× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 03e3cc01a263edb9aefb411ebf2efb74d2130651400dc3baaa5e344ff1ec47ad
File name: lbHeoDd_77523.exe
Detection ratio: 3 / 56
Analysis date: 2016-05-31 11:37:26 UTC ( 1 year, 2 months ago ) View latest
Antivirus Result Update
Kaspersky UDS:DangerousObject.Multi.Generic 20160531
Qihoo-360 QVM10.1.Malware.Gen 20160531
Tencent Win32.Trojan.Raas.Auto 20160531
Ad-Aware 20160531
AegisLab 20160531
AhnLab-V3 20160531
Alibaba 20160531
ALYac 20160531
Antiy-AVL 20160531
Arcabit 20160531
Avast 20160531
AVG 20160531
Avira (no cloud) 20160531
AVware 20160531
Baidu 20160530
Baidu-International 20160531
BitDefender 20160531
Bkav 20160531
CAT-QuickHeal 20160531
ClamAV 20160531
CMC 20160530
Comodo 20160531
Cyren 20160531
DrWeb 20160531
Emsisoft 20160531
ESET-NOD32 20160531
F-Prot 20160531
F-Secure 20160531
Fortinet 20160531
GData 20160531
Ikarus 20160531
Jiangmin 20160531
K7AntiVirus 20160531
K7GW 20160531
Kingsoft 20160531
Malwarebytes 20160531
McAfee 20160531
McAfee-GW-Edition 20160530
Microsoft 20160531
eScan 20160531
NANO-Antivirus 20160531
nProtect 20160531
Panda 20160531
Rising 20160601
Sophos AV 20160531
SUPERAntiSpyware 20160531
Symantec 20160531
TheHacker 20160530
TrendMicro 20160531
TrendMicro-HouseCall 20160531
VBA32 20160531
VIPRE 20160531
ViRobot 20160531
Yandex 20160530
Zillya 20160531
Zoner 20160531
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-05-31 08:41:54
Entry Point 0x00018BD7
Number of sections 4
PE sections
PE imports
GetUserNameA
AVIFileOpenA
AVIFileRelease
AVIFileInit
GetSaveFileNameW
GetSaveFileNameA
GetOpenFileNameW
LineTo
DeleteDC
SetDCPenColor
SelectObject
MoveToEx
CreatePen
GetStockObject
SaveDC
SetBkColor
CreateSolidBrush
Polyline
SetTextColor
GetClipBox
GdiFlush
EnumFontsA
CreateCompatibleDC
DeleteObject
Rectangle
GetLastError
GetStdHandle
FillConsoleOutputCharacterA
QueryPerformanceCounter
IsDebuggerPresent
GetTickCount
SetConsoleCursorPosition
GetStartupInfoA
GetCurrentProcessId
GetWindowsDirectoryA
UnhandledExceptionFilter
GetProcAddress
GetConsoleScreenBufferInfo
InterlockedCompareExchange
FillConsoleOutputAttribute
WideCharToMultiByte
LoadLibraryW
GetModuleHandleA
InterlockedExchange
SetUnhandledExceptionFilter
GetCurrentProcess
GetSystemTimeAsFileTime
GetComputerNameA
GetSystemDirectoryA
ExpandEnvironmentStringsA
TerminateProcess
Sleep
HeapAlloc
GetCurrentThreadId
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
__p__fmode
malloc
_crt_debugger_hook
strcat_s
memset
strcat
__dllonexit
_controlfp_s
printf
_invoke_watson
strncpy
_cexit
?terminate@@YAXXZ
??2@YAPAXI@Z
_lock
_onexit
_amsg_exit
_encode_pointer
_XcptFilter
exit
__setusermatherr
strcpy_s
_initterm_e
_adjust_fdiv
sprintf
_acmdln
_ismbblead
_unlock
__p__commode
labs
_except_handler4_common
__getmainargs
_initterm
_decode_pointer
_configthreadlocale
_exit
__set_app_type
SysStringLen
PathFileExistsA
GetMessagePos
BeginPaint
SetClassLongW
KillTimer
PostQuitMessage
SetWindowPos
SetDlgItemInt
IsIconic
MessageBoxW
GetWindowRect
UnhookWindowsHookEx
PostMessageA
RegisterWindowMessageA
MessageBoxA
IsWindowEnabled
GetWindow
GetSysColor
CheckDlgButton
GetDC
InsertMenuItemA
GetCursorPos
ReleaseDC
UpdateLayeredWindow
LoadMenuA
SetWindowTextA
GetMenu
IsWindowVisible
SendMessageA
GetClientRect
DrawMenuBar
CreateDialogParamA
UnionRect
EnableMenuItem
RegisterClassA
SetRect
InvalidateRect
InsertMenuA
GetSubMenu
SetTimer
LoadCursorA
LoadIconA
GetTopWindow
GetSysColorBrush
SetForegroundWindow
RegisterClassExA
SetCursor
GdipCreateFromHDC
GdipCreatePen1
GdipDisposeImage
GdipDrawLine
GdiplusStartup
GdipCreateBitmapFromGraphics
GdipGetImageGraphicsContext
GdipDeleteGraphics
GdipDeletePen
Ord(46)
Number of PE resources by type
RT_ICON 6
RT_BITMAP 2
RT_DIALOG 1
RT_MANIFEST 1
RT_CURSOR 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 12
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2016:05:31 09:41:54+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
98816

LinkerVersion
9.0

EntryPoint
0x18bd7

InitializedDataSize
81920

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
0

Compressed bundles
File identification
MD5 6f8987e28fed878d08858a943e7c6e7c
SHA1 1fb1d7408e99195e23a71f49ce31bc90041dd4ee
SHA256 03e3cc01a263edb9aefb411ebf2efb74d2130651400dc3baaa5e344ff1ec47ad
ssdeep
3072:l4k3pHqF6aRVtp0MgGaEwASYJrUb3M60P+x0HmbEVLLSLfmo0h7yDb7fCXcBkbCs:ppg6Abp0MgGaErlJSBEVaLOJZo/NuK7e

authentihash 16072c3c652e4992062779640871eeb8dae96fdf2ec742a61fe49c470480f1d4
imphash 343433e3eafcda601a9b3a8252d28b89
File size 177.5 KB ( 181760 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2016-05-31 09:37:44 UTC ( 1 year, 2 months ago )
Last submission 2017-08-19 18:16:08 UTC ( 3 days, 14 hours ago )
File names 1UaAWY
mlB3PW
o12QeD
1UaAWY[1]
lhAfaC
nbTURt
gXTND7
hati3x
ROKUHzo_382.exe
D8kTfA
gXTND7[1].txt.1576.dr
77523.exe
LNfOKy
hIPTXx
FAlx1b
fC9qZW.exe
aAS841
pQIJGB
1F7A3F23.exe
9cRXIl
1UaAWY.exe
I52NbK
ven_req_6f8987e28fed878d08858a943e7c6e7c.exe
4HgJ7t
aAS841.exe
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Moved files
Deleted files
Created processes
Shell commands
Code injections in the following processes
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Runtime DLLs
Additional details
The file uses the IsDebuggerPresent Windows API function in order to see whether it is being debugged.
HTTP requests
TCP connections
UDP communications