× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 703398baa52c0582686f1017d9630e95befb6a3c852c5f2bf78c286ee1dab328
File name: af589c4f67acd8d56a703b1270af5aa9
Detection ratio: 43 / 57
Analysis date: 2015-02-02 21:02:25 UTC ( 2 years, 6 months ago )
Antivirus Result Update
Ad-Aware Trojan.Cridex.Gen.1 20150202
Yandex Trojan.DL.Dofoil!pRxg6VaZbSA 20150202
AhnLab-V3 Trojan/Win32.Kuluoz 20150202
ALYac Trojan.Cridex.Gen.1 20150202
Antiy-AVL Trojan[Downloader]/Win32.Dofoil 20150202
Avast Win32:Trojan-gen 20150202
AVG Generic_r.DLW 20150202
Avira (no cloud) TR/Crypt.XPACK.Gen7 20150202
AVware Trojan.Win32.Kuluoz.bb (v) 20150202
BitDefender Trojan.Cridex.Gen.1 20150202
CAT-QuickHeal TrojanDownloader.Kuluoz.D3 20150202
Comodo Backdoor.Win32.Androm.BMUN 20150202
Cyren W32/Zbot.JC2.gen!Eldorado 20150202
DrWeb BackDoor.Kuluoz.4 20150202
Emsisoft Trojan.Cridex.Gen.1 (B) 20150202
ESET-NOD32 a variant of Win32/Kryptik.BUGZ 20150202
F-Prot W32/Zbot.JC2.gen!Eldorado 20150202
F-Secure Trojan.Cridex.Gen.1 20150201
Fortinet W32/Asprox.B!tr 20150202
GData Trojan.Cridex.Gen.1 20150202
Ikarus Trojan.Crypt2 20150202
K7AntiVirus Backdoor ( 0040f78a1 ) 20150202
K7GW Backdoor ( 0040f78a1 ) 20150202
Kaspersky HEUR:Trojan.Win32.Generic 20150202
Kingsoft Win32.TrojDownloader.Dofoil.r.(kcloud) 20150202
Malwarebytes Trojan.Fakeword 20150202
McAfee Backdoor-FBRL 20150202
McAfee-GW-Edition BehavesLike.Win32.Packed.dt 20150202
Microsoft TrojanDownloader:Win32/Kuluoz.D 20150202
eScan Trojan.Cridex.Gen.1 20150202
NANO-Antivirus Trojan.Win32.Dofoil.ctaphk 20150202
Norman Kryptik.CDHR 20150202
nProtect Trojan-Downloader/W32.Dofoil.260608 20150130
Panda Trj/Genetic.gen 20150202
Rising PE:Trojan.Kuluoz!6.1404 20150130
Sophos AV Troj/Agent-AFXS 20150202
SUPERAntiSpyware Trojan.Agent/Gen-Kryptik 20150201
Symantec Packed.Generic.459 20150202
Tencent Trojan.Win32.DL.acm 20150202
TheHacker Trojan/Kryptik.bucj 20150202
TrendMicro TROJ_KULUOZ.SMC 20150202
TrendMicro-HouseCall TROJ_KULUOZ.SMC 20150202
VIPRE Trojan.Win32.Kuluoz.bb (v) 20150202
AegisLab 20150202
Alibaba 20150202
Baidu-International 20150202
Bkav 20150202
ByteHero 20150202
ClamAV 20150202
CMC 20150202
Jiangmin 20150202
Qihoo-360 20150202
TotalDefense 20150202
VBA32 20150202
ViRobot 20150202
Zillya 20150202
Zoner 20150202
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Publisher ?????????? ??????????
File version 5.1.2600.5512 (xpsp.080413-2108)
Description ??????????? ???????
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-02-03 05:01:07
Entry Point 0x00001DF0
Number of sections 5
PE sections
PE imports
RegEnumValueW
RegOpenKeyA
RegCloseKey
RegSetValueExW
RegQueryInfoKeyW
RegEnumKeyExW
RegEnumKeyW
RegCreateKeyW
RegOpenKeyExW
RegDeleteKeyW
RegSetValueW
RegQueryValueExW
RegQueryValueW
RegOpenKeyW
GetDeviceCaps
GetTextExtentExPointW
GetTextExtentPointW
GetLastError
LoadLibraryW
GlobalFree
FreeLibrary
QueryPerformanceCounter
GetTickCount
GetThreadLocale
lstrcmpiW
lstrlenW
WinExec
GlobalSize
GetCurrentProcess
GetWindowsDirectoryW
LocalAlloc
LockResource
GetCommandLineW
SetErrorMode
UnhandledExceptionFilter
LoadLibraryExW
GetStartupInfoW
GetProcAddress
GetPrivateProfileStringW
WritePrivateProfileStringW
lstrcpynW
EnumResourceNamesW
ExpandEnvironmentStringsW
GlobalReAlloc
GetModuleFileNameW
SetFilePointer
ReadFile
SetUnhandledExceptionFilter
GetWindowsDirectoryA
GetStartupInfoA
MulDiv
GetSystemTimeAsFileTime
FindFirstFileW
lstrcmpW
GlobalLock
GetModuleHandleW
FreeResource
GetPrivateProfileSectionW
LocalFree
TerminateProcess
SearchPathW
LoadResource
FindResourceW
GlobalAlloc
FindClose
MoveFileW
ExitProcess
GetCurrentThreadId
VirtualAlloc
GetCurrentProcessId
SetLastError
GetSystemMetrics
MessageBoxW
PeekMessageW
LookupIconIdFromDirectory
SendDlgItemMessageW
GetSysColor
SetDlgItemTextW
DispatchMessageW
CreateDialogParamW
ReleaseDC
GetLastActivePopup
LoadStringW
GetClientRect
GetDlgItem
SystemParametersInfoW
EnableMenuItem
CharNextW
LoadCursorA
LoadIconA
CopyRect
LoadCursorW
GetSystemMenu
GetDC
SetForegroundWindow
SetCursor
DestroyWindow
Number of PE resources by type
RT_STRING 49
RT_ICON 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
RUSSIAN 50
INDONESIAN *unknown* 2
PE resources
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
126976

ImageVersion
0.0

FileVersionNumber
5.1.2600.5512

LanguageCode
Russian

FileFlagsMask
0x003f

CharacterSet
Unicode

LinkerVersion
9.0

MIMEType
application/octet-stream

FileVersion
5.1.2600.5512 (xpsp.080413-2108)

TimeStamp
2014:02:03 06:01:07+01:00

FileType
Win32 EXE

PEType
PE32

FileAccessDate
2015:02:02 22:02:39+01:00

SubsystemVersion
5.0

OSVersion
5.0

FileCreateDate
2015:02:02 22:02:39+01:00

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
132608

FileSubtype
0

ProductVersionNumber
5.1.2600.5512

EntryPoint
0x1df0

ObjectFileType
Executable application

File identification
MD5 af589c4f67acd8d56a703b1270af5aa9
SHA1 971aa1b4ce6d5abc421f9e14a233679567662be7
SHA256 703398baa52c0582686f1017d9630e95befb6a3c852c5f2bf78c286ee1dab328
ssdeep
3072:tlz+4gru+7Avo/usFq+UCW1Ia6DyEiwnVQQ:DPgquAvo2sFBUWTDh

authentihash bb32f504066195ad18b62a1d66229072d18d661bd23985727a0a5c1d948a73c7
imphash 110cd9e9e4fdea9b7ebbf05ad80fb994
File size 254.5 KB ( 260608 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.1%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2015-02-02 21:02:25 UTC ( 2 years, 6 months ago )
Last submission 2015-02-02 21:02:25 UTC ( 2 years, 6 months ago )
File names af589c4f67acd8d56a703b1270af5aa9
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Created processes
Created mutexes
Opened mutexes
Runtime DLLs