× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: fa395eb7a30aaeb0f9ef0d015bd83e816063eb81703c621d8e537b038813c300
File name: download_audiograbber.exe
Detection ratio: 4 / 57
Analysis date: 2015-02-03 02:06:51 UTC ( 4 years, 3 months ago ) View latest
Antivirus Result Update
AVG Generic.B6A 20150202
AVware Trojan.Win32.Generic!BT 20150203
ESET-NOD32 a variant of Win32/DownloadGuide.D potentially unwanted 20150203
VIPRE Trojan.Win32.Generic!BT 20150203
Ad-Aware 20150203
AegisLab 20150203
Yandex 20150202
AhnLab-V3 20150202
Alibaba 20150202
ALYac 20150203
Antiy-AVL 20150202
Avast 20150203
Avira (no cloud) 20150203
Baidu-International 20150202
BitDefender 20150203
Bkav 20150202
ByteHero 20150203
CAT-QuickHeal 20150202
ClamAV 20150203
CMC 20150202
Comodo 20150203
Cyren 20150203
DrWeb 20150203
Emsisoft 20150203
F-Prot 20150203
F-Secure 20150203
Fortinet 20150203
GData 20150203
Ikarus 20150203
Jiangmin 20150202
K7AntiVirus 20150202
K7GW 20150203
Kaspersky 20150202
Kingsoft 20150203
Malwarebytes 20150202
McAfee 20150203
McAfee-GW-Edition 20150203
Microsoft 20150203
eScan 20150203
NANO-Antivirus 20150203
Norman 20150202
nProtect 20150130
Panda 20150202
Qihoo-360 20150203
Rising 20150202
Sophos AV 20150203
SUPERAntiSpyware 20150203
Symantec 20150203
Tencent 20150203
TheHacker 20150202
TotalDefense 20150203
TrendMicro 20150203
TrendMicro-HouseCall 20150203
VBA32 20150202
ViRobot 20150203
Zillya 20150202
Zoner 20150202
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Publisher Freemium GmbH
Signature verification Signed file, verified signature
Signers
[+] Freemium GmbH
Status Valid
Issuer None
Valid from 4:41 PM 12/29/2014
Valid to 4:41 PM 12/29/2015
Valid usage Code Signing
Algorithm 1.2.840.113549.1.1.11
Thumbprint 5A632B13A469E4C7C6CC162949EF6A42857B1A53
Serial number 00 FE AC 9D 23 7F 1C 5C 86
[+] Go Daddy Secure Certificate Authority - G2
Status Valid
Issuer None
Valid from 8:00 AM 5/3/2011
Valid to 8:00 AM 5/3/2031
Valid usage All
Algorithm 1.2.840.113549.1.1.11
Thumbprint 27AC9369FAF25207BB2627CEFACCBE4EF9C319B8
Serial number 07
[+] Go Daddy Root Certificate Authority ? G2
Status Valid
Issuer None
Valid from 1:00 AM 9/1/2009
Valid to 12:59 AM 1/1/2038
Valid usage Server Auth, Client Auth, Code Signing, Email Protection, Timestamp Signing, EFS, IPSEC Tunnel, IPSEC User
Algorithm 1.2.840.113549.1.1.11
Thumbprint 47BEABC922EAE80E78783462A79F45C254FDE68B
Serial number 00
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-01-29 16:53:47
Entry Point 0x00024F11
Number of sections 5
PE sections
PE imports
RegCreateKeyExW
RegDeleteValueW
RegCloseKey
RegSetValueExW
RegQueryInfoKeyW
RegEnumKeyExW
RegOpenKeyExW
RegDeleteKeyW
RegQueryValueExW
GetDeviceCaps
DeleteDC
SelectObject
GetStockObject
CreateSolidBrush
GetObjectW
CreateCompatibleDC
DeleteObject
GetStdHandle
InterlockedPopEntrySList
EncodePointer
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
FreeEnvironmentStringsW
SetStdHandle
GetCPInfo
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
FreeLibrary
InterlockedPushEntrySList
LoadResource
FindClose
TlsGetValue
GetFullPathNameW
SetLastError
InterlockedDecrement
GetModuleFileNameW
IsDebuggerPresent
HeapAlloc
HeapSetInformation
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
FlushInstructionCache
SetUnhandledExceptionFilter
MulDiv
IsProcessorFeaturePresent
DecodePointer
TerminateProcess
GlobalAlloc
GetCurrentThreadId
InterlockedIncrement
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
LoadLibraryW
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
FlushFileBuffers
lstrcmpiW
RtlUnwind
GetStartupInfoW
GlobalLock
GetProcessHeap
FindNextFileW
FindFirstFileW
lstrcmpW
GetProcAddress
CreateFileW
GetFileType
TlsSetValue
ExitProcess
LeaveCriticalSection
GetLastError
LCMapStringW
GetConsoleCP
GetEnvironmentStringsW
GlobalUnlock
lstrlenW
SizeofResource
GetCurrentProcessId
GetCommandLineW
WideCharToMultiByte
HeapSize
InterlockedCompareExchange
RaiseException
TlsFree
SetFilePointer
ReadFile
CloseHandle
GetACP
GetModuleHandleW
IsValidCodePage
HeapCreate
FindResourceW
VirtualFree
Sleep
VirtualAlloc
VarUI4FromStr
VariantChangeType
SysStringLen
LoadRegTypeLib
SysStringByteLen
VarBstrCat
VariantClear
SysAllocString
OleCreateFontIndirect
DispCallFunc
VariantCopy
LoadTypeLib
SysFreeString
SysAllocStringByteLen
VariantInit
SetFocus
RegisterWindowMessageW
GetMonitorInfoW
GetClassInfoExW
RedrawWindow
BeginPaint
DefWindowProcW
KillTimer
GetMessageW
ShowWindow
MapWindowPoints
GetParent
SetWindowLongW
IsWindow
PeekMessageW
GetWindowRect
EndPaint
UpdateWindow
MoveWindow
SetWindowPos
TranslateMessage
GetWindowTextLengthW
PostMessageW
GetSysColor
DispatchMessageW
GetDC
ReleaseDC
SendMessageW
UnregisterClassA
GetWindowLongW
IsWindowVisible
SetWindowTextW
GetDlgItem
GetWindow
CallWindowProcW
MonitorFromWindow
ClientToScreen
InvalidateRect
SetTimer
GetClientRect
GetClassNameW
FillRect
CreateAcceleratorTableW
GetWindowTextW
GetDesktopWindow
LoadCursorW
GetFocus
CreateWindowExW
RegisterClassExW
CharNextW
IsChild
DestroyWindow
CreateStreamOnHGlobal
OleLockRunning
CoTaskMemAlloc
CoTaskMemRealloc
CoCreateInstance
OleUninitialize
CoTaskMemFree
OleInitialize
Number of PE resources by type
RT_ICON 8
RT_MANIFEST 1
RT_VERSION 1
RT_RCDATA 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 12
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
10.0

ImageVersion
0.0

FileVersionNumber
3.1.0.170

LanguageCode
Russian

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
287744

MIMEType
application/octet-stream

FileVersion
3.1.0.170

TimeStamp
2015:01:29 17:53:47+01:00

FileType
Win32 EXE

PEType
PE32

FileAccessDate
2015:02:10 03:08:52+01:00

SubsystemVersion
5.1

OSVersion
5.1

FileCreateDate
2015:02:10 03:08:52+01:00

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
338432

FileSubtype
0

ProductVersionNumber
3.1.0.170

EntryPoint
0x24f11

ObjectFileType
Executable application

File identification
MD5 57590d78257669e554e0ea8da730de5b
SHA1 f001bf8b10da24649013ecbb4b4f68252b80fedd
SHA256 fa395eb7a30aaeb0f9ef0d015bd83e816063eb81703c621d8e537b038813c300
ssdeep
12288:F6+kTUo5hzv/nYdz3oyvTCVZrY4VT7evPeBvioyuVX1z5O704ia:9kIuhjvszArY4VT7evPeB3zVFLZa

authentihash a5b3874e8cb880d8ea1bb9a500545f891fe6724d22cba86303494a0ef957a0dc
imphash 5777ad0c6f6a93cf4832073f7bca2513
File size 606.1 KB ( 620608 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe signed

VirusTotal metadata
First submission 2015-02-03 02:06:51 UTC ( 4 years, 3 months ago )
Last submission 2015-02-03 02:06:51 UTC ( 4 years, 3 months ago )
File names download_audiograbber.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Shell commands
Code injections in the following processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
HTTP requests
DNS requests
TCP connections
UDP communications