× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: f09e5c46785065ac496b145dfa39ae64762ae24b6d3904087c45d5c4218ba098
File name: 8f4f30d8a2d98c1d24a95e59f90dacda01f057eb
Detection ratio: 5 / 57
Analysis date: 2015-03-06 17:54:44 UTC ( 4 years ago ) View latest
Antivirus Result Update
AhnLab-V3 Malware/Win32.Generic 20150306
Avast Win32:Evo-gen [Susp] 20150306
ESET-NOD32 a variant of Win32/Kryptik.DAXZ 20150306
Malwarebytes Trojan.Agent.ED 20150306
NANO-Antivirus Virus.Win32.Gen-Crypt.ccnc 20150306
Ad-Aware 20150306
AegisLab 20150306
Yandex 20150306
Alibaba 20150306
ALYac 20150306
Antiy-AVL 20150306
AVG 20150306
Avira (no cloud) 20150306
AVware 20150306
Baidu-International 20150306
BitDefender 20150306
Bkav 20150306
ByteHero 20150306
CAT-QuickHeal 20150306
ClamAV 20150306
CMC 20150304
Comodo 20150306
Cyren 20150306
DrWeb 20150306
Emsisoft 20150306
F-Prot 20150306
F-Secure 20150306
Fortinet 20150306
GData 20150306
Ikarus 20150306
Jiangmin 20150306
K7AntiVirus 20150306
K7GW 20150306
Kaspersky 20150306
Kingsoft 20150306
McAfee 20150306
McAfee-GW-Edition 20150306
Microsoft 20150306
eScan 20150306
Norman 20150306
nProtect 20150306
Panda 20150306
Qihoo-360 20150306
Rising 20150306
Sophos AV 20150306
SUPERAntiSpyware 20150306
Symantec 20150306
Tencent 20150306
TheHacker 20150306
TotalDefense 20150306
TrendMicro 20150306
TrendMicro-HouseCall 20150306
VBA32 20150306
VIPRE 20150306
ViRobot 20150306
Zillya 20150306
Zoner 20150306
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2005-04-13 16:40:59
Entry Point 0x00001000
Number of sections 10
PE sections
PE imports
GetObjectA
GetCurrentObject
CreateScalableFontResourceW
GetClipRgn
CreateRoundRectRgn
SetPixelFormat
TranslateCharsetInfo
GetCharABCWidthsFloatA
EndPath
FillPath
CreateDCW
ResetDCW
ModifyWorldTransform
GetTextExtentPointW
CreateMetaFileW
Number of PE resources by type
RT_BITMAP 1
RT_VERSION 1
Number of PE resources by language
NEUTRAL 1
ENGLISH US 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2005:04:13 17:40:59+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
340480

LinkerVersion
0.0

EntryPoint
0x1000

InitializedDataSize
141312

SubsystemVersion
4.1

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 ae28f5be92f7a51c04a13fc4199d9c28
SHA1 627486c9242f9f37ab98725d222342067e5fcb40
SHA256 f09e5c46785065ac496b145dfa39ae64762ae24b6d3904087c45d5c4218ba098
ssdeep
1536:daD0gnZoSMrHdaUE+/pv4Vdm1IAKZRCpaFWp:dXgZohBrxpw78tKnpWp

authentihash 1b14a5f21ba8d07dd22c32a274bf7c9a81795eacba7a09afae66ef2de4079f2d
imphash dd00e093e7baf90adba7f12868a09136
File size 477.5 KB ( 488960 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable (generic) (52.7%)
Generic Win/DOS Executable (23.4%)
DOS Executable Generic (23.4%)
VXD Driver (0.3%)
Tags
peexe

VirusTotal metadata
First submission 2015-03-06 17:54:44 UTC ( 4 years ago )
Last submission 2015-03-06 17:54:44 UTC ( 4 years ago )
File names 8f4f30d8a2d98c1d24a95e59f90dacda01f057eb
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.