× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: f496b8703e7d49822c6ebb8a5669024560cdebbd67442e574276f6f68e73507f
File name: ORDER_FR234.exe
Detection ratio: 50 / 57
Analysis date: 2015-02-15 05:31:14 UTC ( 1 week, 6 days ago )
Antivirus Result Update
ALYac Trojan.GenericKD.1455622 20150215
AVG Zbot.ELD 20150215
AVware Trojan.Win32.Wauchos.a (v) 20150215
Ad-Aware Trojan.GenericKD.1455622 20150215
Agnitum Backdoor.Androm!3VkYI2uRfpY 20150214
AhnLab-V3 Trojan/Win32.Androm 20150215
Antiy-AVL Trojan[Backdoor]/Win32.Androm 20150215
Avast Win32:Malware-gen 20150215
Avira TR/Gamarue.A.127 20150214
Baidu-International Backdoor.Win32.Androm.bjhq 20150214
BitDefender Trojan.GenericKD.1455622 20150215
CAT-QuickHeal Worm.Gamarue.I5 20150214
Comodo TrojWare.Win32.Genome.xhtk 20150214
Cyren W32/Trojan.JIZA-5411 20150215
DrWeb Trojan.Inject2.23 20150214
ESET-NOD32 Win32/TrojanDownloader.Wauchos.X 20150215
Emsisoft Backdoor.Win32.Androm (A) 20150215
F-Prot W32/Trojan2.OBFS 20150215
F-Secure Trojan.GenericKD.1455622 20150215
Fortinet W32/Androm.BJHQ!tr.bdr 20150215
GData Trojan.GenericKD.1455622 20150215
Ikarus Backdoor.Win32.Androm 20150215
Jiangmin Backdoor/Androm.dty 20150214
K7AntiVirus Trojan-Downloader ( 0049067a1 ) 20150215
K7GW Trojan-Downloader ( 0049067a1 ) 20150215
Kaspersky Backdoor.Win32.Androm.bjhq 20150215
Kingsoft Win32.Hack.Androm.bj.(kcloud) 20150215
Malwarebytes Trojan.Inject.RRE 20150215
McAfee Generic.ru 20150215
McAfee-GW-Edition BehavesLike.Win32.PWSZbot.nh 20150214
MicroWorld-eScan Trojan.GenericKD.1455622 20150215
Microsoft Worm:Win32/Gamarue.I 20150215
NANO-Antivirus Trojan.Win32.Androm.cvzdaf 20150215
Norman Kuluoz.EP 20150214
Panda Trj/WLT.A 20150214
Qihoo-360 Win32/Backdoor.a41 20150215
Rising PE:Trojan.Win32.Generic.163D1B26!373103398 20150214
Sophos Troj/Agent-AFFH 20150215
Symantec Downloader.Dromedan 20150215
Tencent Win32.Backdoor.Androm.Wpju 20150215
TheHacker Trojan/Downloader.Wauchos.x 20150213
TotalDefense Win32/Gamarue.ZaeXIFC 20150214
TrendMicro TROJ_SPNR.0BLE13 20150215
TrendMicro-HouseCall TROJ_SPNR.0BLE13 20150215
VBA32 BScope.Malware-Cryptor.Androm 20150213
VIPRE Trojan.Win32.Wauchos.a (v) 20150215
ViRobot Trojan.Win32.S.Agent.98304.HK[h] 20150215
Zillya Backdoor.Androm.Win32.8671 20150215
Zoner Trojan.Wauchos.X 20150213
nProtect Trojan.GenericKD.1455622 20150213
AegisLab 20150215
Alibaba 20150215
Bkav 20150213
ByteHero 20150215
CMC 20150214
ClamAV 20150213
SUPERAntiSpyware 20150214
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-12-14 01:14:28
Link date 2:14 AM 12/14/2013
Entry Point 0x00004A21
Number of sections 5
PE sections
PE imports
GetStdHandle
FileTimeToSystemTime
GetFileAttributesA
WaitForSingleObject
HeapDestroy
EncodePointer
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
FreeEnvironmentStringsW
GetLocaleInfoW
SetStdHandle
GetCPInfo
InterlockedExchange
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
SetEvent
LocalFree
FormatMessageW
InitializeCriticalSection
FindClose
TlsGetValue
SetLastError
InterlockedDecrement
GetModuleFileNameW
TryEnterCriticalSection
IsDebuggerPresent
ExitProcess
FlushFileBuffers
GetModuleFileNameA
HeapSetInformation
SetConsoleCtrlHandler
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
FatalAppExitA
CreateMutexA
InterlockedExchangeAdd
CreateThread
SetUnhandledExceptionFilter
CreateMutexW
IsProcessorFeaturePresent
DecodePointer
SetEnvironmentVariableA
TerminateProcess
GlobalAlloc
GetCurrentThreadId
InterlockedIncrement
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
LoadLibraryW
GetVersionExW
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
GetVersionExA
LoadLibraryA
RtlUnwind
FreeLibrary
GetStartupInfoW
WaitForMultipleObjects
GetProcessHeap
ResetEvent
GetProcAddress
CreateEventW
CreateFileW
CreateEventA
GetFileType
TlsSetValue
CreateFileA
HeapAlloc
LeaveCriticalSection
GetLastError
LCMapStringW
GetSystemInfo
lstrlenA
GlobalFree
GetEnvironmentStringsW
WaitForSingleObjectEx
lstrlenW
FileTimeToLocalFileTime
GetEnvironmentStrings
GetCurrentProcessId
GetCommandLineW
WideCharToMultiByte
HeapSize
InterlockedCompareExchange
GetCurrentThread
RaiseException
TlsFree
GetModuleHandleA
ReadFile
CloseHandle
GetACP
GetModuleHandleW
IsValidCodePage
HeapCreate
Sleep
VirtualAlloc
WNetOpenEnumA
OleUninitialize
CoCreateInstance
CoRevokeClassObject
StgCreateDocfileOnILockBytes
OleFlushClipboard
ReleaseStgMedium
GetRunningObjectTable
RegisterDragDrop
CoLockObjectExternal
CoInitializeSecurity
CLSIDFromProgID
CoQueryProxyBlanket
RevokeDragDrop
CoDisconnectObject
CoCreateGuid
OleInitialize
CoTaskMemFree
OleRun
CoGetClassObject
Number of PE resources by type
RT_ICON 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 2
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2013:12:14 02:14:28+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
45056

LinkerVersion
7.1

FileAccessDate
2015:02:15 06:31:21+01:00

EntryPoint
0x4a21

InitializedDataSize
53248

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

FileCreateDate
2015:02:15 06:31:21+01:00

UninitializedDataSize
0

File identification
MD5 65aa62047a29b4db82ab9f71bf9fd9d1
SHA1 43d1722fe05a526396ba6e9f0b29db8f23e59942
SHA256 f496b8703e7d49822c6ebb8a5669024560cdebbd67442e574276f6f68e73507f
ssdeep
768:YtiJ6Wwo1HrmKrG7nwua7V6h74Ovl3k0Jj7ED0CnVXue3/He0L1e022WJshoj1yD:YsSyZSzfHkg3k0KzHeMex2WhwZymhy

authentihash 4f904adbef8403f2ecbdf14b30ccc53a56abfcc66d2543139badb238697dfb0a
imphash 6bcba4710707a23d150395e678d6efbb
File size 96.0 KB ( 98304 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.1%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2013-12-13 14:48:35 UTC ( 1 year, 2 months ago )
Last submission 2014-11-08 19:48:24 UTC ( 3 months, 3 weeks ago )
File names ORDER_Ni78282.exe
mrwzzu.exe.123
f496b8703e7d49822c6ebb8a5669024560cdebbd67442e574276f6f68e73507f
mshjtjca.exe
msalzmlsa.exe
ORDER_FR234.bin
mstzezbtc%2Eexe
order_ni78282.exe
order_fr234.exe
msfxtesq.exe
msomamsno.txt
msavozp.exe
65AA62047A29B4DB82AB9F71BF9FD9D1.exe
mskvbi.exe
order_fr234.exe
file-6338386_exe
ORDER_FR234.exe
ORDER.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
Behaviour characterization
Zemana
dll-injection

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Copied files
Set keys
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.