× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: f8b2b99e850dffd3c838f6d9185e5f01d38dbbb3eade57d14a88357ce77a9da8
File name: f8b2b99e850dffd3c838f6d9185e5f01d38dbbb3eade57d14a88357ce77a9da8.bin
Detection ratio: 21 / 54
Analysis date: 2014-06-21 11:41:16 UTC ( 2 years, 11 months ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Kazy.2137 20140621
AntiVir TR/Kryptik.avp.8 20140621
Avast Sf:Nuclear-B [Trj] 20140621
BitDefender Gen:Variant.Kazy.2137 20140621
Bkav HW32.Laneul.meiu 20140621
Comodo TrojWare.Win32.PSW.Fareit.AH 20140621
DrWeb Trojan.PWS.Stealer.origin 20140621
Emsisoft Gen:Variant.Kazy.2137 (B) 20140621
ESET-NOD32 a variant of Win32/PSW.Fareit.A 20140621
F-Prot W32/A-f0951580!Eldorado 20140621
F-Secure Gen:Variant.Kazy.2137 20140621
Fortinet W32/Kryptik.AVP!tr 20140621
GData Gen:Variant.Kazy.2137 20140621
Ikarus Trojan.Win32.Ransom 20140621
Kaspersky Trojan-PSW.Win32.Tepfer.gen 20140621
McAfee PWS-Zbot-FAVV!11AF34AEE811 20140621
McAfee-GW-Edition PWS-Zbot-FAVV!11AF34AEE811 20140621
Microsoft PWS:Win32/Fareit.gen!G 20140621
eScan Gen:Variant.Kazy.2137 20140621
Symantec Downloader.Ponik 20140621
VIPRE Trojan.Win32.Fareit.j (fs) 20140621
AegisLab 20140620
Yandex 20140620
AhnLab-V3 20140621
Antiy-AVL 20140619
AVG 20140621
Baidu-International 20140621
ByteHero 20140621
CAT-QuickHeal 20140621
ClamAV 20140621
CMC 20140621
Commtouch 20140621
Jiangmin 20140621
K7AntiVirus 20140621
K7GW 20140621
Kingsoft 20140621
Malwarebytes 20140621
NANO-Antivirus 20140621
Norman 20140621
nProtect 20140620
Panda 20140621
Qihoo-360 20140621
Rising 20140621
Sophos 20140621
SUPERAntiSpyware 20140620
Tencent 20140621
TheHacker 20140617
TotalDefense 20140621
TrendMicro 20140621
TrendMicro-HouseCall 20140621
VBA32 20140620
ViRobot 20140621
Zillya 20140620
Zoner 20140616
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-06-20 19:02:56
Entry Point 0x0000F522
Number of sections 3
PE sections
PE imports
RegOpenCurrentUser
RegOpenKeyA
RegCloseKey
GetUserNameA
RegQueryValueExA
RegSetValueExA
RegEnumValueA
IsTextUnicode
RegOpenKeyExA
RegCreateKeyA
RegEnumKeyExA
CreateToolhelp32Snapshot
GetLastError
Process32First
GetSystemInfo
lstrlenA
GetFileAttributesA
GetPrivateProfileSectionNamesA
LCMapStringA
GetTickCount
GetVersionExA
GlobalUnlock
LoadLibraryA
lstrlenW
Process32Next
GetCurrentProcess
GetCurrentDirectoryA
GetPrivateProfileStringA
GetLocaleInfoA
LocalAlloc
lstrcatA
GetPrivateProfileIntA
CreateDirectoryA
DeleteFileA
GetWindowsDirectoryA
MultiByteToWideChar
OpenProcess
GlobalLock
GetTempPathA
lstrcmpiA
WideCharToMultiByte
MapViewOfFile
GetModuleHandleA
lstrcmpA
ReadFile
SetUnhandledExceptionFilter
lstrcpyA
FindFirstFileA
CloseHandle
CreateFileMappingA
FindNextFileA
ExpandEnvironmentStringsA
LocalFree
UnmapViewOfFile
WriteFile
SetCurrentDirectoryA
FindClose
Sleep
CreateFileA
ExitProcess
GetProcAddress
GetFileSize
CreateStreamOnHGlobal
OleInitialize
CoTaskMemFree
CoCreateGuid
GetHGlobalFromStream
StrStrA
StrRChrIA
StrCmpNIA
StrToIntA
StrStrIA
ObtainUserAgentString
wsprintfA
LoadUserProfileA
UnloadUserProfile
InternetCrackUrlA
InternetCreateUrlA
setsockopt
socket
recv
inet_addr
send
WSAStartup
gethostbyname
connect
closesocket
select
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2014:06:20 20:02:56+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
68096

LinkerVersion
2.5

EntryPoint
0xf522

InitializedDataSize
19456

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

Compressed bundles
File identification
MD5 11af34aee811c1caea16df42abf0b44d
SHA1 6fe7d58567b6fe99d8417c3e03e3be6acc1438aa
SHA256 f8b2b99e850dffd3c838f6d9185e5f01d38dbbb3eade57d14a88357ce77a9da8
ssdeep
1536:jIGto2wQwgqTt/vV07lBfbmcTD9OemOU/TvekzbQTl2/C:M67kwBfbmVOAY4/C

authentihash a4a06fd5400eb30a27836192e52ffa249064ba2c0e2c1ce2e9c161464247adf7
imphash 6d809cf712ffd89f86be8f79e3bcd47d
File size 85.0 KB ( 87040 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Windows screen saver (46.4%)
Win32 Dynamic Link Library (generic) (23.3%)
Win32 Executable (generic) (15.9%)
Generic Win/DOS Executable (7.0%)
DOS Executable Generic (7.0%)
Tags
peexe

VirusTotal metadata
First submission 2014-06-21 11:41:16 UTC ( 2 years, 11 months ago )
Last submission 2014-07-08 09:03:13 UTC ( 2 years, 10 months ago )
File names file-7184304_bin
1.exe
exe.ex
f8b2b99e850dffd3c838f6d9185e5f01d38dbbb3eade57d14a88357ce77a9da8.bin
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
HTTP requests
DNS requests
TCP connections