× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 2ca9b819c8fc72906a740aeec170dd681f72a5163b411737c5545f0d95b9113f
File name: djscristi.pdf ___________________________________________.exe
Detection ratio: 10 / 57
Analysis date: 2015-04-18 20:05:56 UTC ( 4 ani, 1 lună ago ) View latest
Antivirus Result Update
Avira (no cloud) TR/Crypt.XPACK.Gen2 20150418
AVware Trojan-Downloader.Tibs.gen (v) 20150418
CMC Packed.Win32.Hrup.2!O 20150418
ESET-NOD32 a variant of Win32/Rodecap.BJ 20150418
Fortinet W32/Rodecap.BJ!tr 20150418
Kaspersky HEUR:Trojan.Win32.Generic 20150418
Malwarebytes Trojan.Agent 20150418
Panda Trj/Genetic.gen 20150417
Sophos AV Troj/RodeCap-A 20150418
VIPRE Trojan-Downloader.Tibs.gen (v) 20150418
Ad-Aware 20150418
AegisLab 20150418
Yandex 20150418
AhnLab-V3 20150418
Alibaba 20150418
ALYac 20150418
Antiy-AVL 20150418
Avast 20150418
AVG 20150418
Baidu-International 20150418
BitDefender 20150418
Bkav 20150417
ByteHero 20150418
CAT-QuickHeal 20150418
ClamAV 20150418
Comodo 20150418
Cyren 20150418
DrWeb 20150418
Emsisoft 20150418
F-Prot 20150418
F-Secure 20150418
GData 20150418
Ikarus 20150418
Jiangmin 20150417
K7AntiVirus 20150418
K7GW 20150418
Kingsoft 20150418
McAfee 20150418
McAfee-GW-Edition 20150418
Microsoft 20150418
eScan 20150418
NANO-Antivirus 20150418
Norman 20150418
nProtect 20150417
Qihoo-360 20150418
Rising 20150418
SUPERAntiSpyware 20150418
Symantec 20150418
Tencent 20150418
TheHacker 20150417
TotalDefense 20150418
TrendMicro 20150418
TrendMicro-HouseCall 20150418
VBA32 20150418
ViRobot 20150418
Zillya 20150418
Zoner 20150417
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-03-13 09:23:09
Entry Point 0x00016D53
Number of sections 3
PE sections
PE imports
GetDeviceCaps
GetTextCharsetInfo
GetCurrentObject
GetPixelFormat
GetDCBrushColor
GetMapMode
GetNearestPaletteIndex
GetNearestColor
GetPolyFillMode
GetStretchBltMode
GetDCPenColor
GetRandomRgn
GetMetaRgn
GetTextAlign
GetObjectType
GetTextCharacterExtra
SetTextColor
GetGraphicsMode
GetStdHandle
GetConsoleOutputCP
FileTimeToSystemTime
GetDriveTypeA
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
FreeEnvironmentStringsW
SetStdHandle
GetCPInfo
GetStringTypeA
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
GetFullPathNameA
MoveFileA
LoadResource
GlobalHandle
FindClose
TlsGetValue
SetLastError
IsDebuggerPresent
ExitProcess
GetModuleFileNameA
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
GetModuleHandleA
CreateThread
LocalFlags
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
SetEnvironmentVariableA
TerminateProcess
WriteConsoleA
GetVersion
GlobalAlloc
SetEndOfFile
GetCurrentThreadId
LeaveCriticalSection
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
FlushFileBuffers
LoadLibraryA
RtlUnwind
GlobalSize
GetStartupInfoA
DeleteFileA
GetProcAddress
GetProcessHeap
CompareStringW
FindFirstFileA
CompareStringA
GetTimeZoneInformation
GetFileType
TlsSetValue
CreateFileA
HeapAlloc
InterlockedIncrement
GetLastError
LCMapStringW
GetConsoleCP
LCMapStringA
GetEnvironmentStringsW
FileTimeToLocalFileTime
GetEnvironmentStrings
GetCurrentProcessId
LockResource
GetCurrentDirectoryA
HeapSize
GetCommandLineA
RaiseException
TlsFree
SetFilePointer
ReadFile
GlobalFlags
CloseHandle
GetACP
GetModuleHandleW
SizeofResource
WideCharToMultiByte
IsValidCodePage
HeapCreate
VirtualFree
Sleep
VirtualAlloc
SetFocus
GetForegroundWindow
GetInputState
GetScrollPos
GetWindowContextHelpId
IsWindowUnicode
GetPropA
EndPaint
SetDlgItemTextA
PostMessageA
MoveWindow
GetWindowDC
CheckDlgButton
GetMenuItemID
DrawTextA
RemovePropA
SetWindowTextA
GetMenu
ShowWindow
GetQueueStatus
SendMessageA
GetMenuCheckMarkDimensions
GetWindowLongA
LoadIconA
GetMenuItemCount
GetDialogBaseUnits
GetMenuState
CallWindowProcA
GetCursor
EnableWindow
GetMenuContextHelpId
WindowFromDC
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2015:03:13 10:23:09+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
160256

LinkerVersion
9.0

EntryPoint
0x16d53

InitializedDataSize
54272

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
0

File identification
MD5 60c61582884a1ccd065facb406178754
SHA1 05f4a7e91302cbd8d2936583d61b4a995a71a23f
SHA256 2ca9b819c8fc72906a740aeec170dd681f72a5163b411737c5545f0d95b9113f
ssdeep
3072:100swip69NP56aWof8gouSmElCwpSZsmGggR7iqEg68nML5B:i0swip0NP56aWC8v4GCwpSWmGB5Kie

authentihash d40606332cb62fe18e6121a3efabff9442860601e2b36b9aae93f05d4d198c5d
imphash 082c3a746cc09ca8a3b602d2c45a831f
File size 200.0 KO ( 204800 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
Clipper DOS Executable (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2015-04-18 20:05:56 UTC ( 4 ani, 1 lună ago )
Last submission 2015-04-18 20:05:56 UTC ( 4 ani, 1 lună ago )
File names djscristi.pdf ___________________________________________.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Deleted files
Created processes
Opened mutexes
Opened service managers
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
HTTP requests
DNS requests
TCP connections