× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: fd4e8885fb3d8debd83ae984ba45cd062dd2e31abd45751be0a2984400bd9537
File name: 31defde79266a9d5c32d99ce1643549f.dec
Detection ratio: 22 / 56
Analysis date: 2015-06-24 13:09:48 UTC ( 3 years ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Dyzap.16 20150624
ALYac Gen:Variant.Dyzap.16 20150624
Arcabit Trojan.Dyzap.16 20150624
Avast Win32:Injector-CPV [Trj] 20150624
AVG Win32/DH{eYETICIjfAA1} 20150624
Avira (no cloud) W32/Etap 20150624
BitDefender Gen:Variant.Dyzap.16 20150624
Comodo TrojWare.Win32.PWS.Dyzap.MY 20150624
Cyren W32/Dropper.gen8!Maximus 20150624
DrWeb MULDROP.Trojan 20150624
Emsisoft Gen:Variant.Dyzap.16 (B) 20150624
ESET-NOD32 a variant of Win32/Exploit.CVE-2013-3660.P 20150624
F-Prot W32/Dropper.gen8!Maximus 20150624
F-Secure Gen:Variant.Dyzap.16 20150624
GData Gen:Variant.Dyzap.16 20150624
Malwarebytes Spyware.Dyre 20150624
eScan Gen:Variant.Dyzap.16 20150624
Panda Trj/Genetic.gen 20150624
Sophos AV Troj/UACMe-A 20150624
TrendMicro Cryp_Xin2 20150624
TrendMicro-HouseCall Cryp_Xin2 20150624
VBA32 suspected of Trojan.Downloader.gen.h 20150624
AegisLab 20150624
Yandex 20150623
AhnLab-V3 20150624
Alibaba 20150624
Antiy-AVL 20150624
AVware 20150624
Baidu-International 20150624
Bkav 20150624
ByteHero 20150624
CAT-QuickHeal 20150624
ClamAV 20150624
Fortinet 20150624
Ikarus 20150624
Jiangmin 20150623
K7AntiVirus 20150624
K7GW 20150624
Kaspersky 20150624
Kingsoft 20150624
McAfee 20150624
McAfee-GW-Edition 20150624
Microsoft 20150624
NANO-Antivirus 20150624
nProtect 20150624
Qihoo-360 20150624
Rising 20150623
SUPERAntiSpyware 20150623
Symantec 20150624
Tencent 20150624
TheHacker 20150622
TotalDefense 20150624
VIPRE 20150624
ViRobot 20150624
Zillya 20150624
Zoner 20150624
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-06-24 12:17:40
Entry Point 0x0000153D
Number of sections 5
PE sections
PE imports
GetTokenInformation
GetSidSubAuthorityCount
LookupPrivilegeValueA
GetSidSubAuthority
RegCloseKey
OpenProcessToken
AdjustTokenPrivileges
FreeSid
RegQueryValueExA
AllocateAndInitializeSid
RegEnumKeyA
RegSetValueExA
EqualSid
RegOpenKeyExA
CreateToolhelp32Snapshot
GetLastError
HeapFree
OpenProcess
GetSystemInfo
lstrcpynA
GetModuleFileNameW
ExitProcess
FlushFileBuffers
GetVersionExA
GetModuleFileNameA
LoadLibraryA
Process32Next
Process32NextW
HeapAlloc
GetCurrentProcess
SizeofResource
lstrlenA
LocalAlloc
Process32First
LockResource
CreateDirectoryA
DeleteFileA
DeleteFileW
lstrcatW
TerminateThread
Process32FirstW
GetProcessHeap
SetFilePointer
GetTempPathA
lstrcmpiA
CreateThread
GetFileAttributesA
GetModuleHandleA
lstrcmpA
lstrcatA
lstrcpyA
CloseHandle
GetComputerNameA
ExpandEnvironmentStringsA
LocalFree
TerminateProcess
CreateProcessA
lstrcmpiW
GetEnvironmentVariableA
LoadResource
WriteFile
Sleep
CreateFileA
GetTickCount
FindResourceA
GetCurrentProcessId
GetProcAddress
ShellExecuteExA
ShellExecuteExW
PathRemoveArgsA
PathRemoveFileSpecW
PathRemoveFileSpecA
PathGetArgsA
GetWindowLongA
RemovePropA
CreatePopupMenu
wsprintfA
SetPropA
GetMenuItemRect
RegisterClassExW
EnumWindows
DefWindowProcW
SendMessageA
EnableScrollBar
GetClassNameA
GetDlgItem
CreateWindowExW
wvsprintfA
SwitchToThisWindow
GetClientRect
GetPropA
SetActiveWindow
DestroyWindow
IsThemeActive
InternetConnectA
HttpOpenRequestA
HttpSendRequestA
InternetCloseHandle
InternetOpenA
ZwQueryInformationProcess
_chkstk
strcat
RtlAdjustPrivilege
strcpy
Number of PE resources by type
RT_RCDATA 1
Number of PE resources by language
ENGLISH US 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2015:06:24 13:17:40+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
31232

LinkerVersion
10.0

EntryPoint
0x153d

InitializedDataSize
530944

SubsystemVersion
5.1

ImageVersion
0.0

OSVersion
5.1

UninitializedDataSize
0

Compressed bundles
File identification
MD5 0dedeaa22a1d851b99f76da4a28d046c
SHA1 98d8f79c5be3ebf9ce1c89af8f69567cd400a983
SHA256 fd4e8885fb3d8debd83ae984ba45cd062dd2e31abd45751be0a2984400bd9537
ssdeep
6144:c617VoWcW3bbT7f/QBfh+b290Jdv7wRiO0bdwBhblTsmVSEyYIhCct3+EceSXsuj:cktwmaawRTwch3VP6JjceSgg

authentihash bdd638ebc2f897e61dffd2984d198360545388292f8fa3b5b18c44f3f02d258c
imphash 83168b499d80fb368e900be11cb60fbc
File size 550.0 KB ( 563200 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (52.5%)
Windows screen saver (22.0%)
Win32 Dynamic Link Library (generic) (11.0%)
Win32 Executable (generic) (7.5%)
Generic Win/DOS Executable (3.3%)
Tags
peexe cve-2013-3660 exploit

VirusTotal metadata
First submission 2015-06-24 13:09:48 UTC ( 3 years ago )
Last submission 2015-11-23 16:09:01 UTC ( 2 years, 7 months ago )
File names 31defde79266a9d5c32d99ce1643549f.dec
0DEDEAA22A1D851B99F76DA4A28D046C
0DEDEAA22A1D851B99F76DA4A28D046C.exe
0f5e0fb585c87e5af60f8242a48cc260
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
HTTP requests
TCP connections