× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: f5ce6a2eff32a2cac6979d9ad996b10148d2430f10438ed8b8f6a6132f41e9c8
File name: f5ce6a2eff32a2cac6979d9ad996b10148d2430f10438ed8b8f6a6132f41e9c8.exe
Detection ratio: 57 / 62
Analysis date: 2017-06-25 04:40:15 UTC ( 1 day, 23 hours ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKD.2326992 20170625
AegisLab Troj.Dropper.W32.Injector.lxoj!c 20170623
AhnLab-V3 Trojan/Win32.Upatre.C829224 20170624
ALYac Trojan.GenericKD.2326992 20170625
Antiy-AVL Trojan[Dropper]/Win32.Injector 20170625
Arcabit Trojan.Generic.D2381D0 20170625
Avast Win32:Malware-gen 20170625
AVG Win32:Malware-gen 20170625
Avira (no cloud) TR/Crypt.ZPACK.142060 20170624
AVware Win32.Malware!Drop 20170625
Baidu Win32.Trojan.Kryptik.jc 20170623
BitDefender Trojan.GenericKD.2326992 20170625
Bkav W32.Clod22a.Trojan.2dca 20170624
CAT-QuickHeal TrojanDownloader.Guidar 20170624
ClamAV Win.Trojan.Upatre-14812 20170625
Comodo TrojWare.Win32.Agent.asasss 20170625
CrowdStrike Falcon (ML) malicious_confidence_73% (W) 20170420
Cyren W32/Trojan.VALG-1539 20170625
DrWeb Trojan.Inject1.54688 20170625
Emsisoft Trojan.GenericKD.2326992 (B) 20170625
Endgame malicious (high confidence) 20170615
ESET-NOD32 Win32/Zlader.H 20170625
F-Prot W32/Trojan3.PFU 20170625
F-Secure Trojan.GenericKD.2326992 20170625
Fortinet W32/Injector.H!tr 20170625
GData Win32.Trojan.Agent.LNPP8A 20170625
Ikarus Trojan-Downloader.Win32.Upatre 20170624
Invincea heuristic 20170607
Jiangmin TrojanDropper.Injector.avyn 20170625
K7AntiVirus Trojan ( 004bee661 ) 20170623
K7GW Trojan ( 004bee661 ) 20170625
Kaspersky Trojan-Dropper.Win32.Injector.lxoj 20170625
Malwarebytes Trojan.Upatre 20170625
McAfee Generic.vy 20170625
McAfee-GW-Edition BehavesLike.Win32.Downloader.ph 20170624
Microsoft TrojanDownloader:Win32/Guidar.A 20170625
eScan Trojan.GenericKD.2326992 20170625
NANO-Antivirus Trojan.Win32.Inject.efhfei 20170625
nProtect Trojan-Dropper/W32.Injector.50688.C 20170625
Palo Alto Networks (Known Signatures) generic.ml 20170625
Panda Trj/Agent.IVN 20170624
Qihoo-360 HEUR/QVM06.2.Malware.Gen 20170625
Rising Trojan.Generic (cloud:MoIrwjIKXQI) 20170625
SentinelOne (Static ML) static engine - malicious 20170516
Sophos Troj/Dyreza-EG 20170625
Symantec Downloader.Upatre 20170624
Tencent Win32.Trojan.Fakedoc.Auto 20170625
TheHacker Trojan/Zlader.h 20170623
TrendMicro TROJ_UPATRE.YYSJI 20170625
TrendMicro-HouseCall TROJ_UPATRE.YYSJI 20170625
VBA32 TrojanDropper.Injector 20170623
VIPRE Win32.Malware!Drop 20170625
ViRobot Trojan.Win32.Agent.50688.BF 20170624
Webroot W32.Infostealer.Gen 20170625
Yandex Trojan.Zlader!EBco07gOEeY 20170623
Zillya Downloader.Upatre.Win32.23960 20170623
ZoneAlarm by Check Point Trojan-Dropper.Win32.Injector.lxoj 20170625
Alibaba 20170623
CMC 20170619
Kingsoft 20170625
SUPERAntiSpyware 20170623
Symantec Mobile Insight 20170623
TotalDefense 20170625
Trustlook 20170625
WhiteArmor 20170616
Zoner 20170625
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-04-27 11:01:19
Entry Point 0x0000192E
Number of sections 4
PE sections
PE imports
HeapAlloc
lstrlenA
GetFileSize
GetModuleHandleA
ReadFile
DeleteFileA
GetCurrentDirectoryA
lstrcpyA
GetStartupInfoA
ExitProcess
CloseHandle
CreateFileMappingA
CreateFileA
GetCommandLineA
LoadLibraryA
GetProcessHeap
GetMessageA
UpdateWindow
GetScrollRange
EndDialog
GetScrollPos
PostQuitMessage
DefWindowProcA
ShowWindow
DispatchMessageA
WindowFromPoint
TranslateMessage
DialogBoxParamA
RegisterClassExA
SetWindowTextA
LoadStringA
SendMessageA
GetClientRect
LoadAcceleratorsA
CreateWindowExA
LoadCursorA
LoadIconA
TranslateAcceleratorA
Number of PE resources by type
RT_ICON 1
RT_MANIFEST 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 3
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2015:04:27 12:01:19+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
29184

LinkerVersion
7.1

EntryPoint
0x192e

InitializedDataSize
21504

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 784f8d6818cd23dd18c8f059a6b5d3d5
SHA1 7385816b91b0fff4b1f26dffbcf938b32143d683
SHA256 f5ce6a2eff32a2cac6979d9ad996b10148d2430f10438ed8b8f6a6132f41e9c8
ssdeep
768:0EykynCbwv0Sat798NlEH1Ul96+Ds/cv:0nxCF9wC1UlFsEv

authentihash fa96c0a508ebcb10f48c66d37d462325c8d4c0a6aaba893ea405e3e875f74848
imphash 352e44b3a2386dc717bff9d749a5215f
File size 49.5 KB ( 50688 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.4%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2015-04-27 14:12:31 UTC ( 2 years, 2 months ago )
Last submission 2016-03-16 02:57:01 UTC ( 1 year, 3 months ago )
File names 22.exe
04.exe
scan002.exe_
IncomingFax.exe.vir
calc.exe
message_zdm.exe
Scan001_812901_041.exe
message_zdm.bin
784f8d6818cd23dd18c8f059a6b5d3d5.exe
VirusShare_784f8d6818cd23dd18c8f059a6b5d3d5
f5ce6a2eff32a2cac6979d9ad996b10148d2430f10438ed8b8f6a6132f41e9c8.exe
Scan001_812901_041.exe.xxx
message_zdm.exe-2015-04-27.23-50-02.txt
IncomingFax.exe
IncomingFax.vxe
message_zdm.ex_
message_zdm.vxe
547a7f589abf317c16c589cfc28080db0a30f4cc
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Created processes
Opened mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
UDP communications