× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 1e647bca836cccad3c3880da926e49e4eefe5c6b8e3effcb141ac9eccdc17b80
File name: app.exe
Detection ratio: 46 / 57
Analysis date: 2015-04-11 10:37:25 UTC ( 2 years, 7 months ago )
Antivirus Result Update
Ad-Aware Trojan.Agent.BGTJ 20150411
Yandex Worm.Aspxor!0+s887pcb9Y 20150409
AhnLab-V3 Trojan/Win32.Kuluoz 20150411
ALYac Trojan.Agent.BGTJ 20150411
Antiy-AVL Worm[Net]/Win32.Aspxor 20150411
Avast Win32:Injector-CLS [Trj] 20150411
AVG Crypt3.BKHW 20150411
Avira (no cloud) TR/Kryptik.qgmli 20150411
AVware Trojan.Win32.Generic!BT 20150411
Baidu-International Adware.Win32.iBryte.CTBL 20150411
BitDefender Trojan.Agent.BGTJ 20150411
CAT-QuickHeal TrojanDownloader.Kuluoz.O4 20150411
ClamAV Win.Trojan.Agent-826043 20150410
Comodo TrojWare.Win32.Kuluoz.EMS 20150411
Cyren W32/Trojan.ZLDV-2630 20150411
DrWeb BackDoor.Kuluoz.205 20150411
Emsisoft Trojan.Agent.BGTJ (B) 20150411
ESET-NOD32 a variant of Win32/Kryptik.CTBL 20150411
F-Prot W32/Trojan3.MTE 20150411
F-Secure Trojan.Agent.BGTJ 20150411
Fortinet W32/Kryptik.BWOY!tr 20150411
GData Trojan.Agent.BGTJ 20150411
Ikarus Net-Worm.Win32.Aspxor 20150411
Jiangmin Worm/Aspxor.eng 20150409
K7AntiVirus Trojan ( 004981971 ) 20150411
K7GW Trojan ( 004981971 ) 20150411
Kaspersky HEUR:Trojan.Win32.Generic 20150411
Malwarebytes Trojan.FakeDoc.FKI 20150411
McAfee Packed-BZ!0204A59604BB 20150411
McAfee-GW-Edition Packed-BZ!0204A59604BB 20150411
Microsoft TrojanDownloader:Win32/Kuluoz 20150411
eScan Trojan.Agent.BGTJ 20150411
NANO-Antivirus Trojan.Win32.Kuluoz.dkhugy 20150411
Norman Kuluoz.LK 20150411
nProtect Worm/W32.Aspxor.155648.B 20150410
Panda Trj/Genetic.gen 20150410
Rising PE:Trojan.Kryptik!6.22B2 20150411
Sophos AV Troj/Agent-AKLX 20150411
SUPERAntiSpyware Trojan.Agent/Gen-Kuluoz 20150411
Tencent Trojan.Win32.Qudamah.Gen.30 20150411
TheHacker Trojan/Kryptik.ctbl 20150410
TotalDefense Win32/Kuluoz.ERDWNPC 20150411
TrendMicro BKDR_KULUOZ.SM25 20150411
TrendMicro-HouseCall BKDR_KULUOZ.SM25 20150411
VIPRE Trojan.Win32.Generic!BT 20150411
Zillya Worm.Aspxor.Win32.13690 20150411
AegisLab 20150411
Alibaba 20150411
Bkav 20150410
ByteHero 20150411
CMC 20150410
Kingsoft 20150411
Qihoo-360 20150411
Symantec 20150411
VBA32 20150410
ViRobot 20150411
Zoner 20150410
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (C) 2013

Publisher CompanyR
Product Product
Original name app.exe
Internal name app.exe
File version 1.0.0.1
Description Description
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-12-11 08:06:50
Entry Point 0x00002777
Number of sections 4
PE sections
PE imports
RegCreateKeyExW
RegSetValueExA
RegEnumValueA
RegDeleteKeyW
RegSetValueExW
GetStdHandle
HeapDestroy
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetLocaleInfoA
FreeEnvironmentStringsW
GetLocaleInfoW
GetCPInfo
GetStringTypeA
InterlockedExchange
WriteFile
GetTimeZoneInformation
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
GetOEMCP
LocalFree
InitializeCriticalSection
InterlockedDecrement
SetLastError
GetModuleFileNameW
IsDebuggerPresent
HeapAlloc
GetModuleFileNameA
EnumSystemLocalesA
SetConsoleCtrlHandler
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
FatalAppExitA
GetModuleHandleA
SetUnhandledExceptionFilter
SetEnvironmentVariableA
TerminateProcess
VirtualQuery
GetCurrentThreadId
InterlockedIncrement
HeapFree
EnterCriticalSection
SetHandleCount
FreeLibrary
QueryPerformanceCounter
GetTickCount
TlsAlloc
GetVersionExA
LoadLibraryA
RtlUnwind
GetStartupInfoA
GetDateFormatA
GetStartupInfoW
GetUserDefaultLCID
GetProcessHeap
CompareStringW
CompareStringA
IsValidLocale
GetProcAddress
CreateEventW
CreateEventA
GetFileType
TlsSetValue
ExitProcess
LeaveCriticalSection
GetLastError
LCMapStringW
LCMapStringA
GetEnvironmentStringsW
lstrlenW
GetEnvironmentStrings
GetCurrentProcessId
GetCommandLineW
WideCharToMultiByte
HeapSize
GetCommandLineA
GetCurrentThread
TlsFree
SetFilePointer
ReadFile
CloseHandle
GetACP
GetModuleHandleW
IsValidCodePage
HeapCreate
VirtualFree
Sleep
VirtualAlloc
GetTimeFormatA
SetFocus
GetSystemMetrics
Ord(220)
Number of PE resources by type
RT_ICON 1
RT_STRING 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 4
PE resources
ExifTool file metadata
SubsystemVersion
4.0

InitializedDataSize
77824

ImageVersion
0.0

ProductName
Product

FileVersionNumber
1.0.0.1

UninitializedDataSize
0

LanguageCode
Czech

FileFlagsMask
0x003f

CharacterSet
Unicode

LinkerVersion
7.1

FileOS
Windows NT 32-bit

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
1.0.0.1

TimeStamp
2014:12:11 09:06:50+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
app.exe

FileDescription
Description

OSVersion
4.0

OriginalFilename
app.exe

LegalCopyright
Copyright (C) 2013

MachineType
Intel 386 or later, and compatibles

CompanyName
CompanyR

CodeSize
73728

FileSubtype
0

ProductVersionNumber
1.0.0.1

EntryPoint
0x2777

ObjectFileType
Executable application

File identification
MD5 0204a59604bbb4efb6ef440cab66edc4
SHA1 1e7c22b1f798ce0666b32350223e9e5700052b99
SHA256 1e647bca836cccad3c3880da926e49e4eefe5c6b8e3effcb141ac9eccdc17b80
ssdeep
3072:lYTGb7TdrpJdZLiwBjzAB7Gjm/SJ5S29ezztmW4t0Pn9q+x9RY:lEGb7TbJdeB7WozztwtQn9

authentihash cb7f43953e77f75fe5a26a86422b7638be30f1a7d74532cbbff59885b4071945
imphash 5efecf281a4ec926254fbaa18e3747a4
File size 152.0 KB ( 155648 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2015-04-11 10:37:25 UTC ( 2 years, 7 months ago )
Last submission 2015-04-11 10:37:25 UTC ( 2 years, 7 months ago )
File names app.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Created processes
Created mutexes
Opened mutexes
Runtime DLLs
UDP communications