× Cookies are disabled! This site requires cookies to be enabled to work properly
VirusTotal
SHA256: f220a966aaffb0bab4956c35d392564993e310211c3b7b9e9834910258dea3da
File name: 2401.exe
Detection ratio: 4 / 57
Analysis date: 2017-01-25 07:47:12 UTC ( 2 years ago ) View latest
Antivirus Result Update
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9995 20170125
CrowdStrike Falcon (ML) malicious_confidence_84% (D) 20161024
Sophos ML virus.win32.sality.at 20170111
Qihoo-360 HEUR/QVM10.1.0000.Malware.Gen 20170125
Ad-Aware 20170125
AegisLab 20170125
AhnLab-V3 20170125
Alibaba 20170122
ALYac 20170125
Antiy-AVL 20170125
Arcabit 20170125
Avast 20170125
AVG 20170125
Avira (no cloud) 20170124
AVware 20170125
BitDefender 20170125
Bkav 20170123
CAT-QuickHeal 20170125
ClamAV 20170125
CMC 20170125
Comodo 20170125
Cyren 20170125
DrWeb 20170125
Emsisoft 20170125
ESET-NOD32 20170125
F-Prot 20170125
F-Secure 20170125
Fortinet 20170125
GData 20170125
Ikarus 20170124
Jiangmin 20170125
K7AntiVirus 20170125
K7GW 20170125
Kaspersky 20170125
Kingsoft 20170125
Malwarebytes 20170125
McAfee 20170125
McAfee-GW-Edition 20170124
Microsoft 20170125
eScan 20170125
NANO-Antivirus 20170125
nProtect 20170125
Panda 20170124
Rising 20170125
Sophos AV 20170125
SUPERAntiSpyware 20170125
Symantec 20170124
Tencent 20170125
TheHacker 20170125
TotalDefense 20170125
TrendMicro 20170125
TrendMicro-HouseCall 20170125
Trustlook 20170125
VBA32 20170124
VIPRE 20170125
ViRobot 20170125
WhiteArmor 20170123
Yandex 20170124
Zillya 20170125
Zoner 20170125
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
(C) 2007-2015 Photomix Corporation

Product AvayaliveDrilled
Original name AvayaliveDrilled.exe
Internal name AvayaliveDrilled
Description Expression Forrest Traceroute Worse Expression Redefine
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-01-24 21:45:40
Entry Point 0x00007295
Number of sections 4
PE sections
PE imports
[+] ADVAPI32.dll
GetSidIdentifierAuthority
RegisterTraceGuidsA
GetSidLengthRequired
GetServiceKeyNameA
[+] AVIFIL32.dll
AVIStreamGetFrame
AVIStreamGetFrameOpen
AVIStreamGetFrameClose
[+] COMCTL32.dll
ImageList_Create
ImageList_ReplaceIcon
ImageList_Add
[+] CRYPTUI.dll
CryptUIWizImport
[+] GDI32.dll
ExcludeClipRect
EndPage
SelectObject
StartDocA
SelectPalette
GetPixel
CreateSolidBrush
StartPage
SelectClipRgn
DeleteObject
[+] KERNEL32.dll
GetSystemTime
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
SetHandleCount
FileTimeToSystemTime
LoadLibraryW
GetConsoleCP
GetOEMCP
LCMapStringA
IsDebuggerPresent
GetTickCount
TlsAlloc
GetEnvironmentStringsW
FlushFileBuffers
GetModuleFileNameA
RtlUnwind
LoadLibraryA
FreeEnvironmentStringsA
DeleteCriticalSection
LeaveCriticalSection
GetEnvironmentStrings
GetFileAttributesExA
GetConsoleMode
GetLocaleInfoA
GetCurrentProcessId
GetConsoleOutputCP
WideCharToMultiByte
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
HeapSize
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
TlsFree
LoadResource
GetProcessHeap
SetStdHandle
GetModuleHandleA
RaiseException
GetCPInfo
GetStringTypeA
SetFilePointer
ReadFile
SetUnhandledExceptionFilter
WriteFile
GetStartupInfoA
CloseHandle
GetSystemTimeAsFileTime
TerminateProcess
GetACP
HeapReAlloc
GetStringTypeW
GetModuleHandleW
HeapAlloc
FindResourceExW
QueryPerformanceCounter
WriteConsoleA
EnumTimeFormatsA
GetCurrentProcess
IsValidCodePage
HeapCreate
SetLastError
VirtualFree
InterlockedDecrement
Sleep
GetFileType
SetEndOfFile
TlsSetValue
CreateFileA
ExitProcess
GetCurrentThreadId
InterlockedIncrement
VirtualAlloc
WriteConsoleW
MulDiv
[+] OLEAUT32.dll
SysFreeString
QueryPathOfRegTypeLib
[+] SHELL32.dll
SHGetFileInfoA
[+] USER32.dll
GetParent
UpdateWindow
SetMenuItemBitmaps
LoadMenuA
OffsetRect
CopyIcon
PostQuitMessage
ShowWindow
LoadBitmapA
SetWindowPos
GetWindowThreadProcessId
SendDlgItemMessageA
GetSystemMetrics
IsWindow
AppendMenuA
GetWindowRect
SetWindowPlacement
GetCursorInfo
DrawIcon
WindowFromPoint
MessageBoxA
SetClipboardViewer
GetWindowLongA
GetMenuItemID
SetWindowLongA
GetCursorPos
InsertMenuA
BeginPaint
CheckMenuItem
GetSubMenu
EnumDisplayDevicesA
DrawIconEx
GetWindowPlacement
SendMessageA
GetClientRect
CreateWindowExA
GetDlgItem
ClientToScreen
DeleteMenu
InvalidateRect
LoadAcceleratorsA
GetPriorityClipboardFormat
SetTimer
CountClipboardFormats
GetMenuItemCount
GetSystemMenu
GetDC
GetMenuItemInfoA
FillRect
OpenClipboard
DestroyWindow
[+] USP10.dll
ScriptApplyDigitSubstitution
ScriptApplyLogicalWidth
[+] WINHTTP.dll
WinHttpTimeFromSystemTime
WinHttpSetTimeouts
[+] WS2_32.dll
WSASocketA
gethostname
socket
bind
WSAStartup
gethostbyname
htons
WSAIoctl
[+] ole32.dll
CoInitialize
CoGetClassObject
IIDFromString
CoLockObjectExternal
Number of PE resources by type
RT_STRING 12
RT_BITMAP 10
RT_RCDATA 7
RT_ICON 6
UNICODEDATA 5
BIN 4
Struct(240) 2
PNG 2
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 51
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
5.0

InitializedDataSize
561664

ImageVersion
0.0

ProductName
AvayaliveDrilled

FileVersionNumber
6.7.94.8

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

LinkerVersion
9.0

FileTypeExtension
exe

OriginalFileName
AvayaliveDrilled.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

TimeStamp
2017:01:24 22:45:40+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
AvayaliveDrilled

ProductVersion
6.7.94.8

FileDescription
Expression Forrest Traceroute Worse Expression Redefine

OSVersion
5.0

FileOS
Windows NT 32-bit

LegalCopyright
(C) 2007-2015 Photomix Corporation

MachineType
Intel 386 or later, and compatibles

CompanyName
Photomix Corporation

CodeSize
101888

FileSubtype
0

ProductVersionNumber
6.7.94.8

EntryPoint
0x7295

ObjectFileType
Executable application

File identification
MD5 b448453b7f2d7758c6e2b6c0a22b0c6c
SHA1 a186034886f6b1c2dd837289ead660ba560f518c
SHA256 f220a966aaffb0bab4956c35d392564993e310211c3b7b9e9834910258dea3da
ssdeep
12288:Ibz6b2EhNyw6QSTPeTiPNLQZ01jcT0x7mYqX3hl8EG9WS115:Ib2b2Evy/1TmTiPNLQi1mciYqh+AU15

authentihash 3238d324defb21bd10a13f70044bf57a90503527047668b3656c72142819ffa6
imphash 719ae7386d29d41a3f45783700efd9a7
File size 649.0 KB ( 664576 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID InstallShield setup (36.1%)
Win32 Executable MS Visual C++ (generic) (26.2%)
Win64 Executable (generic) (23.2%)
Win32 Dynamic Link Library (generic) (5.5%)
Win32 Executable (generic) (3.7%)
Tags
peexe

VirusTotal metadata
First submission 2017-01-25 07:47:12 UTC ( 2 years ago )
Last submission 2018-05-15 00:04:18 UTC ( 9 months, 1 week ago )
File names b448453b7f2d7758c6e2b6c0a22b0c6c.exe
ce7a1c1c7fd839291264d9a9f627d32f0772d904
2017-01-25-Ursnif-sample-caused-by-Japanese-malspam.exe
2401.exe
2401.exe
Ursnif-sample-caused-by-Japanese-malspam.exe
VirusShare_b448453b7f2d7758c6e2b6c0a22b0c6c
AvayaliveDrilled.exe
AvayaliveDrilled
RmpDK.fon
N1heDsnTEJ
aa
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!
More comments

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

Sign in Join the community
No votes. No one has voted on this item yet, be the first one to do so!
More votes
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Runtime DLLs
UDP communications
Blog | Twitter | Contact us | ToS | Privacy policy