× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: febdebd79f65def6640193ffb4e75d55baa3f0721321fdc4a655c463a732a309
File name: makta_payload.exe
Detection ratio: 24 / 54
Analysis date: 2015-12-02 21:20:38 UTC ( 3 years, 1 month ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Graftor.253945 20151130
AhnLab-V3 Trojan/Win32.Vundo 20151202
ALYac Gen:Variant.Graftor.253945 20151202
Antiy-AVL Trojan/Win32.TSGeneric 20151202
Arcabit Trojan.Graftor.D3DFF9 20151202
Avast Win32:Vundo-JN [Trj] 20151202
AVG Crypt5.LBC 20151130
BitDefender Gen:Variant.Graftor.253945 20151202
ClamAV Win.Trojan.Graftor-3937 20151202
DrWeb Trojan.MulDrop6.13256 20151202
Emsisoft Gen:Variant.Graftor.253945 (B) 20151202
ESET-NOD32 a variant of Win32/Ponmocup.LC 20151202
F-Secure Gen:Variant.Graftor.253945 20151202
GData Gen:Variant.Graftor.253945 20151202
Ikarus Trojan.Win32.Ponmocup 20151202
Jiangmin Trojan/Generic.cdcof 20151201
K7AntiVirus Trojan ( 004c9c231 ) 20151202
K7GW Trojan ( 004c9c231 ) 20151202
Malwarebytes Trojan.Agent.RND 20151202
Microsoft Trojan:Win32/Vundo.RZ 20151202
eScan Gen:Variant.Graftor.253945 20151202
NANO-Antivirus Trojan.Win32.MulDrop6.dyqokm 20151202
Panda Trj/Genetic.gen 20151202
Qihoo-360 QVM07.1.Malware.Gen 20151202
AegisLab 20151202
Yandex 20151202
Alibaba 20151202
AVware 20151202
Baidu-International 20151202
Bkav 20151202
ByteHero 20151202
CAT-QuickHeal 20151202
CMC 20151201
Comodo 20151202
Cyren 20151202
F-Prot 20151202
Fortinet 20151202
Kaspersky 20151202
McAfee 20151202
McAfee-GW-Edition 20151202
nProtect 20151202
Rising 20151202
Sophos AV 20151202
SUPERAntiSpyware 20151202
Symantec 20151202
Tencent 20151202
TheHacker 20151202
TrendMicro 20151202
TrendMicro-HouseCall 20151202
VBA32 20151202
VIPRE 20151202
ViRobot 20151202
Zillya 20151201
Zoner 20151202
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Entry Point 0x0000D14F
Number of sections 4
PE sections
Overlays
MD5 9edac1f2e2d057a202cec29534a733f6
File type ASCII text
Offset 71680
Size 27320
Entropy 0.00
PE imports
LookupPrivilegeValueA
RegCloseKey
RegQueryValueExA
RegOpenCurrentUser
AdjustTokenPrivileges
InitializeAcl
RegCreateKeyExA
SetEntriesInAclA
SetSecurityDescriptorDacl
EqualSid
OpenProcessToken
AddAccessAllowedAce
SetFileSecurityW
RegOpenKeyExA
RegEnumValueA
GetTokenInformation
GetUserNameA
RegEnumKeyA
GetLengthSid
SetSecurityInfo
RevertToSelf
FreeSid
AllocateAndInitializeSid
InitializeSecurityDescriptor
RegSetValueExA
ImpersonateLoggedOnUser
GetDeviceCaps
CreateToolhelp32Snapshot
GetLastError
SystemTimeToFileTime
VerifyVersionInfoA
OpenProcess
GetSystemInfo
DuplicateHandle
GlobalFree
WaitForSingleObject
FreeLibrary
QueryPerformanceCounter
GetTickCount
VirtualProtect
LoadLibraryA
RtlUnwind
ExitThread
Process32Next
VerSetConditionMask
GetCurrentProcess
GetVolumeInformationA
GetCurrentProcessId
Process32First
ProcessIdToSessionId
DeviceIoControl
GetProcAddress
FlushInstructionCache
OpenMutexA
CreateMutexA
GetVolumeNameForVolumeMountPointA
GetTempPathA
CreateThread
GetModuleHandleA
FindFirstFileA
InterlockedExchange
GetStartupInfoA
CloseHandle
GetSystemTimeAsFileTime
GetComputerNameA
FindNextFileA
GlobalMemoryStatusEx
GetSystemDirectoryA
MoveFileExA
GetCurrentThreadId
LocalFree
GetDiskFreeSpaceExA
CreateProcessA
GetModuleFileNameA
VirtualFree
FindClose
Sleep
SetFileAttributesW
CreateFileA
ExitProcess
GetVersion
VirtualAlloc
__p__fmode
malloc
fread
fclose
_stricmp
swprintf
fprintf
fopen
_memicmp
strchr
wcslen
_strlwr
_XcptFilter
exit
__setusermatherr
_controlfp
sprintf
_adjust_fdiv
_acmdln
_wcsicmp
strrchr
__p__commode
free
getenv
__getmainargs
_initterm
time
_exit
__set_app_type
SysFreeString
VariantClear
VariantInit
SysAllocString
StrStrIW
StrStrIA
GetCursorPos
ReleaseDC
GetSystemMetrics
GetDC
GetAdaptersInfo
NtSetInformationProcess
NtQueryInformationProcess
CoCreateInstance
CoUninitialize
CoInitialize
CoSetProxyBlanket
ObtainUserAgentString
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
0000:00:00 00:00:00

FileType
Win32 EXE

PEType
PE32

CodeSize
53248

LinkerVersion
9.0

FileTypeExtension
exe

InitializedDataSize
28672

SubsystemVersion
4.0

EntryPoint
0xd14f

OSVersion
4.0

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 3cf25fa56e8e8ececf90d8f2e8f123e8
SHA1 5ae5b0745c94108e11059705a0277ea7bedb1bd8
SHA256 febdebd79f65def6640193ffb4e75d55baa3f0721321fdc4a655c463a732a309
ssdeep
1536:6oONHla8Tkkexb/NWhS4WOkhovO22UN8Yi:FONAVlgSOvCUeYi

authentihash 39e4dc5c37d07099cd49c897fd2616a42e424a1a83e48137f62c112b16a8f5a5
imphash 5fa9123ecaccee011694d6f671ff9d83
File size 96.7 KB ( 99000 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (64.4%)
Win32 Dynamic Link Library (generic) (13.5%)
Win32 Executable (generic) (9.3%)
Win16/32 Executable Delphi generic (4.2%)
Generic Win/DOS Executable (4.1%)
Tags
peexe overlay

VirusTotal metadata
First submission 2015-12-02 21:20:38 UTC ( 3 years, 1 month ago )
Last submission 2015-12-02 21:20:38 UTC ( 3 years, 1 month ago )
File names makta_payload.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.