× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: f402a772ec6a896e2ad3c1335622d6bb29bea221b04ccbf2555348363c8fa2ca
File name: 5.exe
Detection ratio: 9 / 51
Analysis date: 2014-06-05 08:21:10 UTC ( 4 years, 9 months ago ) View latest
Antivirus Result Update
Avast Win32:Malware-gen 20140605
AVG Crypt3.UZB 20140605
Baidu-International Trojan.Win32.Kryptik.bCDMR 20140605
Bkav HW32.Keylogger.peqo 20140604
ESET-NOD32 a variant of Win32/Kryptik.CDMR 20140605
Malwarebytes Trojan.Zbot 20140605
McAfee-GW-Edition Heuristic.LooksLike.Win32.Suspicious.J!80 20140604
Rising PE:Malware.XPACK-HIE/Heur!1.9C48 20140603
Sophos AV Mal/Generic-S 20140605
Ad-Aware 20140605
AegisLab 20140605
Yandex 20140605
AhnLab-V3 20140604
AntiVir 20140605
Antiy-AVL 20140605
BitDefender 20140605
ByteHero 20140605
CAT-QuickHeal 20140605
ClamAV 20140605
CMC 20140605
Commtouch 20140605
Comodo 20140605
DrWeb 20140605
Emsisoft 20140605
F-Prot 20140605
F-Secure 20140605
Fortinet 20140605
GData 20140605
Ikarus 20140605
K7AntiVirus 20140604
K7GW 20140604
Kaspersky 20140605
Kingsoft 20140605
McAfee 20140605
Microsoft 20140605
eScan 20140605
NANO-Antivirus 20140605
Norman 20140605
nProtect 20140605
Panda 20140604
Qihoo-360 20140605
SUPERAntiSpyware 20140605
Symantec 20140605
Tencent 20140605
TheHacker 20140602
TotalDefense 20140605
TrendMicro 20140605
TrendMicro-HouseCall 20140605
VBA32 20140605
VIPRE 20140605
ViRobot 20140605
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2005-05-16 21:21:24
Entry Point 0x00001000
Number of sections 6
PE sections
PE imports
GetDeviceCaps
DeleteDC
CreateFontIndirectW
GetStockObject
GetObjectW
BitBlt
CreateCompatibleDC
DeleteObject
CreateCompatibleBitmap
GetUserDefaultUILanguage
CallNamedPipeW
GlobalGetAtomNameW
Toolhelp32ReadProcessMemory
Heap32ListFirst
EnumSystemLocalesW
GetSystemInfo
GetTapeStatus
IsBadWritePtr
SetThreadPriorityBoost
lstrcmpiW
CreatePipe
Process32First
ClearCommBreak
WritePrivateProfileSectionW
GetSystemDefaultLCID
SetErrorMode
SetThreadExecutionState
GetTimeFormatW
CreateDirectoryExW
_lcreat
LocalFlags
GetQueuedCompletionStatus
FindNextFileW
GlobalAddAtomA
SetHandleInformation
GetBinaryTypeA
WriteProfileSectionA
FindCloseChangeNotification
GetProcessShutdownParameters
GetEnvironmentVariableA
GetStringTypeExW
AllocConsole
GetProfileIntA
GetPrivateProfileSectionA
LocalShrink
SetMenuItemInfoW
GetForegroundWindow
ChangeMenuA
PostQuitMessage
HideCaret
mouse_event
GetShellWindow
GetClipboardFormatNameA
GetKeyState
RemoveMenu
Number of PE resources by type
RT_BITMAP 1
RT_VERSION 1
Number of PE resources by language
GERMAN 1
ENGLISH US 1
PE resources
ExifTool file metadata
LegalTrademarks
Acronis

SubsystemVersion
4.1

Comments
Acronis True Image

LinkerVersion
1.64

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
17.0.0.6614

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Acronis True Image

CharacterSet
Unicode

InitializedDataSize
31765

FileOS
Win32

EntryPoint
0x1000

MIMEType
application/octet-stream

LegalCopyright
Copyright (C) 2000-2013 Acronis

FileVersion
17,0,0,6614

TimeStamp
2005:05:16 22:21:24+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
TrueImage

ProductVersion
17,0,0,6614

UninitializedDataSize
0

OSVersion
1.0

OriginalFilename
TrueImage.exe

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Acronis

CodeSize
266240

ProductName
Acronis True Image

ProductVersionNumber
17.0.0.6614

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 0ecfd4cf8f75ed73ed77dba94d0fb993
SHA1 0c1f0d483959127db5be48c965b6c989676334e4
SHA256 f402a772ec6a896e2ad3c1335622d6bb29bea221b04ccbf2555348363c8fa2ca
ssdeep
3072:wPYfhQQQuk8ZSKVkR1QbyawMuGsMXg3/nNV8in/K0h:8YfCQQuk8wP1QOawMHNXgNKw

authentihash bc0f505067860e24b96b1563a3ee0a0557614d199de2efd2e946f31d0c3dbddc
imphash 051356d02079505132847abeaa5e275b
File size 292.0 KB ( 299008 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable (generic) (42.4%)
Win16/32 Executable Delphi generic (19.5%)
Generic Win/DOS Executable (18.8%)
DOS Executable Generic (18.8%)
VXD Driver (0.2%)
Tags
peexe

VirusTotal metadata
First submission 2014-06-05 08:21:10 UTC ( 4 years, 9 months ago )
Last submission 2014-06-06 08:47:24 UTC ( 4 years, 9 months ago )
File names 3b32f1b92ef31dfc208a770424c2c3d23d7fd77e
AhngjFm.docm
5.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.