× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: f356fa83de4a8a53ede1d5ba3f8f60e1e2bdddd8a35f0df8778792f31a96a8ba
File name: f356fa83de4a8a53ede1d5ba3f8f60e1e2bdddd8a35f0df8778792f31a96a8ba.bin
Detection ratio: 24 / 56
Analysis date: 2014-12-18 20:54:00 UTC ( 2 years, 6 months ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Zusy.118967 20141218
AhnLab-V3 Trojan/Win32.Graftor 20141218
ALYac Gen:Variant.Zusy.118967 20141218
Antiy-AVL Trojan[Spy]/Win32.Zbot 20141218
Avast Win32:Zbot-SGZ [Trj] 20141218
AVG SHeur4.CEQG 20141218
BitDefender Gen:Variant.Zusy.118967 20141218
DrWeb Trojan.PWS.Panda.7278 20141218
Emsisoft Gen:Variant.Zusy.118967 (B) 20141218
ESET-NOD32 a variant of Win32/Injector.BRGZ 20141218
F-Secure Gen:Variant.Zusy.118967 20141218
GData Gen:Variant.Zusy.118967 20141218
Ikarus Trojan.Win32.Resetter 20141218
K7GW Trojan ( 050000001 ) 20141218
Kaspersky Trojan.Win32.Resetter.urv 20141218
Malwarebytes Trojan.Zbot 20141218
McAfee Generic-FAVO!09F9E21151C1 20141218
McAfee-GW-Edition Generic-FAVO!09F9E21151C1 20141218
Microsoft VirTool:Win32/CeeInject.gen!KK 20141218
eScan Gen:Variant.Zusy.118967 20141218
NANO-Antivirus Trojan.Win32.Panda.dklzrq 20141218
Qihoo-360 Malware.QVM07.Gen 20141218
Rising PE:Malware.FakePDF@CV!1.9C3A 20141217
Sophos Troj/Agent-AKSR 20141218
AegisLab 20141218
Yandex 20141217
Avira (no cloud) 20141218
AVware 20141218
Baidu-International 20141218
Bkav 20141217
ByteHero 20141218
CAT-QuickHeal 20141218
ClamAV 20141218
CMC 20141218
Comodo 20141218
Cyren 20141218
F-Prot 20141218
Fortinet 20141218
Jiangmin 20141218
K7AntiVirus 20141218
Kingsoft 20141218
Norman 20141218
nProtect 20141218
Panda 20141218
SUPERAntiSpyware 20141218
Symantec 20141218
Tencent 20141218
TheHacker 20141217
TotalDefense 20141218
TrendMicro 20141218
TrendMicro-HouseCall 20141218
VBA32 20141218
VIPRE 20141218
ViRobot 20141218
Zillya 20141218
Zoner 20141216
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
\(C) 2011

Publisher
Product draw
Original name draw.exe
Internal name draw
File version 1, 0, 0, 1
Description draw
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-12-14 17:36:20
Entry Point 0x000074E4
Number of sections 6
PE sections
PE imports
CreateFontIndirectW
CreatePen
GetStockObject
CreateSolidBrush
DPtoLP
RoundRect
Ellipse
Rectangle
LPtoDP
GetCurrentProcessId
OpenProcess
GetStartupInfoW
GetModuleHandleW
Ord(3820)
Ord(2406)
Ord(1863)
Ord(6113)
Ord(5573)
Ord(4621)
Ord(402)
Ord(4298)
Ord(5298)
Ord(5880)
Ord(1634)
Ord(2980)
Ord(6371)
Ord(2112)
Ord(2374)
Ord(6567)
Ord(2438)
Ord(2287)
Ord(5237)
Ord(4073)
Ord(3657)
Ord(5275)
Ord(6048)
Ord(4607)
Ord(2381)
Ord(5257)
Ord(4435)
Ord(5736)
Ord(4422)
Ord(5236)
Ord(2916)
Ord(4523)
Ord(5727)
Ord(2093)
Ord(4240)
Ord(3744)
Ord(4148)
Ord(4616)
Ord(3167)
Ord(6332)
Ord(2873)
Ord(3346)
Ord(517)
Ord(2382)
Ord(4518)
Ord(4717)
Ord(5869)
Ord(4852)
Ord(4462)
Ord(1569)
Ord(4539)
Ord(6370)
Ord(6325)
Ord(815)
Ord(4525)
Ord(3257)
Ord(2546)
Ord(2119)
Ord(641)
Ord(3917)
Ord(861)
Ord(3449)
Ord(2388)
Ord(5256)
Ord(2354)
Ord(338)
Ord(5099)
Ord(289)
Ord(4312)
Ord(4128)
Ord(2502)
Ord(3076)
Ord(4414)
Ord(4233)
Ord(6137)
Ord(2522)
Ord(1739)
Ord(4430)
Ord(3142)
Ord(3060)
Ord(3193)
Ord(6127)
Ord(5790)
Ord(5285)
Ord(4617)
Ord(5600)
Ord(6195)
Ord(4381)
Ord(5058)
Ord(414)
Ord(1165)
Ord(2486)
Ord(617)
Ord(2356)
Ord(5092)
Ord(825)
Ord(4604)
Ord(5710)
Ord(5276)
Ord(5251)
Ord(5244)
Ord(4401)
Ord(2874)
Ord(540)
Ord(5095)
Ord(2858)
Ord(4335)
Ord(5273)
Ord(4360)
Ord(2619)
Ord(4431)
Ord(1767)
Ord(4613)
Ord(4051)
Ord(2371)
Ord(3568)
Ord(4480)
Ord(4229)
Ord(401)
Ord(823)
Ord(5070)
Ord(6617)
Ord(529)
Ord(4269)
Ord(4537)
Ord(5996)
Ord(1851)
Ord(4954)
Ord(6597)
Ord(2504)
Ord(2286)
Ord(5006)
Ord(1912)
Ord(800)
Ord(5157)
Ord(5468)
Ord(5250)
Ord(2875)
Ord(6051)
Ord(5261)
Ord(5817)
Ord(3074)
Ord(1658)
Ord(3345)
Ord(2613)
Ord(3592)
Ord(4609)
Ord(554)
Ord(2047)
Ord(2109)
Ord(535)
Ord(2977)
Ord(2116)
Ord(5233)
Ord(1718)
Ord(5784)
Ord(2641)
Ord(3864)
Ord(3053)
Ord(796)
Ord(1850)
Ord(4957)
Ord(674)
Ord(293)
Ord(4831)
Ord(2505)
Ord(5080)
Ord(4116)
Ord(2618)
Ord(4158)
Ord(4606)
Ord(975)
Ord(6076)
Ord(2715)
Ord(4426)
Ord(3398)
Ord(784)
Ord(3725)
Ord(4461)
Ord(3614)
Ord(858)
Ord(5783)
Ord(4992)
Ord(5297)
Ord(4608)
Ord(4883)
Ord(3290)
Ord(6205)
Ord(4459)
Ord(4817)
Ord(3743)
Ord(986)
Ord(2377)
Ord(4893)
Ord(3825)
Ord(3490)
Ord(4419)
Ord(4074)
Ord(713)
Ord(2640)
Ord(1089)
Ord(5467)
Ord(4421)
Ord(2383)
Ord(4520)
Ord(3254)
Ord(2506)
Ord(4947)
Ord(3341)
Ord(4257)
Ord(4451)
Ord(5855)
Ord(2732)
Ord(4692)
Ord(6150)
Ord(5871)
Ord(4847)
Ord(2534)
Ord(1817)
Ord(4347)
Ord(2717)
Ord(324)
Ord(2391)
Ord(5296)
Ord(2527)
Ord(1768)
Ord(4704)
Ord(3793)
Ord(3688)
Ord(3826)
Ord(5193)
Ord(2971)
Ord(5239)
Ord(5096)
Ord(1720)
Ord(4075)
Ord(2854)
Ord(4147)
Ord(652)
Ord(5094)
Ord(4420)
Ord(2436)
Ord(1131)
Ord(5456)
Ord(3733)
Ord(6212)
Ord(5303)
Ord(2793)
Ord(4343)
Ord(6171)
Ord(5208)
Ord(4583)
Ord(5280)
Ord(6115)
Ord(1230)
Ord(1708)
Ord(807)
Ord(561)
Ord(4292)
Ord(411)
Ord(3792)
Ord(3054)
Ord(3658)
Ord(6372)
Ord(3131)
Ord(2375)
Ord(4154)
Ord(5059)
Ord(2859)
Ord(5230)
Ord(6211)
Ord(4072)
Ord(4103)
Ord(4241)
Ord(5279)
Ord(4370)
Ord(613)
Ord(976)
Ord(2437)
Ord(2362)
Ord(296)
Ord(5649)
Ord(4418)
Ord(6365)
Ord(4263)
Ord(5286)
Ord(4690)
Ord(1703)
Ord(3621)
Ord(5098)
__p__fmode
__wgetmainargs
_ftol
fread
fclose
__dllonexit
_except_handler3
fseek
sqrt
_onexit
ftell
abs
exit
_XcptFilter
rewind
__setusermatherr
_adjust_fdiv
_wcmdln
__CxxFrameHandler
__p__commode
_wfopen
_controlfp
_initterm
_exit
__set_app_type
GetModuleFileNameExW
DrawFocusRect
GetMenu
SendMessageW
UpdateWindow
IntersectRect
EnableWindow
LoadCursorW
PtInRect
SetCapture
ReleaseCapture
GetClientRect
ClipCursor
SetCursor
ReleaseDC
InvalidateRect
SetRect
GetDC
CheckMenuItem
Number of PE resources by type
RT_STRING 14
RT_ICON 7
RT_DIALOG 4
Struct(241) 2
RT_MENU 2
RT_BITMAP 2
RAR 1
RT_ACCELERATOR 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
GERMAN 14
CHINESE SIMPLIFIED 12
NEUTRAL 9
PE resources
ExifTool file metadata
SubsystemVersion
4.0

InitializedDataSize
741376

ImageVersion
0.0

ProductName
draw

FileVersionNumber
1.0.0.1

UninitializedDataSize
0

LanguageCode
German (Swiss)

FileFlagsMask
0x003f

CharacterSet
Unicode

LinkerVersion
6.0

OriginalFilename
draw.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
1, 0, 0, 1

TimeStamp
2014:12:14 18:36:20+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
draw

FileAccessDate
2014:12:18 21:54:20+01:00

ProductVersion
1, 0, 0, 1

FileDescription
draw

OSVersion
4.0

FileCreateDate
2014:12:18 21:54:20+01:00

FileOS
Windows NT 32-bit

LegalCopyright
\(C) 2011

MachineType
Intel 386 or later, and compatibles

CodeSize
28672

FileSubtype
0

ProductVersionNumber
1.0.0.1

EntryPoint
0x74e4

ObjectFileType
Executable application

File identification
MD5 09f9e21151c151c81f549dbc835016f3
SHA1 88799abe16df7551c86a3f9dd8b761dc621fccfd
SHA256 f356fa83de4a8a53ede1d5ba3f8f60e1e2bdddd8a35f0df8778792f31a96a8ba
ssdeep
6144:ebpGEOgof83ybycRVHsuMXsg/HLeA7JfOKWEBfGUsBKA83vbRoTVwP:e1GEOgFit6csHL95GvQDTn

authentihash 3c296d8eae4934b196763f3bf203c40b2913b0dbd5177820659ae5640165c525
imphash 4d5fb2dc51936c8d2c06cea4f5749cf6
File size 757.1 KB ( 775228 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2014-12-18 20:54:00 UTC ( 2 years, 6 months ago )
Last submission 2014-12-18 20:54:00 UTC ( 2 years, 6 months ago )
File names draw
draw.exe
f356fa83de4a8a53ede1d5ba3f8f60e1e2bdddd8a35f0df8778792f31a96a8ba.bin
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Code injections in the following processes
Opened mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.