× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: fdfac3eac11bdca01c3d562a529b9d6b9d63b573ca9b907bbf8bb7fd8f9fdce1
File name: 11.exe
Detection ratio: 4 / 57
Analysis date: 2015-06-09 10:54:09 UTC ( 3 years, 11 months ago ) View latest
Antivirus Result Update
Kaspersky UDS:DangerousObject.Multi.Generic 20150609
Panda Trj/Genetic.gen 20150608
Qihoo-360 HEUR/QVM07.1.Malware.Gen 20150609
Tencent Trojan.Win32.Qudamah.Gen.24 20150609
Ad-Aware 20150609
AegisLab 20150609
Yandex 20150608
AhnLab-V3 20150608
Alibaba 20150609
ALYac 20150609
Antiy-AVL 20150609
Arcabit 20150609
Avast 20150609
AVG 20150609
Avira (no cloud) 20150609
AVware 20150609
Baidu-International 20150609
BitDefender 20150609
Bkav 20150609
ByteHero 20150609
CAT-QuickHeal 20150609
ClamAV 20150609
CMC 20150604
Comodo 20150609
Cyren 20150609
DrWeb 20150609
Emsisoft 20150609
ESET-NOD32 20150609
F-Prot 20150609
F-Secure 20150609
Fortinet 20150609
GData 20150609
Ikarus 20150609
Jiangmin 20150608
K7AntiVirus 20150609
K7GW 20150609
Kingsoft 20150609
Malwarebytes 20150609
McAfee 20150609
McAfee-GW-Edition 20150609
Microsoft 20150609
eScan 20150609
NANO-Antivirus 20150609
nProtect 20150609
Rising 20150609
Sophos AV 20150609
SUPERAntiSpyware 20150609
Symantec 20150609
TheHacker 20150607
TotalDefense 20150609
TrendMicro 20150609
TrendMicro-HouseCall 20150609
VBA32 20150608
VIPRE 20150609
ViRobot 20150609
Zillya 20150609
Zoner 20150608
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2006-05-19 18:25:13
Entry Point 0x000247D6
Number of sections 3
PE sections
Overlays
MD5 13b399a70cb278fe912188f83b35c4f5
File type data
Offset 163840
Size 56525
Entropy 7.10
PE imports
SymGetSymFromName
SymUnloadModule
ImageDirectoryEntryToData
StackWalk
SplitSymbols
SymGetLineFromName
ImageNtHeader
ImageRvaToSection
SymGetLinePrev
CheckSumMappedFile
SymGetLineNext
SymGetModuleBase
SymInitialize
GetImageUnusedHeaderBytes
ImageAddCertificate
UnMapAndLoad
ImageRemoveCertificate
SymEnumerateModules
UnDecorateSymbolName
ImageLoad
SymEnumerateSymbols
SetImageConfigInformation
MapFileAndCheckSumA
SearchTreeForFile
ImageEnumerateCertificates
MakeSureDirectoryPathExists
SymFunctionTableAccess
ReBaseImage
GetTimestampForLoadedLibrary
SymRegisterCallback
MapDebugInformation
BindImageEx
BindImage
SymSetSearchPath
GetStartupInfoA
GetModuleHandleA
_except_handler3
_acmdln
__p__fmode
_exit
_adjust_fdiv
__p__commode
_controlfp
exit
_XcptFilter
__getmainargs
_initterm
__setusermatherr
__set_app_type
RasValidateEntryNameA
RasGetProjectionInfoW
RasEnumConnectionsW
RasCreatePhonebookEntryA
RasRenameEntryA
RasEnumEntriesW
RasHangUpW
RasSetEntryDialParamsA
RasGetEntryPropertiesW
RasSetEntryDialParamsW
RasEditPhonebookEntryW
RasEnumEntriesA
RasSetEntryPropertiesA
RasGetConnectStatusW
RasGetEntryDialParamsA
RasSetEntryPropertiesW
RasGetEntryDialParamsW
RasGetProjectionInfoA
RasGetErrorStringW
RasEnumDevicesW
RasDialW
RasEnumDevicesA
RasGetErrorStringA
RasEditPhonebookEntryA
OleDoAutoConvert
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2006:05:19 19:25:13+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
147456

LinkerVersion
6.0

EntryPoint
0x247d6

InitializedDataSize
3952640

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 3a39074dd9095e0b436dcc9513a0408a
SHA1 cac99afd9d4736a5eca458eae44f838967f6c854
SHA256 fdfac3eac11bdca01c3d562a529b9d6b9d63b573ca9b907bbf8bb7fd8f9fdce1
ssdeep
6144:LkbSLI//QZmiqh2hrhQwHof2UKoH6RB1JbaUueoALankdoj6A2kKY5VpJ6QaOU+H:AO8//oSi

authentihash 72396dcccd22ffde596a550262164b76c49749b4484d54dae145ac549b5b0f58
imphash ce8ffe5c78884336ebf75d8fe1ce563b
File size 215.2 KB ( 220365 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe overlay

VirusTotal metadata
First submission 2015-06-09 09:03:14 UTC ( 3 years, 11 months ago )
Last submission 2015-06-09 11:07:05 UTC ( 3 years, 11 months ago )
File names 11
11_exe
11.exe
11[1].exe.dr
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
HTTP requests
DNS requests
TCP connections