× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: f55aef4e96ce09d72629668507a97556c02e9293e2e8089df90573aafe2da824
File name: and50a569.exe
Detection ratio: 4 / 54
Analysis date: 2015-12-26 09:22:06 UTC ( 2 years, 10 months ago ) View latest
Antivirus Result Update
Cyren W32/Agent.XL.gen!Eldorado 20151226
F-Prot W32/Agent.XL.gen!Eldorado 20151226
McAfee-GW-Edition BehavesLike.Win32.PWSZbot.dh 20151226
Rising PE:Trojan.Kryptik!1.A32E [F] 20151225
Ad-Aware 20151224
AegisLab 20151226
Yandex 20151225
AhnLab-V3 20151225
Alibaba 20151208
ALYac 20151226
Antiy-AVL 20151226
Arcabit 20151226
Avast 20151226
AVG 20151226
AVware 20151226
Baidu-International 20151226
BitDefender 20151226
Bkav 20151226
ByteHero 20151226
CAT-QuickHeal 20151226
ClamAV 20151226
CMC 20151217
Comodo 20151226
DrWeb 20151226
Emsisoft 20151226
ESET-NOD32 20151225
F-Secure 20151225
Fortinet 20151226
GData 20151226
Ikarus 20151226
Jiangmin 20151226
K7AntiVirus 20151225
K7GW 20151225
Kaspersky 20151226
Malwarebytes 20151226
McAfee 20151226
Microsoft 20151226
eScan 20151226
NANO-Antivirus 20151226
nProtect 20151224
Panda 20151225
Qihoo-360 20151226
Sophos AV 20151226
SUPERAntiSpyware 20151226
Symantec 20151225
Tencent 20151226
TheHacker 20151223
TrendMicro 20151226
TrendMicro-HouseCall 20151226
VBA32 20151225
VIPRE 20151226
ViRobot 20151226
Zillya 20151225
Zoner 20151226
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-12-26 06:54:05
Entry Point 0x0000A0BE
Number of sections 5
PE sections
PE imports
RegCreateKeyExW
RegDeleteValueW
RegCloseKey
RegSetValueExW
RegQueryInfoKeyW
RegEnumKeyExW
RegOpenKeyExW
RegDeleteKeyW
IsTextUnicode
RegQueryValueExW
ImageList_GetImageCount
InitCommonControlsEx
ImageList_Destroy
_TrackMouseEvent
ImageList_AddMasked
ImageList_Draw
ImageList_GetImageInfo
ImageList_DragShowNolock
ImageList_DragMove
ImageList_Create
ImageList_Add
ImageList_SetIconSize
ImageList_BeginDrag
ImageList_ReplaceIcon
ImageList_DragEnter
ImageList_EndDrag
GetSaveFileNameW
PrintDlgW
GetOpenFileNameW
ChooseColorW
GetTextMetricsW
CreateFontIndirectW
PatBlt
CreatePen
SaveDC
GetROP2
GetPixel
Rectangle
GetDeviceCaps
LineTo
DeleteDC
RestoreDC
SetBkMode
EndDoc
SetWindowOrgEx
StartPage
DeleteObject
GetObjectW
BitBlt
SetTextColor
GetTextExtentPointW
CreatePatternBrush
ExtTextOutW
CreateBitmap
MoveToEx
EnumFontFamiliesExW
GetStockObject
SetTextAlign
SetBrushOrgEx
CreateCompatibleDC
CreateFontW
CreateHatchBrush
SetROP2
EndPage
StartDocW
CreateSolidBrush
DPtoLP
SelectObject
SetBkColor
OffsetWindowOrgEx
GetTextExtentPoint32W
CreateCompatibleBitmap
GetStdHandle
GetDriveTypeW
GetConsoleOutputCP
FileTimeToSystemTime
WaitForSingleObject
GetDriveTypeA
HeapDestroy
GetFileAttributesW
GetLocalTime
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
LocalAlloc
FreeEnvironmentStringsW
lstrcatW
GetLocaleInfoW
SetStdHandle
GetCPInfo
GetStringTypeA
GetTempPathW
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
GetOEMCP
LocalFree
InitializeCriticalSection
LoadResource
TlsGetValue
MoveFileW
GetFullPathNameW
SetLastError
LocalLock
GetModuleFileNameW
IsDebuggerPresent
ExitProcess
FlushFileBuffers
GetModuleFileNameA
lstrcmpiW
EnumSystemLocalesA
GetUserDefaultLCID
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
GetModuleHandleA
SetFileAttributesW
CreateThread
SetUnhandledExceptionFilter
MulDiv
ExitThread
SetEnvironmentVariableA
TerminateProcess
WriteConsoleA
SetCurrentDirectoryW
SetEndOfFile
GetCurrentThreadId
InterlockedIncrement
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
LoadLibraryW
GetVersionExW
FreeLibrary
QueryPerformanceCounter
GetTickCount
TlsAlloc
GetVersionExA
LoadLibraryA
RtlUnwind
GetStartupInfoA
GetDateFormatA
GetEnvironmentStrings
GetDateFormatW
DeleteFileW
GetProcAddress
GetProcessHeap
GetTimeFormatW
lstrcpyW
ExpandEnvironmentStringsW
GetTimeFormatA
IsValidLocale
lstrcmpW
GlobalLock
GetTimeZoneInformation
CreateFileW
GetFileType
TlsSetValue
CreateFileA
HeapAlloc
LocalUnlock
LeaveCriticalSection
GetLastError
LCMapStringW
GetSystemInfo
GlobalFree
GetConsoleCP
FindResourceW
LCMapStringA
CompareStringW
GetEnvironmentStringsW
GlobalUnlock
lstrlenW
FileTimeToLocalFileTime
SizeofResource
GetCurrentDirectoryW
GetCurrentProcessId
LockResource
GetCommandLineW
GetCurrentDirectoryA
HeapSize
GetCommandLineA
RaiseException
TlsFree
SetFilePointer
ReadFile
CloseHandle
GetACP
GetModuleHandleW
GetLongPathNameW
WideCharToMultiByte
IsValidCodePage
HeapCreate
WriteFile
VirtualFree
Sleep
VirtualAlloc
CompareStringA
DragQueryFileW
DragFinish
Shell_NotifyIconW
ShellExecuteW
SHGetPathFromIDListW
DragQueryPoint
SHGetSpecialFolderLocation
SHGetMalloc
SHBrowseForFolderW
PathStripPathW
PathMatchSpecW
PathIsRelativeW
PathFindFileNameW
PathFileExistsW
PathRemoveFileSpecW
PathAppendW
PathFindExtensionW
PathAddExtensionW
PathRemoveExtensionW
PathIsDirectoryW
PathCompactPathExW
PostQuitMessage
SetWindowPos
DdeImpersonateClient
EndPaint
GetDC
ReleaseDC
SendMessageW
AnyPopup
GetClientRect
ToAscii
SetCaretPos
DrawTextW
SetScrollPos
IsClipboardFormatAvailable
LoadImageW
ClientToScreen
RegisterClipboardFormatW
DestroyWindow
DrawEdge
GetParent
UpdateWindow
CreateCaret
ShowWindow
DrawFrameControl
PeekMessageW
EnableWindow
GetClipboardData
GetDlgItemTextW
DestroyCaret
GetDlgItemInt
RegisterClassW
SetClipboardData
IsZoomed
GetWindowPlacement
DrawMenuBar
IsIconic
DrawFocusRect
IsDialogMessageW
FillRect
RealChildWindowFromPoint
CreateWindowExW
GetWindowLongW
GetMenuStringW
IsDialogMessageA
SetFocus
BeginPaint
DefWindowProcW
GetScrollPos
SetClipboardViewer
GetSystemMetrics
SetWindowLongW
SetScrollRange
GetWindowRect
InflateRect
DrawIcon
DrawTextExW
CharLowerW
SendDlgItemMessageW
PostMessageW
CreateDialogParamW
ShowCaret
DrawIconEx
GetDlgItem
ScreenToClient
GetKeyboardState
GetMenuItemCount
GetMenuState
LoadCursorW
OpenClipboard
EmptyClipboard
GetScrollRange
EndDialog
HideCaret
MessageBeep
LoadMenuW
ShowScrollBar
MessageBoxW
GetMenu
SetMenu
MoveWindow
ChangeClipboardChain
GetSysColor
SetDlgItemTextW
IsWindowVisible
SystemParametersInfoW
MonitorFromWindow
FrameRect
DeleteMenu
InvalidateRect
CallWindowProcW
GetClassNameW
GetFocus
wsprintfW
CloseClipboard
SetCursor
CoUninitialize
CoInitialize
Number of PE resources by type
RT_BITMAP 9
RT_RCDATA 1
Number of PE resources by language
NEUTRAL 9
ENGLISH NZ 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2015:12:26 07:54:05+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
104448

LinkerVersion
9.0

ImageFileCharacteristics
No relocs, Executable, 32-bit

EntryPoint
0xa0be

InitializedDataSize
124416

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
0

File identification
MD5 6889be9a2f7fa04b76394af2fb6ed967
SHA1 1ec9c744701c7467029b486019b8117ec18585db
SHA256 f55aef4e96ce09d72629668507a97556c02e9293e2e8089df90573aafe2da824
ssdeep
3072:KMxHVyo0mYkmIUm4Emo0mYkmIUm4Emo0mYk+jveTf+OwPez/+jveTf+DPez/+jv4:KMxHVl0K9W1nWonD8hxx3/vahMnzmyB

authentihash 5b5a373bf19e43c53943d6df75ec13b80d1bb8372c345414f32f084ae5064c42
imphash 3a06744d2fb2b5a37dfa545d291144fa
File size 224.5 KB ( 229888 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (64.5%)
Win32 Dynamic Link Library (generic) (13.6%)
Win32 Executable (generic) (9.3%)
OS/2 Executable (generic) (4.1%)
Generic Win/DOS Executable (4.1%)
Tags
peexe

VirusTotal metadata
First submission 2015-12-26 07:53:55 UTC ( 2 years, 10 months ago )
Last submission 2018-05-12 12:03:48 UTC ( 5 months, 1 week ago )
File names kb58107330.exe
and50a569.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Runtime DLLs
UDP communications