× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: f496b8703e7d49822c6ebb8a5669024560cdebbd67442e574276f6f68e73507f
File name: 65AA62047A29B4DB82AB9F71BF9FD9D1.exe
Detection ratio: 41 / 51
Analysis date: 2014-04-18 13:03:14 UTC ( 15 hours, 16 minutes ago )
Antivirus Result Update
AVG Zbot.ELD 20140418
Ad-Aware Trojan.GenericKD.1455622 20140418
Agnitum Backdoor.Androm!3VkYI2uRfpY 20140417
AhnLab-V3 Trojan/Win32.Androm 20140417
AntiVir TR/Gamarue.A.127 20140418
Antiy-AVL Trojan[Backdoor]/Win32.Androm 20140418
Avast Win32:Malware-gen 20140418
Baidu-International Backdoor.Win32.Androm.Axys 20140418
BitDefender Trojan.GenericKD.1455622 20140418
CAT-QuickHeal Worm.Gamarue.I5 20140418
Commtouch W32/Trojan.JIZA-5411 20140418
Comodo TrojWare.Win32.Genome.xhtk 20140418
DrWeb Trojan.Inject2.23 20140418
ESET-NOD32 Win32/TrojanDownloader.Wauchos.X 20140418
Emsisoft Backdoor.Win32.Androm (A) 20140418
F-Prot W32/Trojan2.OBFS 20140418
F-Secure Trojan.GenericKD.1455622 20140418
Fortinet W32/Androm.BJHQ!tr.bdr 20140418
GData Trojan.GenericKD.1455622 20140418
Ikarus Backdoor.Win32.Androm 20140418
Jiangmin Backdoor/Androm.dty 20140418
K7AntiVirus Trojan-Downloader ( 0049067a1 ) 20140418
K7GW Trojan-Downloader ( 0049067a1 ) 20140418
Kaspersky Backdoor.Win32.Androm.bjhq 20140418
Kingsoft Win32.Hack.Androm.bj.(kcloud) 20140418
Malwarebytes Trojan.Inject.RRE 20140418
McAfee RDN/Generic BackDoor!vr 20140418
McAfee-GW-Edition RDN/Generic BackDoor!vr 20140418
MicroWorld-eScan Trojan.GenericKD.1455622 20140418
Microsoft Worm:Win32/Gamarue.I 20140418
NANO-Antivirus Trojan.Win32.Androm.cvzdaf 20140418
Norman Troj_Generic.RQFOG 20140418
Panda Trj/WLT.A 20140418
Qihoo-360 Win32/Trojan.Multi.daf 20140418
Sophos Troj/Agent-AFFH 20140418
Symantec Downloader.Dromedan 20140418
TotalDefense Win32/Gamarue.ZaeXIFC 20140417
TrendMicro TROJ_SPNR.0BLE13 20140418
VBA32 Backdoor.Androm 20140418
VIPRE Trojan.Win32.Wauchos.a (v) 20140418
nProtect Trojan.GenericKD.1455622 20140418
AegisLab 20140418
Bkav 20140418
ByteHero 20140418
CMC 20140417
ClamAV 20140418
Rising 20140418
SUPERAntiSpyware 20140418
TheHacker 20140417
TrendMicro-HouseCall 20140418
ViRobot 20140418
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-12-14 01:14:28
Link date 2:14 AM 12/14/2013
Entry Point 0x00004A21
Number of sections 5
PE sections
PE imports
GetStdHandle
FileTimeToSystemTime
GetFileAttributesA
WaitForSingleObject
HeapDestroy
EncodePointer
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
FreeEnvironmentStringsW
GetLocaleInfoW
SetStdHandle
GetCPInfo
InterlockedExchange
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
SetEvent
LocalFree
FormatMessageW
InitializeCriticalSection
FindClose
TlsGetValue
SetLastError
InterlockedDecrement
GetModuleFileNameW
TryEnterCriticalSection
IsDebuggerPresent
ExitProcess
FlushFileBuffers
GetModuleFileNameA
HeapSetInformation
SetConsoleCtrlHandler
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
FatalAppExitA
CreateMutexA
InterlockedExchangeAdd
CreateThread
SetUnhandledExceptionFilter
CreateMutexW
IsProcessorFeaturePresent
DecodePointer
SetEnvironmentVariableA
TerminateProcess
GlobalAlloc
GetCurrentThreadId
InterlockedIncrement
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
LoadLibraryW
GetVersionExW
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
GetVersionExA
LoadLibraryA
RtlUnwind
FreeLibrary
GetStartupInfoW
WaitForMultipleObjects
GetProcessHeap
ResetEvent
GetProcAddress
CreateEventW
CreateFileW
CreateEventA
GetFileType
TlsSetValue
CreateFileA
HeapAlloc
LeaveCriticalSection
GetLastError
LCMapStringW
GetSystemInfo
lstrlenA
GlobalFree
GetEnvironmentStringsW
WaitForSingleObjectEx
lstrlenW
FileTimeToLocalFileTime
GetEnvironmentStrings
GetCurrentProcessId
GetCommandLineW
WideCharToMultiByte
HeapSize
InterlockedCompareExchange
GetCurrentThread
RaiseException
TlsFree
GetModuleHandleA
ReadFile
CloseHandle
GetACP
GetModuleHandleW
IsValidCodePage
HeapCreate
Sleep
VirtualAlloc
WNetOpenEnumA
OleUninitialize
CoCreateInstance
CoRevokeClassObject
StgCreateDocfileOnILockBytes
OleFlushClipboard
ReleaseStgMedium
GetRunningObjectTable
RegisterDragDrop
CoLockObjectExternal
CoInitializeSecurity
CLSIDFromProgID
CoQueryProxyBlanket
RevokeDragDrop
CoDisconnectObject
CoCreateGuid
OleInitialize
CoTaskMemFree
OleRun
CoGetClassObject
Number of PE resources by type
RT_ICON 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 2
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2013:12:14 02:14:28+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
45056

LinkerVersion
7.1

FileAccessDate
2014:04:18 14:07:24+01:00

EntryPoint
0x4a21

InitializedDataSize
53248

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

FileCreateDate
2014:04:18 14:07:24+01:00

UninitializedDataSize
0

File identification
MD5 65aa62047a29b4db82ab9f71bf9fd9d1
SHA1 43d1722fe05a526396ba6e9f0b29db8f23e59942
SHA256 f496b8703e7d49822c6ebb8a5669024560cdebbd67442e574276f6f68e73507f
ssdeep
768:YtiJ6Wwo1HrmKrG7nwua7V6h74Ovl3k0Jj7ED0CnVXue3/He0L1e022WJshoj1y:YsSyZSzfHkg3k0KzHeMex2WhwZymhy

imphash 6bcba4710707a23d150395e678d6efbb
File size 96.0 KB ( 98304 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.1%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2013-12-13 14:48:35 UTC ( 4 months ago )
Last submission 2014-04-08 06:40:34 UTC ( 1 week, 3 days ago )
File names ORDER_Ni78282.exe
order_ni78282.exe
f496b8703e7d49822c6ebb8a5669024560cdebbd67442e574276f6f68e73507f
mshjtjca.exe
msalzmlsa.exe
ORDER_FR234.bin
mstzezbtc%2Eexe
ORDER_FR234.exe
order_fr234.exe
msfxtesq.exe
mrwzzu.exe.123
msavozp.exe
msomamsno.txt
65AA62047A29B4DB82AB9F71BF9FD9D1.exe
mskvbi.exe
order_fr234.exe
file-6338386_exe
ORDER.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
Behaviour characterization
Zemana
dll-injection

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Copied files
Set keys
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.