× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: f496b8703e7d49822c6ebb8a5669024560cdebbd67442e574276f6f68e73507f
File name: 007243027
Detection ratio: 48 / 56
Analysis date: 2015-06-18 10:09:29 UTC ( 1 week, 6 days ago )
Antivirus Result Update
ALYac Trojan.GenericKD.1455622 20150618
AVG Zbot.ELD 20150618
AVware Trojan.Win32.Wauchos.a (v) 20150618
Ad-Aware Trojan.GenericKD.1455622 20150618
Agnitum Backdoor.Androm!3VkYI2uRfpY 20150617
AhnLab-V3 Trojan/Win32.Androm 20150618
Antiy-AVL Trojan[Backdoor]/Win32.Androm 20150618
Arcabit Trojan.Generic.D163606 20150618
Avast Win32:Malware-gen 20150618
Avira TR/Gamarue.A.127 20150618
Baidu-International Backdoor.Win32.Androm.bjhq 20150618
BitDefender Trojan.GenericKD.1455622 20150618
CAT-QuickHeal Worm.Gamarue.I5 20150618
Comodo TrojWare.Win32.Genome.xhtk 20150618
Cyren W32/Trojan.JIZA-5411 20150618
DrWeb Trojan.Inject2.23 20150618
ESET-NOD32 Win32/TrojanDownloader.Wauchos.X 20150618
Emsisoft Trojan.GenericKD.1455622 (B) 20150618
F-Prot W32/Trojan2.OBFS 20150618
Fortinet W32/Androm.BJHQ!tr.bdr 20150617
GData Trojan.GenericKD.1455622 20150618
Ikarus Backdoor.Win32.Androm 20150618
Jiangmin Backdoor/Androm.dty 20150615
K7AntiVirus Trojan-Downloader ( 0049067a1 ) 20150618
K7GW Trojan-Downloader ( 0049067a1 ) 20150618
Kaspersky Backdoor.Win32.Androm.bjhq 20150618
Kingsoft Win32.Hack.Androm.bj.(kcloud) 20150618
Malwarebytes Trojan.Inject.RRE 20150618
McAfee Generic.ru 20150618
McAfee-GW-Edition Generic.ru 20150617
MicroWorld-eScan Trojan.GenericKD.1455622 20150618
Microsoft Worm:Win32/Gamarue.I 20150618
NANO-Antivirus Trojan.Win32.Androm.cvzdaf 20150618
Panda Trj/WLT.A 20150617
Qihoo-360 Win32/Backdoor.a41 20150618
Rising PE:Trojan.Win32.Generic.163D1B26!373103398 20150617
Sophos Troj/Agent-AFFH 20150618
Symantec Downloader.Dromedan 20150618
Tencent Trojan.Win32.Qudamah.Gen.4 20150618
TheHacker Trojan/Downloader.Wauchos.x 20150616
TotalDefense Win32/Gamarue.ZaeXIFC 20150617
TrendMicro TROJ_SPNR.0BLE13 20150618
TrendMicro-HouseCall TROJ_SPNR.0BLE13 20150618
VBA32 BScope.Malware-Cryptor.Androm 20150617
VIPRE Trojan.Win32.Wauchos.a (v) 20150618
ViRobot Trojan.Win32.S.Agent.98304.HK[h] 20150618
Zoner Trojan.Wauchos.X 20150618
nProtect Trojan.GenericKD.1455622 20150618
AegisLab 20150618
Alibaba 20150618
Bkav 20150617
ByteHero 20150618
CMC 20150618
ClamAV 20150618
SUPERAntiSpyware 20150618
Zillya 20150618
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-12-14 01:14:28
Link date 2:14 AM 12/14/2013
Entry Point 0x00004A21
Number of sections 5
PE sections
PE imports
GetStdHandle
FileTimeToSystemTime
GetFileAttributesA
WaitForSingleObject
HeapDestroy
EncodePointer
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
FreeEnvironmentStringsW
GetLocaleInfoW
SetStdHandle
GetCPInfo
InterlockedExchange
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
SetEvent
LocalFree
FormatMessageW
InitializeCriticalSection
FindClose
TlsGetValue
SetLastError
InterlockedDecrement
GetModuleFileNameW
TryEnterCriticalSection
IsDebuggerPresent
ExitProcess
FlushFileBuffers
GetModuleFileNameA
HeapSetInformation
SetConsoleCtrlHandler
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
FatalAppExitA
CreateMutexA
InterlockedExchangeAdd
CreateThread
SetUnhandledExceptionFilter
CreateMutexW
IsProcessorFeaturePresent
DecodePointer
SetEnvironmentVariableA
TerminateProcess
GlobalAlloc
GetCurrentThreadId
InterlockedIncrement
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
LoadLibraryW
GetVersionExW
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
GetVersionExA
LoadLibraryA
RtlUnwind
FreeLibrary
GetStartupInfoW
WaitForMultipleObjects
GetProcessHeap
ResetEvent
GetProcAddress
CreateEventW
CreateFileW
CreateEventA
GetFileType
TlsSetValue
CreateFileA
HeapAlloc
LeaveCriticalSection
GetLastError
LCMapStringW
GetSystemInfo
lstrlenA
GlobalFree
GetEnvironmentStringsW
WaitForSingleObjectEx
lstrlenW
FileTimeToLocalFileTime
GetEnvironmentStrings
GetCurrentProcessId
GetCommandLineW
WideCharToMultiByte
HeapSize
InterlockedCompareExchange
GetCurrentThread
RaiseException
TlsFree
GetModuleHandleA
ReadFile
CloseHandle
GetACP
GetModuleHandleW
IsValidCodePage
HeapCreate
Sleep
VirtualAlloc
WNetOpenEnumA
OleUninitialize
CoCreateInstance
CoRevokeClassObject
StgCreateDocfileOnILockBytes
OleFlushClipboard
ReleaseStgMedium
GetRunningObjectTable
RegisterDragDrop
CoLockObjectExternal
CoInitializeSecurity
CLSIDFromProgID
CoQueryProxyBlanket
RevokeDragDrop
CoDisconnectObject
CoCreateGuid
OleInitialize
CoTaskMemFree
OleRun
CoGetClassObject
Number of PE resources by type
RT_ICON 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 2
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2013:12:14 02:14:28+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
45056

LinkerVersion
7.1

EntryPoint
0x4a21

InitializedDataSize
53248

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 65aa62047a29b4db82ab9f71bf9fd9d1
SHA1 43d1722fe05a526396ba6e9f0b29db8f23e59942
SHA256 f496b8703e7d49822c6ebb8a5669024560cdebbd67442e574276f6f68e73507f
ssdeep
768:YtiJ6Wwo1HrmKrG7nwua7V6h74Ovl3k0Jj7ED0CnVXue3/He0L1e022WJshoj1yD:YsSyZSzfHkg3k0KzHeMex2WhwZymhy

authentihash 4f904adbef8403f2ecbdf14b30ccc53a56abfcc66d2543139badb238697dfb0a
imphash 6bcba4710707a23d150395e678d6efbb
File size 96.0 KB ( 98304 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2013-12-13 14:48:35 UTC ( 1 year, 6 months ago )
Last submission 2015-06-12 11:44:07 UTC ( 2 weeks, 5 days ago )
File names ORDER_Ni78282.exe
order_ni78282.exe
f496b8703e7d49822c6ebb8a5669024560cdebbd67442e574276f6f68e73507f
mshjtjca.exe
msfxtesq.exe
msalzmlsa.exe
ORDER_FR234.bin
mstzezbtc%2Eexe
ORDER_FR234.exe
order_fr234.exe
mskvbi.exe
mrwzzu.exe.123
msavozp.exe
msomamsno.txt
65AA62047A29B4DB82AB9F71BF9FD9D1.exe
007243027
order_fr234.exe
file-6338386_exe
ORDER.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Copied files
Set keys
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.