× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 8171ff0b309cf81ca32eb6a6f8103f8fe643e6c2b59a830123475fae4f83f645
File name: bogdan.exe
Detection ratio: 23 / 56
Analysis date: 2015-02-04 20:06:47 UTC ( 4 ani, 3 luni ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Symmi.22722 20150204
AhnLab-V3 Worm/Win32.Autorun 20150204
ALYac Gen:Variant.Symmi.22722 20150204
Avast Win32:Downloader-TLD [Trj] 20150204
AVG Win32/Cryptor 20150204
Avira (no cloud) BDS/Zegost.Gen4 20150204
BitDefender Gen:Variant.Symmi.22722 20150204
Emsisoft Gen:Variant.Symmi.22722 (B) 20150204
ESET-NOD32 a variant of Win32/Agent.VNC 20150204
F-Prot W32/Wonton.B3.gen!Eldorado 20150204
F-Secure Gen:Variant.Symmi.22722 20150204
Fortinet W32/Agent.VNC!tr 20150204
GData Gen:Variant.Symmi.22722 20150204
Kaspersky HEUR:Trojan.Win32.Generic 20150204
Malwarebytes Trojan.Agent.gen 20150204
McAfee Trojan-FEMT!D0972BE8EC32 20150204
McAfee-GW-Edition BehavesLike.Win32.PWSZbot.gh 20150204
Microsoft TrojanSpy:Win32/Nivdort.Z 20150204
eScan Gen:Variant.Symmi.22722 20150204
Norman Agent.BELJE 20150204
Sophos AV Troj/Wonton-FE 20150204
TrendMicro TSPY_NIVDORT.SMB 20150204
TrendMicro-HouseCall TSPY_NIVDORT.SMB 20150204
AegisLab 20150204
Yandex 20150202
Alibaba 20150203
Antiy-AVL 20150204
AVware 20150204
Baidu-International 20150204
Bkav 20150203
ByteHero 20150204
CAT-QuickHeal 20150204
ClamAV 20150204
CMC 20150202
Comodo 20150204
Cyren 20150204
DrWeb 20150204
Ikarus 20150204
K7AntiVirus 20150204
K7GW 20150204
Kingsoft 20150204
NANO-Antivirus 20150204
nProtect 20150204
Panda 20150204
Qihoo-360 20150204
Rising 20150204
SUPERAntiSpyware 20150204
Symantec 20150204
Tencent 20150204
TheHacker 20150203
TotalDefense 20150204
VBA32 20150204
VIPRE 20150204
ViRobot 20150204
Zillya 20150204
Zoner 20150202
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-01-29 10:09:44
Entry Point 0x000399B3
Number of sections 3
PE sections
PE imports
AddAccessAllowedObjectAce
AdjustTokenGroups
OpenProcessToken
CloseEventLog
AddAccessDeniedAce
DecryptFileA
GetKernelObjectSecurity
AccessCheck
BackupEventLogA
AccessCheckByType
LogonUserA
SetFileSecurityA
GetOldestEventLogRecord
MapGenericMask
SwitchToFiber
GetConsoleOutputCP
GetPrivateProfileStructA
FileTimeToSystemTime
WaitForSingleObject
GetDriveTypeA
EncodePointer
GetVolumePathNameA
GetStdHandle
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetCurrentDirectoryA
GetConsoleMode
GetLocaleInfoA
LocalAlloc
DebugActiveProcessStop
FreeEnvironmentStringsW
SetStdHandle
CreateDirectoryA
GetCPInfo
GetStringTypeA
ZombifyActCtx
InterlockedExchange
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
GetFullPathNameA
FreeLibrary
FindClose
TlsGetValue
SignalObjectAndWait
SetLastError
IsDebuggerPresent
HeapAlloc
GetModuleFileNameA
FlushViewOfFile
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
TerminateJobObject
SetFilePointer
GlobalAddAtomA
SetUnhandledExceptionFilter
SetEnvironmentVariableA
SetPriorityClass
SetThreadContext
TerminateProcess
WriteConsoleA
GetProcessShutdownParameters
SetEndOfFile
GetCurrentThreadId
InterlockedIncrement
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
GetOEMCP
QueryPerformanceCounter
GetTickCount
IsBadWritePtr
TlsAlloc
GetCommMask
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetACP
GetStartupInfoA
SetVolumeMountPointA
GetCommProperties
GetProcAddress
GetProcessHeap
CompareStringW
FindFirstFileA
CompareStringA
GetProcessWorkingSetSize
GetTimeZoneInformation
GetFileType
TlsSetValue
CreateFileA
ExitProcess
LeaveCriticalSection
GetLastError
LCMapStringW
GetConsoleCP
LCMapStringA
GetEnvironmentStringsW
WinExec
FileTimeToLocalFileTime
GetEnvironmentStrings
UnregisterWait
GetCurrentProcessId
SetTapePosition
WideCharToMultiByte
HeapSize
GetCommandLineA
RaiseException
ReleaseSemaphore
TlsFree
GetModuleHandleA
ReadFile
DeleteAtom
CloseHandle
UnlockFileEx
DeleteVolumeMountPointA
GetModuleHandleW
IsValidCodePage
HeapCreate
VirtualFree
Sleep
GetProcessVersion
SetMailslotInfo
VirtualAlloc
DnsHostnameToComputerNameA
MapUserPhysicalPagesScatter
SetFocus
GetScrollBarInfo
GetScrollRange
EndDialog
SetCaretPos
SetRectEmpty
DestroyMenu
PostQuitMessage
ToAsciiEx
SetClipboardViewer
CheckMenuItem
GetSystemMetrics
AppendMenuA
ScrollWindowEx
DrawIcon
UnregisterHotKey
GetClipboardViewer
SetKeyboardState
GetSysColor
GetDC
CopyImage
EndDeferWindowPos
GetProcessDefaultLayout
ShowCaret
IsCharLowerA
ShowScrollBar
SetCursorPos
CreateWindowExA
LoadCursorA
ShowOwnedPopups
GetMenuItemInfoA
ExcludeUpdateRgn
CloseClipboard
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2015:01:29 11:09:44+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
303616

LinkerVersion
9.0

FileAccessDate
2015:02:04 21:06:57+01:00

EntryPoint
0x399b3

InitializedDataSize
144384

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

FileCreateDate
2015:02:04 21:06:57+01:00

UninitializedDataSize
0

File identification
MD5 d0972be8ec3296863f4e04fcb745f249
SHA1 76068cd0be79a96daf63ae376c77865cde7d3063
SHA256 8171ff0b309cf81ca32eb6a6f8103f8fe643e6c2b59a830123475fae4f83f645
ssdeep
12288:xR7DACj9PNXOIryKb+1TDpViaEeVZJh75qA:xR7DACj9PNX1ry+ITVKKJh75

authentihash 3f6125ff4bdbf870b24694f9ce8672549d3a72ec7bbd1e3508dcf1f5402d62e3
imphash 5ecfb65a58eba46b786feb6ef83ef0b2
File size 430.0 KO ( 440320 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (64.5%)
Win32 Dynamic Link Library (generic) (13.6%)
Win32 Executable (generic) (9.3%)
Clipper DOS Executable (4.1%)
Generic Win/DOS Executable (4.1%)
Tags
peexe

VirusTotal metadata
First submission 2015-02-04 20:06:47 UTC ( 4 ani, 3 luni ago )
Last submission 2015-02-04 20:06:47 UTC ( 4 ani, 3 luni ago )
File names bogdan.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Opened mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
HTTP requests
DNS requests
TCP connections
UDP communications