× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: f5720136e987a0826a0ca2b45de3bcb880be3b055ea96f60e4ef06193047596d
File name: 335.exe
Detection ratio: 3 / 57
Analysis date: 2015-04-23 09:24:45 UTC ( 2 years, 5 months ago ) View latest
Antivirus Result Update
Qihoo-360 HEUR/QVM19.1.Malware.Gen 20150423
Rising PE:Trojan.Obfuscated!1.9A68 20150422
Tencent Trojan.Win32.Qudamah.Gen.5 20150423
Ad-Aware 20150423
AegisLab 20150423
Yandex 20150422
AhnLab-V3 20150423
Alibaba 20150423
ALYac 20150423
Antiy-AVL 20150425
Avast 20150423
AVG 20150426
Avira (no cloud) 20150423
AVware 20150423
Baidu-International 20150421
BitDefender 20150423
Bkav 20150422
ByteHero 20150423
CAT-QuickHeal 20150423
ClamAV 20150423
CMC 20150423
Comodo 20150423
Cyren 20150423
DrWeb 20150426
Emsisoft 20150423
ESET-NOD32 20150423
F-Prot 20150423
F-Secure 20150425
Fortinet 20150423
GData 20150423
Ikarus 20150423
Jiangmin 20150422
K7AntiVirus 20150423
K7GW 20150423
Kaspersky 20150426
Kingsoft 20150426
Malwarebytes 20150423
McAfee 20150426
McAfee-GW-Edition 20150425
Microsoft 20150423
eScan 20150423
NANO-Antivirus 20150422
Norman 20150425
nProtect 20150423
Panda 20150423
Sophos AV 20150426
SUPERAntiSpyware 20150423
Symantec 20150423
TheHacker 20150422
TotalDefense 20150425
TrendMicro 20150426
TrendMicro-HouseCall 20150426
VBA32 20150425
VIPRE 20150423
ViRobot 20150423
Zillya 20150422
Zoner 20150422
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Microsoft® Windows® Operating System
Original name bitsprx4.dll
Internal name bitsprx4.dll
File version 6.7.2100.5512 (xpsp.080413-2108)
Description Background Intelligent Transfer Service 2.5 Proxy
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-04-23 06:56:14
Entry Point 0x0000107D
Number of sections 7
PE sections
PE imports
FreeLibrary
GetLastError
InitializeCriticalSection
SizeofResource
GetEnvironmentStrings
GetProcAddress
TlsFree
GetModuleHandleA
LocalFree
ProcessIdToSessionId
InterlockedExchange
CreateActCtxA
LocalAlloc
EnumSystemCodePagesA
RaiseException
SwitchToThread
ExitThread
VerSetConditionMask
LoadLibraryA
FindActCtxSectionStringW
SetupGetLineTextA
isalpha
sin
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
8.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
6.7.2100.5512

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
114688

EntryPoint
0x107d

OriginalFileName
bitsprx4.dll

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights reserved.

FileVersion
6.7.2100.5512 (xpsp.080413-2108)

TimeStamp
2015:04:23 07:56:14+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
bitsprx4.dll

ProductVersion
6.7.2100.5512

FileDescription
Background Intelligent Transfer Service 2.5 Proxy

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
49152

ProductName
Microsoft Windows Operating System

ProductVersionNumber
6.7.2100.5512

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 e52a8d15ee08d7f8b4efca1b16daaefb
SHA1 336c0f8adb0c916d3501ac2816ce7b4f11d2df77
SHA256 f5720136e987a0826a0ca2b45de3bcb880be3b055ea96f60e4ef06193047596d
ssdeep
3072:0zq94ikt0Fnf5h/5EJV4hW7LEDVlsJ9z:0eaZteB5E1LUQ

authentihash 727d5ad42302d414a1d712cc2878b0103216d3145acc37e4eb32a9fed93655c2
imphash 9999734634b96e98cf1d91e009d2643c
File size 144.0 KB ( 147456 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Generic Win/DOS Executable (50.0%)
DOS Executable Generic (49.9%)
Tags
peexe

VirusTotal metadata
First submission 2015-04-23 07:36:15 UTC ( 2 years, 5 months ago )
Last submission 2016-03-15 01:27:09 UTC ( 1 year, 6 months ago )
File names 335.exe
bitsprx4.dll
pierre4.exe.dr
Malware (6).exe
pierre5.exe
335_exe
F5720136E987A0826A0CA2B45DE3BCB880BE3B055EA96F60E4EF06193047596D.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
HTTP requests
DNS requests
TCP connections
UDP communications