× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: fb96628a54bf2ed5c9eddeb30843013a7b6c301b66790eed0a1e199e4a6b3122
File name: auditreport.exe
Detection ratio: 4 / 54
Analysis date: 2016-02-15 13:23:26 UTC ( 3 years, 3 months ago ) View latest
Antivirus Result Update
AegisLab Uds.Dangerousobject.Multi!c 20160215
Kaspersky UDS:DangerousObject.Multi.Generic 20160215
Qihoo-360 QVM07.1.Malware.Gen 20160215
Sophos AV Mal/Generic-S 20160215
Ad-Aware 20160215
Yandex 20160213
AhnLab-V3 20160214
Alibaba 20160215
ALYac 20160215
Antiy-AVL 20160215
Arcabit 20160215
Avast 20160215
AVG 20160215
Avira (no cloud) 20160215
Baidu-International 20160215
BitDefender 20160215
Bkav 20160215
ByteHero 20160215
CAT-QuickHeal 20160215
ClamAV 20160215
CMC 20160214
Comodo 20160215
Cyren 20160215
DrWeb 20160215
Emsisoft 20160215
ESET-NOD32 20160215
F-Prot 20160215
F-Secure 20160215
Fortinet 20160215
GData 20160215
Ikarus 20160215
Jiangmin 20160215
K7AntiVirus 20160215
K7GW 20160215
Malwarebytes 20160215
McAfee 20160215
McAfee-GW-Edition 20160215
Microsoft 20160215
eScan 20160215
NANO-Antivirus 20160215
nProtect 20160212
Panda 20160214
Rising 20160215
SUPERAntiSpyware 20160215
Symantec 20160214
Tencent 20160215
TheHacker 20160213
TrendMicro 20160215
TrendMicro-HouseCall 20160215
VBA32 20160215
VIPRE 20160215
ViRobot 20160215
Zillya 20160213
Zoner 20160215
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2006-04-26 12:20:39
Entry Point 0x00044C38
Number of sections 4
PE sections
PE imports
SetSecurityDescriptorDacl
GetSecurityDescriptorSacl
SetGraphicsMode
PlayMetaFileRecord
CreatePolygonRgn
GetTextCharsetInfo
CreateMetaFileA
CreatePen
GetRgnBox
SaveDC
TextOutA
GetEnhMetaFileBits
GetTextMetricsA
LPtoDP
GetClipBox
UnrealizeObject
GetViewportOrgEx
GetObjectType
GetGlyphOutlineA
PolyDraw
CancelDC
RestoreDC
GetTextExtentPointA
GetWindowOrgEx
GetWorldTransform
EnumMetaFile
RectInRegion
GetObjectW
BitBlt
GetCharWidthA
ExtSelectClipRgn
RealizePalette
CreateHatchBrush
SetMetaFileBitsEx
GetDeviceCaps
CreateEnhMetaFileW
SetAbortProc
SetTextAlign
CreateBitmap
RectVisible
PolyBezierTo
EqualRgn
GetBkMode
StrokePath
GetDIBits
CreateEnhMetaFileA
ExtCreateRegion
GdiFlush
SelectClipRgn
GetBrushOrgEx
GetTextAlign
EnumFontFamiliesExW
GetTextFaceA
ScaleViewportExtEx
ExtEscape
CreateRectRgn
CreateFontIndirectA
GetTextColor
GetTextExtentPoint32A
GetNearestPaletteIndex
MoveToEx
GetWinMetaFileBits
EnumEnhMetaFile
GetEnhMetaFileHeader
EnumFontsW
PtVisible
ExtCreatePen
RemoveFontResourceA
SetTextCharacterExtra
BeginPath
GetBkColor
CreatePenIndirect
SymGetSymPrev
ImageGetCertificateHeader
ImageRvaToSection
SymGetModuleBase
MapDebugInformation
ImageGetDigestStream
ImageAddCertificate
UnMapAndLoad
SymEnumerateModules
SymGetSymFromAddr
SymGetSymFromName
ImageLoad
MapAndLoad
MapFileAndCheckSumA
ImageEnumerateCertificates
SymLoadModule
MapFileAndCheckSumW
ReBaseImage
GetTimestampForLoadedLibrary
SymRegisterCallback
ImagehlpApiVersionEx
UnmapDebugInformation
MakeSureDirectoryPathExists
ImageGetCertificateData
SymSetSearchPath
ImmGetRegisterWordStyleA
ImmGetConversionStatus
ImmGetCompositionFontA
ImmGetCompositionWindow
ImmGetCompositionStringA
ImmDestroyContext
ImmGetGuideLineA
ImmInstallIMEA
ImmUnregisterWordA
ImmSetCandidateWindow
ImmSetStatusWindowPos
ImmGetProperty
GetStartupInfoA
FindCloseChangeNotification
GetModuleHandleA
ContinueDebugEvent
FindAtomA
DebugBreak
GetThreadLocale
CreateTapePartition
__p__fmode
getc
_ismbcgraph
ctime
_acmdln
_adjust_fdiv
__p___wargv
__p__commode
_eof
_controlfp
__setusermatherr
setvbuf
__set_app_type
RasGetCountryInfoA
RasGetProjectionInfoA
RasEnumEntriesA
FtpDeleteFileA
InternetTimeToSystemTime
FtpSetCurrentDirectoryA
InternetCloseHandle
RetrieveUrlCacheEntryStreamA
UnlockUrlCacheEntryFile
HttpSendRequestW
InternetDial
CreateUrlCacheEntryW
HttpSendRequestExA
PrintDlgW
GetSaveFileNameW
ReplaceTextW
ChooseFontA
CommDlgExtendedError
Number of PE resources by type
RT_ICON 5
RT_GROUP_ICON 5
RT_MENU 3
RT_ACCELERATOR 3
RT_BITMAP 1
qqto4k5vI 1
RT_VERSION 1
Number of PE resources by language
KYRGYZ DEFAULT 19
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
7.0

ImageVersion
0.0

FileVersionNumber
0.212.111.37

UninitializedDataSize
0

LanguageCode
Neutral

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
180224

EntryPoint
0x44c38

OriginalFileName
Bloodbath.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright 2015

FileVersion
59, 133, 42, 185

TimeStamp
2006:04:26 13:20:39+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Absorptive

ProductVersion
81, 187, 228, 103

FileDescription
Vertigo

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

CompanyName
Neon Labs, Inc.

CodeSize
278528

FileSubtype
0

ProductVersionNumber
0.80.249.50

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 0e290ceed6a4ffc492940a018a39fdef
SHA1 8c19926507309dc39a2e4935cbf3338596adf2c3
SHA256 fb96628a54bf2ed5c9eddeb30843013a7b6c301b66790eed0a1e199e4a6b3122
ssdeep
6144:x+HNaz1XG0oU6OFIzFoCWlVdSwkyeEuAUcq/6tfYcMWChcF:MHN0rFFaA/SLEkwtfYnWChG

authentihash be3d5a31d97156bee42e81142bd81121ef490f0abb36559e4fc4684d40ae1374
imphash cc9811c783534ae66603c51f1fcba67e
File size 348.0 KB ( 356352 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Tags
peexe

VirusTotal metadata
First submission 2016-02-15 12:47:42 UTC ( 3 years, 3 months ago )
Last submission 2016-12-15 22:38:18 UTC ( 2 years, 5 months ago )
File names psexec.exe
fiscal_auditreport.php
auditreport.exe
0e290ceed6a4ffc492940a018a39fdef.exe
yFUYIdsf.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Opened service managers
Opened services
Runtime DLLs
HTTP requests
DNS requests
TCP connections
UDP communications