× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: fd61dbcf1ad9eef9d6bd3af92439535fb6cea6953064fec8da5790ffccb9df95
File name: 880b9ba4694c80198b2df6413aad93c87784a44f
Detection ratio: 15 / 56
Analysis date: 2015-04-06 23:46:04 UTC ( 3 years, 11 months ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Kazy.590859 20150406
ALYac Gen:Variant.Kazy.590859 20150406
Baidu-International Adware.Win32.iBryte.DCYO 20150406
BitDefender Gen:Variant.Kazy.590859 20150406
Emsisoft Gen:Variant.Kazy.590859 (B) 20150406
ESET-NOD32 a variant of Win32/Kryptik.DCYO 20150406
Fortinet W32/Kryptik.DCYO!tr 20150406
GData Gen:Variant.Kazy.590859 20150406
Kaspersky Trojan.Win32.Inject.urfp 20150406
Malwarebytes Trojan.Agent.ED 20150406
McAfee-GW-Edition BehavesLike.Win32.Sdbot.hz 20150406
eScan Gen:Variant.Kazy.590859 20150406
Tencent Trojan.Win32.Qudamah.Gen.3 20150407
VBA32 Malware-Cryptor.General.3 20150406
VIPRE Win32.Malware!Drop 20150407
AegisLab 20150406
Yandex 20150406
AhnLab-V3 20150406
Alibaba 20150406
Antiy-AVL 20150405
Avast 20150406
AVG 20150406
Avira (no cloud) 20150406
AVware 20150406
Bkav 20150406
ByteHero 20150407
CAT-QuickHeal 20150406
ClamAV 20150406
CMC 20150403
Comodo 20150406
Cyren 20150407
DrWeb 20150406
F-Prot 20150406
F-Secure 20150407
Ikarus 20150406
Jiangmin 20150406
K7AntiVirus 20150406
K7GW 20150406
Kingsoft 20150407
McAfee 20150406
Microsoft 20150406
NANO-Antivirus 20150407
Norman 20150406
nProtect 20150406
Panda 20150406
Qihoo-360 20150407
Rising 20150406
Sophos AV 20150406
SUPERAntiSpyware 20150405
Symantec 20150406
TheHacker 20150406
TotalDefense 20150406
TrendMicro 20150406
TrendMicro-HouseCall 20150406
ViRobot 20150406
Zillya 20150405
Zoner 20150403
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2005-04-11 03:26:39
Entry Point 0x00001000
Number of sections 14
PE sections
PE imports
EnumDateFormatsW
CreateDirectoryW
CreateDirectoryExW
LCMapStringW
GlobalHandle
Beep
WaitNamedPipeA
GetDiskFreeSpaceExW
LoadLibraryExW
GetProcessTimes
WinExec
TlsAlloc
ReadFileEx
CancelIo
SetNamedPipeHandleState
GetShortPathNameA
Number of PE resources by type
RT_BITMAP 1
RT_VERSION 1
Number of PE resources by language
NEUTRAL 1
ENGLISH US 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2005:04:11 04:26:39+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
422912

LinkerVersion
0.0

EntryPoint
0x1000

InitializedDataSize
122880

SubsystemVersion
4.1

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 7a0a9dee8f1c7006a59ea7ffbed0e9d9
SHA1 d2a4d0628050b77855bfdf88050ea0689946b108
SHA256 fd61dbcf1ad9eef9d6bd3af92439535fb6cea6953064fec8da5790ffccb9df95
ssdeep
3072:ftCf8UQBgOnMrYKDg/tQqj2xlTQwy6qSE:skV3UYKDg/t3qxM6c

authentihash aa9647dae189989eca09f3237f000b82a4b81666295aab5d01060c00b9332700
imphash 167bf8cf9802afca72b88e8a02208491
File size 558.5 KB ( 571904 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable (generic) (52.7%)
Generic Win/DOS Executable (23.4%)
DOS Executable Generic (23.4%)
VXD Driver (0.3%)
Tags
peexe

VirusTotal metadata
First submission 2015-04-06 23:46:04 UTC ( 3 years, 11 months ago )
Last submission 2015-04-06 23:46:04 UTC ( 3 years, 11 months ago )
File names 880b9ba4694c80198b2df6413aad93c87784a44f
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Created mutexes
Opened mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.