× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: eebc4cb5b3336bb6d4e0cdccb022140cae62ec581bf7b09424b408fe1aa8f3e9
File name: 326d623ad68eab0a4fed29debcad28ce51d9323f
Detection ratio: 8 / 57
Analysis date: 2015-06-17 01:11:03 UTC ( 3 years, 9 months ago ) View latest
Antivirus Result Update
AhnLab-V3 Trojan/Win32.MDA 20150616
Avast Win32:Malware-gen 20150617
AVG Zbot.ADWD 20150616
DrWeb Trojan.DownLoader13.47429 20150617
ESET-NOD32 Win32/Spy.Zbot.ACB 20150617
Kaspersky UDS:DangerousObject.Multi.Generic 20150617
TrendMicro TROJ_FORUCON.BMC 20150617
TrendMicro-HouseCall TROJ_FORUCON.BMC 20150617
Ad-Aware 20150617
AegisLab 20150617
Yandex 20150616
Alibaba 20150616
ALYac 20150617
Antiy-AVL 20150616
Arcabit 20150617
Avira (no cloud) 20150616
AVware 20150617
Baidu-International 20150616
BitDefender 20150617
Bkav 20150616
ByteHero 20150617
CAT-QuickHeal 20150616
ClamAV 20150617
CMC 20150615
Comodo 20150616
Cyren 20150616
Emsisoft 20150617
F-Prot 20150616
F-Secure 20150616
Fortinet 20150616
GData 20150617
Ikarus 20150617
Jiangmin 20150615
K7AntiVirus 20150616
K7GW 20150616
Kingsoft 20150617
Malwarebytes 20150616
McAfee 20150617
McAfee-GW-Edition 20150616
Microsoft 20150617
eScan 20150617
NANO-Antivirus 20150617
nProtect 20150616
Panda 20150616
Qihoo-360 20150617
Rising 20150616
Sophos AV 20150616
SUPERAntiSpyware 20150617
Symantec 20150617
Tencent 20150617
TheHacker 20150616
TotalDefense 20150616
VBA32 20150616
VIPRE 20150617
ViRobot 20150617
Zillya 20150616
Zoner 20150615
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © 2006 Mindgrub Technologies Corporation. All rights reserved.

Product Guess Window Mindgrub Technologies Ha
Original name Benext.exe
Internal name Benext.exe
File version 14.2.8651.5206
Description Guess Window
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-06-15 17:28:02
Entry Point 0x00003457
Number of sections 4
PE sections
PE imports
GetLastError
HeapFree
GetStdHandle
EnterCriticalSection
GetConsoleOutputCP
SetHandleCount
GetFileAttributesA
SetTapeParameters
GetConsoleCP
HeapDestroy
GetEnvironmentStringsW
IsDebuggerPresent
HeapAlloc
GetLocaleInfoA
TlsAlloc
VirtualProtect
GetVersionExA
GetModuleFileNameA
RtlUnwind
LoadLibraryA
FindFirstChangeNotificationW
GetACP
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetEnvironmentStrings
GetFileType
GetConsoleMode
HeapSize
InterlockedIncrement
LCMapStringW
WriteConsoleW
SetFilePointer
GetCommandLineW
LCMapStringA
GetCPInfo
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
GetStartupInfoW
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
QueryPerformanceCounter
GetStringTypeA
GetProcessHeap
SetStdHandle
CompareStringW
RaiseException
WideCharToMultiByte
GetModuleFileNameW
TlsFree
GetModuleHandleA
ReadFile
SetEndOfFile
SetUnhandledExceptionFilter
WriteFile
GetStartupInfoA
CloseHandle
GetSystemTimeAsFileTime
DuplicateHandle
HeapReAlloc
GetStringTypeW
SetEnvironmentVariableA
SetFileAttributesA
GetOEMCP
TerminateProcess
GetTimeZoneInformation
WriteConsoleA
InitializeCriticalSection
HeapCreate
VirtualFree
TlsGetValue
Sleep
FindNextChangeNotification
GetTickCount
TlsSetValue
CreateFileA
ExitProcess
GetCurrentThreadId
LeaveCriticalSection
VirtualAlloc
GetCurrentProcessId
SetLastError
CompareStringA
RasHangUpW
RasEnumConnectionsW
RasGetConnectStatusW
Number of PE resources by type
RT_MANIFEST 1
RT_VERSION 1
HU 1
Number of PE resources by language
ENGLISH US 3
PE resources
Debug information
ExifTool file metadata
LegalTrademarks
Guess Window Goodown should

SubsystemVersion
4.0

LinkerVersion
8.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
14.2.8651.5206

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

FileDescription
Guess Window

CharacterSet
Windows, Latin1

InitializedDataSize
139264

EntryPoint
0x3457

OriginalFileName
Benext.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright 2006 Mindgrub Technologies Corporation. All rights reserved.

FileVersion
14.2.8651.5206

TimeStamp
2015:06:15 18:28:02+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Benext.exe

ProductVersion
14.2.8651.5206

UninitializedDataSize
0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
217088

ProductName
Guess Window Mindgrub Technologies Ha

ProductVersionNumber
14.2.8651.5206

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 d29b27c71ef4ef25e9463b70b2c2495b
SHA1 326d623ad68eab0a4fed29debcad28ce51d9323f
SHA256 eebc4cb5b3336bb6d4e0cdccb022140cae62ec581bf7b09424b408fe1aa8f3e9
ssdeep
6144:JYbMaVaHVcfPgeSJPW207s40JG2QbbLN5x:JY3Va1cnge/22hemhn

authentihash f9da9f215b36481c4e4b3ceeb6c50b8b2c99994b790472b20ee259377f194ead
imphash 05bc8f3b92f85434b08f9283fb39defd
File size 292.0 KB ( 299008 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2015-06-17 01:11:03 UTC ( 3 years, 9 months ago )
Last submission 2015-06-17 01:11:03 UTC ( 3 years, 9 months ago )
File names Benext.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Created mutexes
Opened mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.