× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: f6823070b630851948e87078392bbb94f57cc126d9c20d068a461039eb5e4635
File name: malware4.exe
Detection ratio: 30 / 56
Analysis date: 2015-04-23 12:32:06 UTC ( 4 years, 1 month ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.2314423 20150423
AhnLab-V3 Trojan/Win32.Agent 20150423
Avast Win32:Malware-gen 20150423
AVG Crypt4.RZN 20150423
Avira (no cloud) TR/Crypt.Xpack.191167 20150423
AVware Win32.Malware!Drop 20150423
Baidu-International Worm.Win32.Cridex.qif 20150421
BitDefender Trojan.GenericKD.2314423 20150423
Emsisoft Trojan.GenericKD.2314423 (B) 20150423
ESET-NOD32 a variant of Win32/Kryptik.DFXC 20150423
F-Secure Trojan.GenericKD.2314423 20150423
Fortinet W32/Dloadr.DXQ!tr 20150423
GData Trojan.GenericKD.2314423 20150423
Ikarus Trojan.Win32.Crypt 20150423
K7AntiVirus Trojan ( 004be4331 ) 20150423
K7GW Trojan ( 004be4331 ) 20150423
Kaspersky Worm.Win32.Cridex.qif 20150423
Malwarebytes Trojan.FakeMS 20150423
McAfee Downloader-FAQR!5463F3A83EF1 20150423
Microsoft Trojan:Win32/Dynamer!ac 20150423
eScan Trojan.GenericKD.2314423 20150423
nProtect Trojan.GenericKD.2314423 20150423
Panda Generic Suspicious 20150423
Qihoo-360 HEUR/QVM19.1.Malware.Gen 20150423
Rising PE:Trojan.Obfuscated!1.9A68 20150423
Sophos AV Troj/Dloadr-DXQ 20150423
Symantec Trojan.Cridex 20150423
Tencent Trojan.Win32.Qudamah.Gen.2 20150423
TrendMicro-HouseCall Suspicious_GEN.F47V0421 20150423
VIPRE Win32.Malware!Drop 20150423
AegisLab 20150423
Yandex 20150422
Alibaba 20150423
Antiy-AVL 20150423
Bkav 20150423
ByteHero 20150423
CAT-QuickHeal 20150423
ClamAV 20150423
CMC 20150423
Comodo 20150423
Cyren 20150423
DrWeb 20150423
F-Prot 20150423
Jiangmin 20150422
Kingsoft 20150423
McAfee-GW-Edition 20150422
NANO-Antivirus 20150422
Norman 20150423
SUPERAntiSpyware 20150423
TheHacker 20150422
TotalDefense 20150423
TrendMicro 20150423
VBA32 20150423
ViRobot 20150423
Zillya 20150422
Zoner 20150422
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Microsoft® Windows® Operating System
Original name bitsprx4.dll
Internal name bitsprx4.dll
File version 6.7.2300.5512 (xpsp.080413-2108)
Description Background Intelligent Transfer Service 2.5 Proxy
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-04-21 11:29:05
Entry Point 0x0000107D
Number of sections 6
PE sections
PE imports
ExitThread
GetConsoleProcessList
SwitchToFiber
BuildCommDCBAndTimeoutsA
SetupGetLineTextW
SHQueryRecycleBinW
cos
isalpha
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
8.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
6.7.2300.5512

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
110592

EntryPoint
0x107d

OriginalFileName
bitsprx4.dll

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights reserved.

FileVersion
6.7.2300.5512 (xpsp.080413-2108)

TimeStamp
2015:04:21 12:29:05+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
bitsprx4.dll

ProductVersion
6.7.2300.5512

FileDescription
Background Intelligent Transfer Service 2.5 Proxy

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
45056

ProductName
Microsoft Windows Operating System

ProductVersionNumber
6.7.2300.5512

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 5463f3a83ef14a4f936fc69128d6911a
SHA1 df45f7dc23175a87294557649b7234e103864224
SHA256 f6823070b630851948e87078392bbb94f57cc126d9c20d068a461039eb5e4635
ssdeep
1536:2Mw7TzoWrRcf+SXcUYQQzWmNpVY5QwQNs1N1TgC9vPuwtrWol0Cvkz:2I8Kf1BrQamTVYrQG1NFvPFrWo2pz

authentihash 7fdfa02734890fb40849a45673764946bbde76897da78d053f2de84a44f372f7
imphash da2e302145ba144f9d7cab48710502ba
File size 136.0 KB ( 139264 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Tags
peexe

VirusTotal metadata
First submission 2015-04-21 12:34:46 UTC ( 4 years, 1 month ago )
Last submission 2016-03-15 01:27:57 UTC ( 3 years, 2 months ago )
File names bitsprx4.dll
F6823070B630851948E87078392BBB94F57CC126D9C20D068A461039EB5E4635.exe
2e0eaj3R.exe
malware4.exe
fr.exe
fr.gif
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
HTTP requests
DNS requests
TCP connections
UDP communications