× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: f5ce6a2eff32a2cac6979d9ad996b10148d2430f10438ed8b8f6a6132f41e9c8
File name: f5ce6a2eff32a2cac6979d9ad996b10148d2430f10438ed8b8f6a6132f41e9c8.exe
Detection ratio: 58 / 65
Analysis date: 2017-08-23 04:47:03 UTC ( 12 hours, 43 minutes ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKD.2326992 20170823
AegisLab Troj.Dropper.W32.Injector.lxoj!c 20170823
AhnLab-V3 Trojan/Win32.Upatre.C829224 20170823
ALYac Trojan.GenericKD.2326992 20170823
Antiy-AVL Trojan[Dropper]/Win32.Injector 20170823
Arcabit Trojan.Generic.D2381D0 20170823
Avast Win32:Malware-gen 20170823
AVG Win32:Malware-gen 20170823
Avira (no cloud) TR/Crypt.ZPACK.142060 20170822
AVware Win32.Malware!Drop 20170823
Baidu Win32.Trojan.Kryptik.jc 20170823
BitDefender Trojan.GenericKD.2326992 20170823
CAT-QuickHeal TrojanDownloader.Guidar 20170822
ClamAV Win.Trojan.Upatre-14812 20170822
Comodo TrojWare.Win32.Agent.asasss 20170823
CrowdStrike Falcon (ML) malicious_confidence_60% (W) 20170804
Cylance Unsafe 20170823
Cyren W32/Trojan.VALG-1539 20170823
DrWeb Trojan.Inject1.54688 20170823
Emsisoft Trojan.GenericKD.2326992 (B) 20170823
Endgame malicious (high confidence) 20170821
ESET-NOD32 Win32/Zlader.H 20170823
F-Prot W32/Trojan3.PFU 20170823
F-Secure Trojan.GenericKD.2326992 20170823
Fortinet W32/Injector.H!tr 20170823
GData Win32.Trojan.Agent.LNPP8A 20170823
Ikarus Trojan-Downloader.Win32.Upatre 20170822
Sophos ML heuristic 20170822
Jiangmin TrojanDropper.Injector.avyn 20170823
K7AntiVirus Trojan ( 004bee661 ) 20170823
K7GW Trojan ( 004bee661 ) 20170821
Kaspersky Trojan-Dropper.Win32.Injector.lxoj 20170823
Malwarebytes Trojan.Upatre 20170823
McAfee Generic.vy 20170823
McAfee-GW-Edition BehavesLike.Win32.Downloader.ph 20170823
Microsoft TrojanDownloader:Win32/Guidar.A 20170822
eScan Trojan.GenericKD.2326992 20170823
NANO-Antivirus Trojan.Win32.Inject.efhfei 20170823
nProtect Trojan-Dropper/W32.Injector.50688.C 20170823
Palo Alto Networks (Known Signatures) generic.ml 20170823
Panda Trj/Agent.IVN 20170822
Qihoo-360 HEUR/QVM06.2.Malware.Gen 20170823
Rising Trojan.Generic (cloud:MoIrwjIKXQI) 20170823
SentinelOne (Static ML) static engine - malicious 20170806
Sophos AV Troj/Dyreza-EG 20170823
Symantec Downloader.Upatre 20170823
Tencent Win32.Trojan.Fakedoc.Auto 20170823
TheHacker Trojan/Zlader.h 20170821
TrendMicro TROJ_UPATRE.YYSJI 20170823
TrendMicro-HouseCall TROJ_UPATRE.YYSJI 20170823
VBA32 TrojanDropper.Injector 20170822
VIPRE Win32.Malware!Drop 20170823
ViRobot Trojan.Win32.Agent.50688.BF 20170823
Webroot W32.Infostealer.Gen 20170823
WhiteArmor Malware.HighConfidence 20170817
Yandex Trojan.Zlader!EBco07gOEeY 20170821
Zillya Downloader.Upatre.Win32.23960 20170822
ZoneAlarm by Check Point Trojan-Dropper.Win32.Injector.lxoj 20170823
Bkav 20170823
CMC 20170822
Kingsoft 20170823
MAX 20170823
SUPERAntiSpyware 20170823
Symantec Mobile Insight 20170823
TotalDefense 20170823
Trustlook 20170823
Zoner 20170823
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-04-27 11:01:19
Entry Point 0x0000192E
Number of sections 4
PE sections
PE imports
HeapAlloc
lstrlenA
GetFileSize
GetModuleHandleA
ReadFile
DeleteFileA
GetCurrentDirectoryA
lstrcpyA
GetStartupInfoA
ExitProcess
CloseHandle
CreateFileMappingA
CreateFileA
GetCommandLineA
LoadLibraryA
GetProcessHeap
GetMessageA
UpdateWindow
GetScrollRange
EndDialog
GetScrollPos
PostQuitMessage
DefWindowProcA
ShowWindow
DispatchMessageA
WindowFromPoint
TranslateMessage
DialogBoxParamA
RegisterClassExA
SetWindowTextA
LoadStringA
SendMessageA
GetClientRect
LoadAcceleratorsA
CreateWindowExA
LoadCursorA
LoadIconA
TranslateAcceleratorA
Number of PE resources by type
RT_ICON 1
RT_MANIFEST 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 3
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2015:04:27 12:01:19+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
29184

LinkerVersion
7.1

EntryPoint
0x192e

InitializedDataSize
21504

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 784f8d6818cd23dd18c8f059a6b5d3d5
SHA1 7385816b91b0fff4b1f26dffbcf938b32143d683
SHA256 f5ce6a2eff32a2cac6979d9ad996b10148d2430f10438ed8b8f6a6132f41e9c8
ssdeep
768:0EykynCbwv0Sat798NlEH1Ul96+Ds/cv:0nxCF9wC1UlFsEv

authentihash fa96c0a508ebcb10f48c66d37d462325c8d4c0a6aaba893ea405e3e875f74848
imphash 352e44b3a2386dc717bff9d749a5215f
File size 49.5 KB ( 50688 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.4%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2015-04-27 14:12:31 UTC ( 2 years, 3 months ago )
Last submission 2016-03-16 02:57:01 UTC ( 1 year, 5 months ago )
File names 22.exe
04.exe
scan002.exe_
IncomingFax.exe.vir
calc.exe
message_zdm.exe
Scan001_812901_041.exe
message_zdm.bin
784f8d6818cd23dd18c8f059a6b5d3d5.exe
VirusShare_784f8d6818cd23dd18c8f059a6b5d3d5
f5ce6a2eff32a2cac6979d9ad996b10148d2430f10438ed8b8f6a6132f41e9c8.exe
Scan001_812901_041.exe.xxx
message_zdm.exe-2015-04-27.23-50-02.txt
IncomingFax.exe
IncomingFax.vxe
message_zdm.ex_
message_zdm.vxe
547a7f589abf317c16c589cfc28080db0a30f4cc
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Created processes
Opened mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
UDP communications