× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 011d87cdefbe06ba1fa4bc4c9c607cfca58b66194bd7b782fbbe940abebc46ef
File name: 12ae7fb35e17aa57a9def71c696cdf4b
Detection ratio: 41 / 57
Analysis date: 2015-02-02 01:25:57 UTC ( 2 years, 6 months ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Kazy.494665 20150201
Yandex Trojan.DL.Zortob!nDZ3r6FhuBA 20150201
AhnLab-V3 Trojan/Win32.Kuluoz 20150201
ALYac Gen:Variant.Kazy.494665 20150201
Antiy-AVL Worm[Net]/Win32.Aspxor 20150201
Avast Win32:Trojan-gen 20150201
AVG Inject2.BCND 20150202
Avira (no cloud) TR/Crypt.ZPACK.Gen7 20150201
AVware Trojan.Win32.Generic!BT 20150202
Baidu-International Worm.Win32.Aspxor.AV 20150130
BitDefender Gen:Variant.Kazy.494665 20150202
Comodo TrojWare.Win32.TrojanDownloader.Kuluoz.T 20150202
DrWeb BackDoor.Kuluoz.4 20150202
Emsisoft Gen:Variant.Kazy.494665 (B) 20150202
ESET-NOD32 Win32/TrojanDownloader.Zortob.H 20150202
F-Prot W32/A-35f3b024!Eldorado 20150202
F-Secure Gen:Variant.Kazy.494665 20150201
Fortinet W32/Kryptik.CMIO!tr 20150202
GData Gen:Variant.Kazy.494665 20150202
Ikarus Net-Worm.Win32.Aspxor 20150201
Jiangmin Worm/Aspxor.dse 20150131
K7AntiVirus Trojan-Downloader ( 0049f6bb1 ) 20150201
K7GW Trojan-Downloader ( 0049f6bb1 ) 20150130
Kaspersky Net-Worm.Win32.Aspxor.dwar 20150202
McAfee Packed-ROX!12AE7FB35E17 20150202
McAfee-GW-Edition BehavesLike.Win32.Packed.ch 20150202
Microsoft TrojanDownloader:Win32/Kuluoz 20150202
eScan Gen:Variant.Kazy.494665 20150202
NANO-Antivirus Trojan.Win32.Aspxor.dhzgja 20150202
Norman Kuluoz.EP 20150201
nProtect Worm/W32.Aspxor.184320.I 20150130
Rising PE:Malware.FakeDOC@CV!1.9C3C 20150130
Sophos AV Troj/Wonton-LH 20150201
SUPERAntiSpyware Trojan.Agent/Gen-FakeDoc 20150201
Symantec Packed.Generic.456 20150202
Tencent Win32.Worm-net.Aspxor.Dxni 20150202
TotalDefense Win32/Kuluoz.LcfMMJB 20150201
TrendMicro Possible_KULUOZ-2 20150201
TrendMicro-HouseCall Possible_KULUOZ-2 20150202
VIPRE Trojan.Win32.Generic!BT 20150201
Zillya Worm.Aspxor.Win32.9182 20150202
AegisLab 20150130
Alibaba 20150201
Bkav 20150130
ByteHero 20150202
CAT-QuickHeal 20150131
ClamAV 20150202
CMC 20150129
Cyren 20150202
Kingsoft 20150202
Malwarebytes 20150201
Panda 20150201
Qihoo-360 20150202
TheHacker 20150131
VBA32 20150129
ViRobot 20150201
Zoner 20150130
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
File version 
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-11-01 05:58:58
Entry Point 0x00003F0D
Number of sections 3
PE sections
PE imports
GetStdHandle
HeapDestroy
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetLocaleInfoA
SetErrorMode
FreeEnvironmentStringsW
GetLocaleInfoW
GetCPInfo
GetStringTypeA
InterlockedExchange
WriteFile
GetTimeZoneInformation
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
GetOEMCP
InitializeCriticalSection
FindClose
InterlockedDecrement
SetLastError
GetModuleFileNameW
IsDebuggerPresent
ExitProcess
GetVersionExA
GetModuleFileNameA
GetPriorityClass
SetConsoleCtrlHandler
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
FatalAppExitA
CreateMutexA
CreateSemaphoreA
CreateThread
SetUnhandledExceptionFilter
SetEnvironmentVariableA
TerminateProcess
GetCurrentThreadId
LeaveCriticalSection
HeapFree
EnterCriticalSection
SetHandleCount
FreeLibrary
QueryPerformanceCounter
GetTickCount
TlsAlloc
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetStartupInfoA
GetDateFormatA
GetStartupInfoW
GetUserDefaultLCID
GetProcessHeap
CompareStringW
lstrcmpA
CompareStringA
IsValidLocale
GetProcAddress
CreateEventW
CreateEventA
GetFileType
TlsSetValue
CreateFileA
HeapAlloc
InterlockedIncrement
GetLastError
LCMapStringW
LCMapStringA
GetEnvironmentStringsW
WaitForSingleObjectEx
GetEnvironmentStrings
GetCurrentProcessId
GetCommandLineW
WideCharToMultiByte
HeapSize
GetCommandLineA
GetCurrentThread
RaiseException
TlsFree
GetModuleHandleA
CloseHandle
EnumSystemLocalesA
GetACP
IsValidCodePage
HeapCreate
VirtualFree
Sleep
GetProcessVersion
VirtualAlloc
GetTimeFormatA
EmptyClipboard
GetForegroundWindow
GetParent
UpdateWindow
SetMenuItemBitmaps
EndDialog
KillTimer
GetMessageW
DefWindowProcA
ShowWindow
GetUserObjectSecurity
FillRect
PeekMessageW
GetWindowRect
EnableWindow
ScrollWindowEx
PostMessageA
ReleaseCapture
GetWindowDC
TranslateMessage
IsWindowEnabled
GetDlgItemTextW
GetMenuDefaultItem
GetDlgItemInt
SetActiveWindow
GetMenuItemID
GetCursorPos
GetWindowRgn
CreatePopupMenu
LoadStringA
SetClipboardData
DrawIconEx
LoadStringW
GetClientRect
ScreenToClient
RegisterClassW
TrackPopupMenuEx
GetWindowLongA
CharNextW
GetActiveWindow
SetWindowTextA
GetMenuItemInfoA
CopyRect
GetWindowTextW
ExitWindowsEx
GetMenuState
IsWindowUnicode
GetSystemMenu
GetWindowTextLengthW
DispatchMessageW
GetWindowLongW
OpenClipboard
IsChild
SetCursor
Number of PE resources by type
RT_ICON 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 3
PE resources
ExifTool file metadata
Support


UninitializedDataSize
0

InitializedDataSize
69632

ImageVersion
0.0

FileVersionNumber
1.0.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

LinkerVersion
7.1

MIMEType
application/octet-stream

FileVersion


TimeStamp
2014:11:01 06:58:58+01:00

FileType
Win32 EXE

PEType
PE32

FileAccessDate
2015:02:02 02:26:00+01:00

SubsystemVersion
4.0

OSVersion
4.0

FileCreateDate
2015:02:02 02:26:00+01:00

FileOS
Unknown (0x5)

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
110592

FileSubtype
0

ProductVersionNumber
1.0.0.0

EntryPoint
0x3f0d

ObjectFileType
Executable application

Build


File identification
MD5 12ae7fb35e17aa57a9def71c696cdf4b
SHA1 6c886cbdfe85bfc5f22395ed7db185a6fe101e3a
SHA256 011d87cdefbe06ba1fa4bc4c9c607cfca58b66194bd7b782fbbe940abebc46ef
ssdeep
3072:nGDL6+nobaeUN49Li7JSKriVv2ee+78M3otrl+:w6bbatNli52ee+YM3o

authentihash 30229f5d84c74713a8ae963d11a111c21d4e7e9200dca1d56b5eead04dea3b4b
imphash 404ca3c88b14b8d142e5fcaed59c81ea
File size 180.0 KB ( 184320 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.1%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2015-02-02 01:25:57 UTC ( 2 years, 6 months ago )
Last submission 2015-02-02 01:25:57 UTC ( 2 years, 6 months ago )
File names 12ae7fb35e17aa57a9def71c696cdf4b
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Created processes
Created mutexes
Opened mutexes
Runtime DLLs