× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: f07cea12fe01dd640a6d3961beee38bcf481a6fbbdfc8814de2a6aa926a2fd88
File name: d1ab54f7572f577e0159d9b448a76f9e8ea039ae_4yez7irubz.ex
Detection ratio: 51 / 57
Analysis date: 2015-03-14 20:02:39 UTC ( 4 years, 2 months ago )
Antivirus Result Update
Ad-Aware Gen:Packed.Hiloti.1 20150314
Yandex TrojanSpy.Zbot!IPgkxWQmj3Y 20150312
AhnLab-V3 Win-Trojan/Hiloti2.Gen 20150314
Avast Win32:Hilot [Trj] 20150314
AVG Hiloti.W 20150314
Avira (no cloud) TR/Crypt.XPACK.Gen2 20150314
AVware Trojan.Win32.Hiloti.gen.d (v) 20150314
Baidu-International Trojan.Win32.Zbot.axW 20150314
BitDefender Gen:Packed.Hiloti.1 20150314
Bkav W32.NicuwmfA.Trojan 20150314
CAT-QuickHeal Trojan.Hiloti.gen 20150314
ClamAV Trojan.Zbot-7511 20150314
CMC Generic.Win32.f626ddc267!CMCRadar 20150313
Comodo TrojWare.Win32.TrojanDownloader.Mufanom.GEN 20150314
Cyren W32/Hiloti.D.gen!Eldorado 20150314
DrWeb Trojan.Siggen.64262 20150314
Emsisoft Gen:Packed.Hiloti.1 (B) 20150314
ESET-NOD32 Win32/Cimag.BR 20150314
F-Prot W32/Hiloti.D.gen!Eldorado 20150314
F-Secure Packed:W32/Mufanom.A 20150314
Fortinet W32/Hiloti.CDF!tr 20150314
GData Gen:Packed.Hiloti.1 20150314
Ikarus Trojan.Win32.Hiloti 20150314
Jiangmin TrojanSpy.Zbot.axi 20150314
K7AntiVirus Trojan ( 001345ee1 ) 20150314
K7GW Trojan ( 001345ee1 ) 20150314
Kaspersky HEUR:Trojan.Win32.Generic 20150314
Kingsoft Win32.Troj.Zbot.(kcloud) 20150314
Malwarebytes Trojan.Hiloti 20150314
McAfee Hiloti.gen.c 20150314
McAfee-GW-Edition Hiloti.gen.c 20150314
Microsoft Trojan:Win32/Hiloti.gen!D 20150314
eScan Gen:Packed.Hiloti.1 20150314
NANO-Antivirus Trojan.Win32.Zbot.bcqjk 20150314
Norman Hiloti.DAT 20150314
nProtect Trojan-Spy/W32.ZBot.42496.DG 20150313
Panda Trj/Downloader.XUO 20150311
Qihoo-360 Win32/Trojan.6b9 20150314
Rising PE:Trojan.Win32.Generic.11E5BE87!300269191 20150314
Sophos AV Mal/Hiloti-D 20150314
SUPERAntiSpyware Trojan.Agent/Gen 20150314
Symantec Trojan.Zefarch!gen 20150314
Tencent Win32.Trojan-spy.Zbot.Ebgg 20150314
TheHacker Trojan/Spy.Zbot.aety 20150313
TotalDefense Win32/Hiloti.URE 20150314
TrendMicro TROJ_HILOTI.DH 20150314
TrendMicro-HouseCall TROJ_HILOTI.DH 20150314
VBA32 BScope.Malware-Cryptor.Tip 20150314
VIPRE Trojan.Win32.Hiloti.gen.d (v) 20150314
ViRobot Spyware.Zbot.42496.E[h] 20150314
Zillya Trojan.Zbot.Win32.17252 20150314
AegisLab 20150314
Alibaba 20150314
ALYac 20150315
Antiy-AVL 20150314
ByteHero 20150314
Zoner 20150313
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (C) 2009

Publisher Leader Technologies
Product PowerReg
Original name CAP1.exe
Internal name CAP1
File version 1.03
Description Capcom Product Registration
Comments EN
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2009-01-02 01:48:00
Entry Point 0x00005264
Number of sections 4
PE sections
PE imports
GetLastError
GetConsoleCP
GetOEMCP
HeapAlloc
RtlUnwind
GetSystemDirectoryA
GetStartupInfoA
WideCharToMultiByte
MultiByteToWideChar
GetCommandLineA
GetCPInfo
GetModuleHandleA
FindFirstFileA
SetUnhandledExceptionFilter
CloseHandle
GetSystemTimeAsFileTime
GetACP
HeapReAlloc
SetPriorityClass
HeapCreate
SetEndOfFile
ExitProcess
FindResourceA
SetLastError
setlocale
__p__commode
vswprintf
__getmainargs
exit
__set_app_type
GetCapture
FindWindowA
BeginPaint
GetDlgItem
MsgWaitForMultipleObjects
mmioGetInfo
waveOutGetNumDevs
mmioAscend
mmioOpenA
mmioSetInfo
mmioAdvance
PE exports
Number of PE resources by type
RT_ACCELERATOR 2
RT_VERSION 1
Number of PE resources by language
ENGLISH US 3
PE resources
ExifTool file metadata
SubsystemVersion
4.0

Comments
EN

LinkerVersion
8.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
0.1.0.3

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Capcom Product Registration

CharacterSet
Unicode

InitializedDataSize
16384

FileOS
Win32

MIMEType
application/octet-stream

LegalCopyright
Copyright (C) 2009

FileVersion
1.03

TimeStamp
2009:01:02 02:48:00+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
CAP1

ProductVersion
1.03

UninitializedDataSize
0

OSVersion
4.0

OriginalFilename
CAP1.exe

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Leader Technologies

CodeSize
32768

ProductName
PowerReg

ProductVersionNumber
0.1.0.3

EntryPoint
0x5264

ObjectFileType
Executable application

CarbonBlack CarbonBlack acts as a surveillance camera for computers
While monitoring an end-user machine in-the-wild, CarbonBlack noticed the following files in execution wrote this sample to disk.
File identification
MD5 f626ddc2671d0913704c964e8af693ad
SHA1 d1ab54f7572f577e0159d9b448a76f9e8ea039ae
SHA256 f07cea12fe01dd640a6d3961beee38bcf481a6fbbdfc8814de2a6aa926a2fd88
ssdeep
768:mLqxSyqsSr7R0Ew264TyMoLfQXeijFont7Jqp74fB9TCulI/u1fsRMWTwU0:mLqUyohwBrIXhhMt7Ep7sPlmu1xU

authentihash 3d9d8d4b76158b8fdbe229eabd295504fe9cc823a2586ef4a40065338e5b34ee
imphash cad7faa1ba4e6d0b562f1fe3f7c5aeb6
File size 41.5 KB ( 42496 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe

VirusTotal metadata
First submission 2010-02-17 02:12:15 UTC ( 9 years, 3 months ago )
Last submission 2015-03-14 20:02:39 UTC ( 4 years, 2 months ago )
File names aa
CAP1
CAP1.exe
f626ddc2671d913704c964e8af693ad.bin
tjJeI.xdp
T7vvRX94y.vbs
d1ab54f7572f577e0159d9b448a76f9e8ea039ae_4yez7irubz.ex
Behaviour characterization
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!