× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: ee14dcd20b2ee118618e3a28db72cce92ccd9e85dd8410e02479d9d624934b13
File name: services_$EA_binary.bin
Detection ratio: 28 / 46
Analysis date: 2012-12-07 14:52:50 UTC ( 1 year, 4 months ago )
Antivirus Result Update
AVG Generic_r.AZH 20121207
Agnitum Trojan.Sirefef!GQniL2zWyKg 20121207
AhnLab-V3 Trojan/Win32.Inject 20121207
AntiVir BDS/ZeroAccess.Gen 20121207
Avast Win32:Malware-gen 20121207
BitDefender Gen:Variant.Kazy.43429 20121207
ByteHero Trojan-Downloader.Win32.Tiny.cmq 20121130
Commtouch W32/Zaccess.G.gen!Eldorado 20121206
DrWeb BackDoor.Maxplus.6342 20121207
ESET-NOD32 Win32/Sirefef.EV 20121207
Emsisoft Gen:Variant.Kazy.77154 (B) 20121207
F-Prot W32/Zaccess.G.gen!Eldorado 20121206
F-Secure Gen:Variant.Kazy.43429 20121207
GData Gen:Variant.Kazy.43429 20121207
Ikarus Trojan.Win32.Sirefef 20121207
Jiangmin Backdoor.Generic.qdp 20121207
K7AntiVirus Trojan 20121206
Kaspersky HEUR:Backdoor.Win32.Generic 20121207
Kingsoft Win32.Hack.Undef.(kcloud) 20121206
Malwarebytes Rootkit.0Access 20121207
McAfee Trojan-FAKY!A70A09F7FDEA 20121207
McAfee-GW-Edition Trojan-FAKY!A70A09F7FDEA 20121207
MicroWorld-eScan Gen:Variant.Kazy.43429 20121207
Microsoft Trojan:Win32/Sirefef.BB 20121207
PCTools Trojan.Zeroaccess 20121207
Rising Trojan.Sirefef!4453 20121207
Symantec Trojan.Zeroaccess.C 20121207
VIPRE Trojan.Win32.Sirefef.pq (v) 20121207
Antiy-AVL 20121204
CAT-QuickHeal 20121207
ClamAV 20121207
Comodo 20121207
Fortinet 20121207
NANO-Antivirus 20121207
Norman 20121207
Panda 20121207
SUPERAntiSpyware 20121207
Sophos 20121207
TheHacker 20121207
TotalDefense 20121206
TrendMicro 20121207
TrendMicro-HouseCall 20121207
VBA32 20121207
ViRobot 20121207
eSafe 20121205
nProtect 20121207
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-07-22 15:10:25
Entry Point 0x00001875
Number of sections 4
PE sections
PE imports
CryptDestroyKey
CryptReleaseContext
CryptImportKey
MD5Update
MD5Final
CryptGenRandom
CryptSetHashParam
CryptAcquireContextW
CryptVerifySignatureW
MD5Init
CryptDestroyHash
CryptCreateHash
VirtualFree
GetLastError
CreateTimerQueueTimer
EnterCriticalSection
CreateThread
LocalAlloc
InitializeCriticalSection
LoadLibraryW
LocalFree
LoadLibraryA
FreeLibrary
DeleteCriticalSection
Sleep
DisableThreadLibraryCalls
GetSystemTimeAsFileTime
DeleteTimerQueueTimer
QueueUserAPC
VirtualAlloc
SleepEx
BindIoCompletionCallback
LeaveCriticalSection
AcceptEx
WSASocketW
Ord(3)
WSARecvFrom
WSASendTo
WSARecv
WSASend
Ord(111)
Ord(21)
Ord(116)
Ord(2)
Ord(115)
WSAIoctl
Ord(13)
ZwReadFile
RtlInitUnicodeString
ZwOpenKey
RtlImageNtHeader
wcstoul
memset
ZwQueryVolumeInformationFile
ZwQueueApcThread
swprintf
RtlUnwind
NtQueryVirtualMemory
ZwWaitHighEventPair
RtlFormatCurrentUserKeyPath
ZwWriteFile
ZwOpenProcessToken
qsort
RtlTimeToSecondsSince1980
wcslen
RtlImageDirectoryEntryToData
ZwCreateEventPair
ZwMapViewOfSection
wcsrchr
RtlExitUserThread
ZwQueryDirectoryFile
ZwCreateFile
ZwSetLowEventPair
ZwDeleteFile
ZwSetInformationFile
RtlAddressInSectionTable
RtlExpandEnvironmentStrings_U
ZwSetHighWaitLowEventPair
ZwQueryValueKey
wcscat
LdrProcessRelocationBlock
RtlFreeUnicodeString
ZwOpenEvent
memcpy
ZwSetEaFile
ZwUnmapViewOfSection
RtlNtStatusToDosError
ZwOpenFile
ZwQueryInformationToken
wcscpy
LdrGetProcedureAddress
ZwCreateSection
ZwQueryEaFile
RtlComputeCrc32
ZwClose
ZwCreateEvent
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2012:07:22 16:10:25+01:00

FileType
Win32 DLL

PEType
PE32

CodeSize
13312

LinkerVersion
9.0

EntryPoint
0x1875

InitializedDataSize
13312

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
0

File identification
MD5 a70a09f7fdeac67269f39d8785aa5078
SHA1 bbe0a2c7deb87c7600d4da3fcf0fab7a7cf60925
SHA256 ee14dcd20b2ee118618e3a28db72cce92ccd9e85dd8410e02479d9d624934b13
ssdeep
384:tdp2G9d9BdFpwMLlDZYWGQLOxV35Z8zM9PR16pMiVTb:159h+MLVZYWG3xV3Uw9PLz0b

File size 21.2 KB ( 21716 bytes )
File type Win32 DLL
Magic literal
MS-DOS executable PE for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
pedll

VirusTotal metadata
First submission 2012-12-07 14:52:50 UTC ( 1 year, 4 months ago )
Last submission 2012-12-07 14:52:50 UTC ( 1 year, 4 months ago )
File names services_$EA_binary.bin
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!