× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: f5ce6a2eff32a2cac6979d9ad996b10148d2430f10438ed8b8f6a6132f41e9c8
File name: f5ce6a2eff32a2cac6979d9ad996b10148d2430f10438ed8b8f6a6132f41e9c8.exe
Detection ratio: 56 / 61
Analysis date: 2017-03-23 05:20:01 UTC ( 16 hours, 40 minutes ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKD.2326992 20170323
AegisLab Troj.Dropper.W32.Injector.lxoj!c 20170323
AhnLab-V3 Trojan/Win32.Upatre.C829224 20170323
ALYac Trojan.GenericKD.2326992 20170323
Antiy-AVL Trojan[Dropper]/Win32.Injector 20170323
Arcabit Trojan.Generic.D2381D0 20170323
Avast Win32:Malware-gen 20170323
AVG Luhe.Fiha.A 20170323
Avira (no cloud) TR/Crypt.ZPACK.142060 20170322
AVware Win32.Malware!Drop 20170323
Baidu Win32.Trojan.Kryptik.jc 20170323
BitDefender Trojan.GenericKD.2326992 20170323
Bkav W32.Clod22a.Trojan.2dca 20170322
CAT-QuickHeal TrojanDownloader.Guidar 20170322
ClamAV Win.Trojan.Upatre-14812 20170323
Comodo TrojWare.Win32.Agent.asasss 20170322
CrowdStrike Falcon (ML) malicious_confidence_83% (W) 20170130
Cyren W32/Trojan.VALG-1539 20170323
DrWeb Trojan.Inject1.54688 20170323
Emsisoft Trojan.GenericKD.2326992 (B) 20170323
Endgame malicious (high confidence) 20170317
ESET-NOD32 Win32/Zlader.H 20170323
F-Prot W32/Trojan3.PFU 20170323
F-Secure Trojan.GenericKD.2326992 20170323
Fortinet W32/Injector.H!tr 20170323
GData Win32.Trojan.Agent.LNPP8A 20170323
Ikarus Trojan-Downloader.Win32.Upatre 20170322
Invincea trojandownloader.win32.upatre.az 20170203
Jiangmin TrojanDropper.Injector.avyn 20170323
K7AntiVirus Trojan ( 004bee661 ) 20170323
K7GW Trojan ( 004bee661 ) 20170323
Kaspersky Trojan-Dropper.Win32.Injector.lxoj 20170323
Malwarebytes Trojan.Upatre 20170323
McAfee Generic.vy 20170323
McAfee-GW-Edition BehavesLike.Win32.Downloader.ph 20170323
Microsoft TrojanDownloader:Win32/Guidar.A 20170323
eScan Trojan.GenericKD.2326992 20170323
NANO-Antivirus Trojan.Win32.Injector.efhfei 20170323
nProtect Trojan-Dropper/W32.Injector.50688.C 20170323
Palo Alto Networks (Known Signatures) generic.ml 20170323
Panda Trj/Agent.IVN 20170322
Qihoo-360 HEUR/QVM06.2.Malware.Gen 20170323
Rising Trojan.Generic (cloud:MoIrwjIKXQI) 20170323
SentinelOne (Static ML) static engine - malicious 20170315
Sophos Troj/Dyreza-EG 20170323
Symantec Downloader.Upatre 20170322
Tencent Win32.Trojan.Fakedoc.Auto 20170323
TheHacker Trojan/Zlader.h 20170321
TrendMicro-HouseCall TROJ_UPATRE.YYSJI 20170323
VBA32 TrojanDropper.Injector 20170322
VIPRE Win32.Malware!Drop 20170323
ViRobot Trojan.Win32.Agent.50688.BF[h] 20170323
Webroot W32.Infostealer.Gen 20170323
Yandex Trojan.Zlader!EBco07gOEeY 20170321
Zillya Downloader.Upatre.Win32.23960 20170322
ZoneAlarm by Check Point Trojan-Dropper.Win32.Injector.lxoj 20170323
Alibaba 20170323
CMC 20170317
Kingsoft 20170323
SUPERAntiSpyware 20170323
Symantec Mobile Insight 20170322
TotalDefense 20170323
Trustlook 20170323
WhiteArmor 20170315
Zoner 20170323
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-04-27 11:01:19
Entry Point 0x0000192E
Number of sections 4
PE sections
PE imports
HeapAlloc
lstrlenA
GetFileSize
GetModuleHandleA
ReadFile
DeleteFileA
GetCurrentDirectoryA
lstrcpyA
GetStartupInfoA
ExitProcess
CloseHandle
CreateFileMappingA
CreateFileA
GetCommandLineA
LoadLibraryA
GetProcessHeap
GetMessageA
UpdateWindow
GetScrollRange
EndDialog
GetScrollPos
PostQuitMessage
DefWindowProcA
ShowWindow
DispatchMessageA
WindowFromPoint
TranslateMessage
DialogBoxParamA
RegisterClassExA
SetWindowTextA
LoadStringA
SendMessageA
GetClientRect
LoadAcceleratorsA
CreateWindowExA
LoadCursorA
LoadIconA
TranslateAcceleratorA
Number of PE resources by type
RT_ICON 1
RT_MANIFEST 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 3
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2015:04:27 12:01:19+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
29184

LinkerVersion
7.1

EntryPoint
0x192e

InitializedDataSize
21504

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 784f8d6818cd23dd18c8f059a6b5d3d5
SHA1 7385816b91b0fff4b1f26dffbcf938b32143d683
SHA256 f5ce6a2eff32a2cac6979d9ad996b10148d2430f10438ed8b8f6a6132f41e9c8
ssdeep
768:0EykynCbwv0Sat798NlEH1Ul96+Ds/cv:0nxCF9wC1UlFsEv

authentihash fa96c0a508ebcb10f48c66d37d462325c8d4c0a6aaba893ea405e3e875f74848
imphash 352e44b3a2386dc717bff9d749a5215f
File size 49.5 KB ( 50688 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.4%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2015-04-27 14:12:31 UTC ( 1 year, 11 months ago )
Last submission 2016-03-16 02:57:01 UTC ( 1 year ago )
File names 22.exe
04.exe
scan002.exe_
IncomingFax.exe.vir
calc.exe
message_zdm.exe
Scan001_812901_041.exe
message_zdm.bin
784f8d6818cd23dd18c8f059a6b5d3d5.exe
VirusShare_784f8d6818cd23dd18c8f059a6b5d3d5
f5ce6a2eff32a2cac6979d9ad996b10148d2430f10438ed8b8f6a6132f41e9c8.exe
Scan001_812901_041.exe.xxx
message_zdm.exe-2015-04-27.23-50-02.txt
IncomingFax.exe
IncomingFax.vxe
message_zdm.ex_
message_zdm.vxe
547a7f589abf317c16c589cfc28080db0a30f4cc
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Created processes
Opened mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
UDP communications