× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: f367290068e64b5a36fddbe257222829c784c002344d985480c76e8d354697ec
File name: syppc.exe
Detection ratio: 43 / 56
Analysis date: 2015-10-25 13:57:21 UTC ( 2 years, 8 months ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKD.2324326 20151026
Yandex Backdoor.Androm!3cSa7vbjs9I 20151025
AhnLab-V3 Trojan/Win32.Fleercivet 20151026
ALYac Trojan.GenericKD.2324326 20151026
Antiy-AVL Trojan[Backdoor]/Win32.Androm 20151026
Arcabit Trojan.Generic.D237766 20151026
Avast Win32:Malware-gen 20151026
AVG Crypt4.VQO 20151026
Avira (no cloud) TR/Abandrot.A.15 20151026
AVware Trojan.Win32.Generic!BT 20151026
Baidu-International Backdoor.Win32.Androm.gsez 20151026
BitDefender Trojan.GenericKD.2324326 20151026
Bkav HW32.Packed.5905 20151025
CAT-QuickHeal Backdoor.Androm.r6 20151026
Cyren W32/Trojan.AQYL-3885 20151026
DrWeb Trojan.DownLoader13.12322 20151026
Emsisoft Trojan.GenericKD.2324326 (B) 20151026
ESET-NOD32 a variant of Win32/Kryptik.DGIR 20151026
F-Secure Trojan.GenericKD.2324326 20151026
Fortinet W32/Injector.BZJU!tr 20151026
GData Trojan.GenericKD.2324326 20151026
Ikarus Trojan.Win32.Crypt 20151026
Jiangmin Backdoor/Androm.lqi 20151025
K7AntiVirus Trojan ( 004bece61 ) 20151026
K7GW Trojan ( 004bece61 ) 20151026
Kaspersky HEUR:Trojan.Win32.Generic 20151026
Malwarebytes Backdoor.Agent 20151026
McAfee RDN/Generic BackDoor!bcz 20151026
McAfee-GW-Edition BehavesLike.Win32.PWSZbot.fh 20151026
Microsoft Trojan:Win32/Bagsu!rfn 20151026
eScan Trojan.GenericKD.2324326 20151026
NANO-Antivirus Trojan.Win32.Androm.dragyr 20151026
nProtect Backdoor/W32.Androm.362496.D 20151026
Panda Trj/Genetic.gen 20151026
Qihoo-360 HEUR/QVM10.1.Malware.Gen 20151026
Rising PE:Malware.RDM.04!5.A[F1] 20151025
Sophos AV Mal/Generic-S 20151026
Symantec Trojan.Gen 20151025
Tencent Win32.Trojan.Generic.Pgwq 20151026
TrendMicro TROJ_GEN.R02KC0DE215 20151026
VBA32 Backdoor.Androm 20151026
VIPRE Trojan.Win32.Generic!BT 20151026
Zillya Backdoor.Androm.Win32.18720 20151025
AegisLab 20151026
Alibaba 20151026
ByteHero 20151026
ClamAV 20151026
CMC 20151026
Comodo 20151026
F-Prot 20151026
SUPERAntiSpyware 20151025
TheHacker 20151026
TotalDefense 20151025
TrendMicro-HouseCall 20151026
ViRobot 20151026
Zoner 20151026
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-04-25 18:17:15
Entry Point 0x00003C4D
Number of sections 6
PE sections
PE imports
Ord(12)
Ord(17)
Ord(8)
Ord(19)
Ord(22)
CryptUIWizDigitalSign
CryptUIWizImport
CryptUIWizExport
CryptUIDlgViewContext
gluQuadricOrientation
gluNurbsProperty
gluTessBeginContour
VerLanguageNameA
GetLastError
IsValidCodePage
HeapFree
LocalReAlloc
EnterCriticalSection
LCMapStringW
SetHandleCount
LoadLibraryW
GetConsoleCP
GetOEMCP
QueryPerformanceCounter
IsDebuggerPresent
HeapAlloc
TlsAlloc
GetEnvironmentStringsW
FlushFileBuffers
GetModuleFileNameA
RtlUnwind
GetStdHandle
HeapSetInformation
GetTickCount
GetStartupInfoW
GetConsoleMode
DecodePointer
GetCurrentProcessId
SetLastError
GlobalReAlloc
UnhandledExceptionFilter
GetCPInfoExA
MultiByteToWideChar
HeapSize
FreeEnvironmentStringsW
InitializeCriticalSectionAndSpinCount
GetCommandLineA
GetProcAddress
EncodePointer
GetProcessHeap
SetStdHandle
GetModuleFileNameW
SetFilePointer
InterlockedDecrement
GetCPInfo
HeapUnlock
TlsFree
GetModuleHandleA
GetSystemTimeAsFileTime
DeleteCriticalSection
ReadFile
SetUnhandledExceptionFilter
WriteFile
PulseEvent
CloseHandle
IsProcessorFeaturePresent
GetACP
HeapReAlloc
GetStringTypeW
GetModuleHandleW
TerminateProcess
WideCharToMultiByte
GetCurrentProcess
GetCurrencyFormatA
HeapCreate
SetLocaleInfoA
CreateFileW
TlsGetValue
Sleep
GetFileType
SetEndOfFile
TlsSetValue
CreateFileA
ExitProcess
GetCurrentThreadId
InterlockedIncrement
VirtualAlloc
WriteConsoleW
LeaveCriticalSection
ScriptPlace
ScriptApplyLogicalWidth
ScriptStringFree
ScriptStringGetOrder
ScriptString_pLogAttr
ScriptFreeCache
ScriptXtoCP
ScriptShape
ScriptString_pSize
ScriptTextOut
ScriptGetFontProperties
ScriptJustify
ScriptString_pcOutChars
GetThemeString
DrawThemeEdge
GetThemePosition
GetThemeBackgroundExtent
GetThemeSysInt
GetThemeTextMetrics
VerInstallFileA
GetFileVersionInfoSizeA
VerFindFileA
GetFileVersionInfoA
VerQueryValueA
Ord(220)
Ord(902)
Ord(402)
Ord(201)
Ord(604)
Ord(107)
Ord(206)
Number of PE resources by type
RT_VERSION 1
Struct(133) 1
Number of PE resources by language
ENGLISH US 2
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
10.0

ImageVersion
0.0

FileVersionNumber
0.0.0.0

LanguageCode
Russian

FileFlagsMask
0x0000

CharacterSet
Unicode

InitializedDataSize
327168

EntryPoint
0x3c4d

MIMEType
application/octet-stream

TimeStamp
2015:04:25 19:17:15+01:00

FileType
Win32 EXE

PEType
PE32

SubsystemVersion
5.1

OSVersion
5.1

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
42496

FileSubtype
0

ProductVersionNumber
0.0.0.0

FileTypeExtension
exe

ObjectFileType
Unknown

PCAP parents
File identification
MD5 b7acbc058baaca533647dd702a427ca9
SHA1 50783c46b6274658a42ad1f96a64cf17d90f8e41
SHA256 f367290068e64b5a36fddbe257222829c784c002344d985480c76e8d354697ec
ssdeep
6144:Ru5SZbOYij/v9DV38L4E7ur/WqiA6erSaRsgKI3YLzZoPP7Jp2r7kjO/I2:M5SZbOHjX9NE74Wq39SaF3zHtpksO9

authentihash f8577b90a56563dbc5c341568ed4e60eae973c8c730575d5d25c04477fc67c47
imphash b3be0b0a0804e2aa14bbcc75669dc305
File size 354.0 KB ( 362496 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2015-04-26 01:25:05 UTC ( 3 years, 2 months ago )
Last submission 2015-04-27 01:30:37 UTC ( 3 years, 2 months ago )
File names f367290068e64b5a36fddbe257222829c784c002344d985480c76e8d354697ec.exe
c75a6e815d3250fee41b7611095377fd471a26a5
syppc.exe
Advanced heuristic and reputation engines
TrendMicro-HouseCall
TrendMicro's heuristic engine has flagged this file as: TROJ_GEN.R02KC0DE215.

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
UDP communications