeal Trojan.Yakes.r4 20150102
Cyren W32/Trojan.ZEFK-5620 20150103
DrWeb Trojan.Swizzor.19399 20150103
Emsisoft Trojan.GenericKD.2008370 (B) 20150103
ESET-NOD32 Win32/Agent.WGV 20150103
F-Secure Trojan.GenericKD.2008370 20150103
Fortinet W32/Yakes.HKOY!tr 20150103
GData Trojan.GenericKD.2008370 20150103
Ikarus Trojan-Spy.Zbot 20150103
K7AntiVirus Unwanted-Program ( 004a8e8a1 ) 20150102
K7GW Unwanted-Program ( 004a8e8a1 ) 20150102
Kaspersky Trojan.Win32.Yakes.hkoy 20150103
Malwarebytes Trojan.Agent 20150103
McAfee RDN/Generic.dx!dh3 20150103
McAfee-GW-Edition BehavesLike.Win32.MPlug.dc 20150103
eScan Trojan.GenericKD.2008370 20150103
NANO-Antivirus Trojan.Win32.Yakes.djrwsx 20150103
Norman Suspicious_Gen4.HIFNF 20150103
nProtect Trojan.GenericKD.2008370 20150102
Panda Trj/Genetic.gen 20150103
Qihoo-360 HEUR/QVM10.1.Malware.Gen 20150103
Rising PE:Trojan.Win32.Generic.17D7A046!400007238 20141231
Sophos AV Troj/Wonton-KX 20150103
Symantec Trojan.Gen.2 20150103
TrendMicro TROJ_GEN.R0CCC0PL514 20150103
TrendMicro-HouseCall TROJ_GEN.R0CCC0PL514 20150103
VIPRE Trojan.Win32.Generic!BT 20150103
Zillya Trojan.Yakes.Win32.27153 20150103
AegisLab 20150103
AhnLab-V3 20150102
Bkav 20141230
ByteHero 20150103
ClamAV 20150103
CMC 20150102
Comodo 20150103
F-Prot 20150103
Jiangmin 20150102
Kingsoft 20150103
Microsoft 20150103
SUPERAntiSpyware 20150103
Tencent 20150103
TheHacker 20150103
TotalDefense 20150103
VBA32 20150102
ViRobot 20150103
Zoner 20141228
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-12-02 16:44:30
Entry Point 0x00001C80
Number of sections 4
PE sections
PE imports
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
TextOutA
SetMapMode
SelectObject
GetStockObject
SetViewportOrgEx
SetWindowExtEx
CreateFontIndirectA
SetViewportExtEx
RoundRect
DeleteObject
Ellipse
Pie
HeapSize
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetSystemTimeAsFileTime
EnterCriticalSection
LCMapStringW
OutputDebugStringW
FileTimeToSystemTime
lstrlenA
GetFileAttributesA
GetConsoleCP
GetOEMCP
QueryPerformanceCounter
IsDebuggerPresent
HeapAlloc
TlsAlloc
FlushFileBuffers
GetEnvironmentStringsW
GetProcAddress
GetModuleFileNameA
RtlUnwind
GetStdHandle
HeapSetInformation
GetCurrentProcess
GetDateFormatA
FileTimeToLocalFileTime
GetConsoleMode
GetLocaleInfoA
GetCurrentProcessId
SetHandleCount
GetModuleHandleW
HeapQueryInformation
WideCharToMultiByte
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
GetStartupInfoW
FreeEnvironmentStringsW
GetCommandLineA
GetUserDefaultLCID
GetFileType
SetStdHandle
GetModuleFileNameW
RaiseException
GetCPInfo
LoadLibraryW
TlsFree
SetFilePointer
GetSystemDirectoryW
DeleteCriticalSection
GetCurrentThreadId
SetUnhandledExceptionFilter
WriteFile
HeapValidate
CloseHandle
IsProcessorFeaturePresent
GetACP
HeapReAlloc
GetStringTypeW
DecodePointer
TerminateProcess
IsValidCodePage
HeapCreate
SetLastError
CreateFileW
InterlockedDecrement
IsBadReadPtr
GetTickCount
TlsSetValue
EncodePointer
OutputDebugStringA
InterlockedIncrement
ExitProcess
WriteConsoleW
LeaveCriticalSection
NetShareGetInfo
SHParseDisplayName
SetLayeredWindowAttributes
GetWindowLongA
BeginPaint
IsWindow
EndPaint
PostQuitMessage
CopyRect
EnumWindows
SendMessageA
GetClientRect
SetParent
DefWindowProcA
IsDialogMessageA
InvalidateRect
CoInitialize
Number of PE resources by type
RT_HTML 5
RT_ICON 4
RT_ACCELERATOR 2
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 14
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
5.1

LinkerVersion
10.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
2014.0.0.0

UninitializedDataSize
0

LanguageCode
Unknown (4090)

FileFlagsMask
0x003f

CharacterSet
Unknown (4B0)

InitializedDataSize
94208

EntryPoint
0x1c80

OriginalFileName
Wipe.exe

MIMEType
application/octet-stream

FileVersion
2014.15.0.0

TimeStamp
2014:12:02 17:44:30+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Wipe.exe

ProductVersion
2014.15.0.0

FileDescription
Cleaner

OSVersion
5.1

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
202240

ProductName
Wipe

ProductVersionNumber
2014.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 f9ba34db9fbc59b4c92028381a9083b2
SHA1 4f71ca28549747dc4be9b076d7381165c836805f
SHA256 ed3d622c54b474c6caef540a3147731a1b2c7d4a7563b97731880bb15305d47d
ssdeep
6144:6O4HYSJiclbfab+BZOQIf90UeNELkcV+0JJOyWKMMN:6O4HYSJJab+H1UYEIcV+kzh

authentihash 3e572abf0663df50f5f8f53976bbf17342071e491a0adbd39f996a06aedac6f5
imphash ffcd798b1eb7be480d430eed88b17963
File size 290.5 KB ( 297472 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe via-tor

VirusTotal metadata
First submission 2014-12-03 09:45:09 UTC ( 4 years, 1 month ago )
Last submission 2015-04-21 13:46:21 UTC ( 3 years, 9 months ago )
File names F9BA34DB9FBC59B4C92028381A9083B2
ed3d622c54b474c6caef540a3147731a1b2c7d4a7563b97731880bb15305d47d.exe
ed3d622c54b474c6caef540a3147731a1b2c7d4a7563b97731880bb15305d47d
foto-20141102_001.JPEG.exe
foto-20141102_001.JPEG.ex_
ed3d622c54b474c6caef540a3147731a1b2c7d4a7563b97731880bb15305d47d.log
file-7962492_
4.f9ba34db9fbc59b4c92028381a9083b2.exe
WL-4d21cff8d97fc3a606588d8ddffff4e7-0
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created processes
Created mutexes
Opened mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.