× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: f7f37988dbc265c08de57d012b0fa3886c071a93573dcba660ef33d6657650b7
File name: DW20.exe
Detection ratio: 9 / 47
Analysis date: 2013-09-02 14:20:44 UTC ( 3 years, 7 months ago ) View latest
Antivirus Result Update
BitDefender Gen:Variant.Graftor.107641 20130902
Emsisoft Gen:Variant.Graftor.107641 (B) 20130902
F-Prot W32/Heuristic-KPP!Eldorado 20130902
F-Secure Gen:Variant.Graftor.107641 20130902
GData Gen:Variant.Graftor.107641 20130902
Ikarus Packed.Win32.PePatch 20130902
Jiangmin Heur:Trojan/DDos 20130902
Kaspersky Trojan-Dropper.Win32.Injector.ixfj 20130902
eScan Gen:Variant.Graftor.107641 20130902
Yandex 20130902
AhnLab-V3 20130902
AntiVir 20130902
Antiy-AVL 20130830
Avast 20130902
AVG 20130902
Baidu 20130816
ByteHero 20130902
CAT-QuickHeal 20130902
ClamAV 20130902
Commtouch 20130902
Comodo 20130902
DrWeb 20130902
ESET-NOD32 20130902
Fortinet 20130902
K7AntiVirus 20130830
K7GW 20130830
Kingsoft 20130829
Malwarebytes 20130902
McAfee 20130902
McAfee-GW-Edition 20130901
Microsoft 20130902
NANO-Antivirus 20130902
Norman 20130902
nProtect 20130902
Panda 20130902
PCTools 20130902
Rising 20130902
Sophos 20130902
SUPERAntiSpyware 20130902
Symantec 20130902
TheHacker 20130901
TotalDefense 20130830
TrendMicro 20130902
TrendMicro-HouseCall 20130902
VBA32 20130902
VIPRE 20130902
ViRobot 20130902
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
F-PROT embedded, embedded
PEiD Armadillo v1.71
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-06-17 13:17:45
Entry Point 0x00002C50
Number of sections 3
PE sections
PE imports
CreateToolhelp32Snapshot
GetLastError
WriteProcessMemory
VirtualAllocEx
GetSystemInfo
WaitForSingleObject
FreeLibrary
GetModuleFileNameA
LoadLibraryA
GetShortPathNameA
CreateRemoteThread
GetStartupInfoA
VirtualFreeEx
GetFileSize
OpenProcess
GetWindowsDirectoryA
Module32First
MultiByteToWideChar
GetProcAddress
GetModuleHandleA
GetTempPathA
RaiseException
SetFilePointer
FindFirstFileA
lstrcatA
Module32Next
WriteFile
CloseHandle
FindNextFileA
InterlockedExchange
FindClose
GetLongPathNameA
Sleep
CreateFileA
LocalAlloc
??9std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
??0Init@ios_base@std@@QAE@XZ
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z
??1_Winit@std@@QAE@XZ
?endl@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??0_Winit@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
_except_handler3
__p__fmode
memset
_acmdln
_exit
_adjust_fdiv
__setusermatherr
_stricmp
__dllonexit
strcmp
sprintf
exit
_XcptFilter
__getmainargs
_initterm
_controlfp
_onexit
strlen
__p__commode
strncpy
__set_app_type
SHGetPathFromIDListA
SHGetSpecialFolderLocation
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2013:06:17 14:17:45+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
12288

LinkerVersion
6.0

EntryPoint
0x2c50

InitializedDataSize
86016

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 5d2a996e66369c93f9e0bdade6ac5299
SHA1 6ef0a0d8678935c135e8a190ad0809a9d78e3fd6
SHA256 f7f37988dbc265c08de57d012b0fa3886c071a93573dcba660ef33d6657650b7
ssdeep
1536:Gy1L/9E6UkyJYbqplvX54kGsBS+tNGKnrG02ccXWfe6eeUrtjSUQ:Gyk6UfjvSkjNGKrx2bXAe6eekdSUQ

authentihash b2015e0087954d039f956d2b92a615c9dae23b799efa5820204ce442e2116e67
imphash e513158fb08b3d9945c0b22faa30bdae
File size 100.0 KB ( 102400 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe armadillo

VirusTotal metadata
First submission 2013-09-02 14:20:44 UTC ( 3 years, 7 months ago )
Last submission 2015-04-01 17:27:19 UTC ( 2 years ago )
File names kbdmgr.exe
DW20.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Set keys
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Searched windows
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
HTTP requests
DNS requests
TCP connections
UDP communications