× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: f02e6545c79b4caf0d32f5a2e9afaa323d5b4fc37244bafb67167f33bf55f4e5
File name: xu4R1mW.exe
Detection ratio: 14 / 68
Analysis date: 2017-12-17 22:28:32 UTC ( 10 months, 1 week ago ) View latest
Antivirus Result Update
Avast FileRepMalware 20171217
AVG FileRepMalware 20171217
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20171216
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20171016
Cybereason malicious.4670b2 20171103
Cylance Unsafe 20171217
Endgame malicious (high confidence) 20171130
ESET-NOD32 a variant of Win32/GenKryptik.BJEF 20171217
Fortinet W32/Kryptik.FZTF!tr 20171217
Sophos ML heuristic 20170914
Qihoo-360 HEUR/QVM20.1.EA0B.Malware.Gen 20171217
SentinelOne (Static ML) static engine - malicious 20171207
Sophos AV Mal/EncPk-ANR 20171217
Webroot W32.Trojan.Emotet 20171217
Ad-Aware 20171217
AegisLab 20171217
AhnLab-V3 20171217
Alibaba 20171215
ALYac 20171217
Antiy-AVL 20171217
Arcabit 20171217
Avast-Mobile 20171217
Avira (no cloud) 20171217
AVware 20171217
BitDefender 20171217
Bkav 20171216
CAT-QuickHeal 20171216
ClamAV 20171217
CMC 20171217
Comodo 20171217
Cyren 20171217
DrWeb 20171217
eGambit 20171217
Emsisoft 20171217
F-Prot 20171217
F-Secure 20171217
GData 20171217
Ikarus 20171217
Jiangmin 20171217
K7AntiVirus 20171217
K7GW 20171214
Kaspersky 20171217
Kingsoft 20171217
Malwarebytes 20171217
MAX 20171217
McAfee 20171217
McAfee-GW-Edition 20171217
Microsoft 20171217
eScan 20171217
NANO-Antivirus 20171217
nProtect 20171217
Palo Alto Networks (Known Signatures) 20171217
Panda 20171217
Rising 20171217
SUPERAntiSpyware 20171217
Symantec 20171217
Symantec Mobile Insight 20171215
Tencent 20171217
TheHacker 20171210
TotalDefense 20171217
TrendMicro 20171217
TrendMicro-HouseCall 20171217
Trustlook 20171217
VBA32 20171215
VIPRE 20171217
ViRobot 20171217
WhiteArmor 20171204
Yandex 20171216
Zillya 20171217
ZoneAlarm by Check Point 20171217
Zoner 20171217
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright© Bucanier Rom Comp 1999-2010

Product Custom Sata Collectors Doorin
Original name pircdse
Internal name pircds
File version 2.0.7
Description Custom Sata Collect Doors
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-12-17 22:14:15
Entry Point 0x000018A0
Number of sections 7
PE sections
PE imports
GetCharWidthA
DeleteObject
CreateRectRgn
SetTextColor
GetLastError
IsWow64Process
CreateFileW
CreateThread
lstrlenA
lstrcatA
WriteFile
WaitForSingleObject
lstrcpyA
Sleep
CloseHandle
GetUserDefaultLCID
FindNextChangeNotification
SetupGetTargetPathW
SetupGetSourceFileLocationW
GetCursorPos
GetWindowRgn
IsClipboardFormatAvailable
GetCaretBlinkTime
GetIconInfo
LoadIconA
SetClipboardData
LoadMenuA
EnumWindows
DialogBoxParamA
FindWindowA
timeGetSystemTime
Number of PE resources by type
RT_DIALOG 14
RT_GROUP_ICON 2
RT_VERSION 1
Number of PE resources by language
ITALIAN 17
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
12.14

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
2.1.0.17

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Custom Sata Collect Doors

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Windows, Latin1

InitializedDataSize
114688

EntryPoint
0x18a0

OriginalFileName
pircdse

MIMEType
application/octet-stream

LegalCopyright
Copyright Bucanier Rom Comp 1999-2010

FileVersion
2.0.7

TimeStamp
2017:12:17 23:14:15+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
pircds

ProductVersion
4.30.6

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Bucanier Rom

CodeSize
0

ProductName
Custom Sata Collectors Doorin

ProductVersionNumber
2.1.0.17

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 7688deb426bbf90be6f06239ccc1711e
SHA1 efd99a24670b2a8c94c1532e3c9c7ffc85597c3c
SHA256 f02e6545c79b4caf0d32f5a2e9afaa323d5b4fc37244bafb67167f33bf55f4e5
ssdeep
3072:vHowSOog3X98IbHFgqziBNeqYLPA1I2jnT:vdSOognOIxgLUNA1j

authentihash 5c23a2897f5a9d7081c98e0bc113eba09de2bb57e5cfb3cb41e543e963074406
imphash 178e21fd0ee11f93c7f9f976ade9164a
File size 124.0 KB ( 126976 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2017-12-17 22:28:32 UTC ( 10 months, 1 week ago )
Last submission 2018-05-04 18:14:16 UTC ( 5 months, 3 weeks ago )
File names pircds
xu4R1mW.exe
pircdse
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Searched windows
UDP communications