× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 785c1514fa334e4906fa987c3cfdb7844d75a6dc5c8bee53e9b714e43e2f2bd9
Detection ratio: 46 / 56
Analysis date: 2015-02-24 05:56:53 UTC ( 2 years, 3 months ago )
Antivirus Result Update
Ad-Aware Trojan.Agent.BGEZ 20150224
AhnLab-V3 Trojan/Win32.Kuluoz 20150224
ALYac Trojan.Agent.BGEZ 20150224
Antiy-AVL Worm[Net]/Win32.Aspxor 20150224
Avast Win32:Trojan-gen 20150224
AVG Crypt3.AYYD 20150224
Avira (no cloud) TR/Kryptik.fhtgz 20150224
AVware Trojan.Win32.Kuluoz.cnyj (v) 20150224
BitDefender Trojan.Agent.BGEZ 20150224
CAT-QuickHeal TrojanDownloader.Kuluoz.O3 20150224
ClamAV Win.Trojan.Agent-801223 20150224
Comodo TrojWare.Win32.Kuluoz.CNYJ 20150223
Cyren W32/Trojan.OPYX-6280 20150224
DrWeb BackDoor.Kuluoz.4 20150224
Emsisoft Trojan.Agent.BGEZ (B) 20150224
ESET-NOD32 a variant of Win32/Kryptik.CPIL 20150224
F-Prot W32/Trojan3.LNZ 20150224
F-Secure Trojan.Agent.BGEZ 20150223
Fortinet W32/Kryptik.CKFN!tr 20150224
GData Trojan.Agent.BGEZ 20150224
Ikarus Net-Worm.Win32.Aspxor 20150224
K7AntiVirus Trojan ( 004af9d11 ) 20150223
K7GW Trojan ( 004af9d11 ) 20150224
Kaspersky HEUR:Trojan.Win32.Generic 20150224
Malwarebytes Trojan.Upatre 20150224
McAfee Packed-BZ!CE9052431F28 20150224
McAfee-GW-Edition BehavesLike.Win32.Packed.dh 20150224
Microsoft TrojanDownloader:Win32/Kuluoz.D 20150224
eScan Trojan.Agent.BGEZ 20150224
NANO-Antivirus Trojan.Win32.Kuluoz.dgzjzr 20150224
Norman Kryptik.CENI 20150223
nProtect Worm/W32.Aspxor.220672 20150223
Panda Trj/Genetic.gen 20150223
Qihoo-360 Win32/Trojan.b63 20150224
Rising PE:Malware.FakeDOC@CV!1.9C3C 20150223
Sophos Troj/Weelsof-JC 20150224
SUPERAntiSpyware Trojan.Agent/Gen-Kuluoz 20150224
Symantec Trojan.Asprox.B 20150224
Tencent Win32.Trojan.Backdoor.Auto 20150224
TheHacker Trojan/Kryptik.cpil 20150222
TotalDefense Win32/Kuluoz.CaNYVND 20150223
TrendMicro BKDR_KULUOZ.SM11 20150224
TrendMicro-HouseCall BKDR_KULUOZ.SM11 20150224
VBA32 BScope.Trojan-Dropper.8612 20150220
VIPRE Trojan.Win32.Kuluoz.cnyj (v) 20150224
Zillya Worm.Aspxor.Win32.7643 20150223
AegisLab 20150224
Yandex 20150223
Alibaba 20150224
Baidu-International 20150223
Bkav 20150213
ByteHero 20150224
CMC 20150223
Kingsoft 20150224
ViRobot 20150224
Zoner 20150223
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-10-22 05:24:13
Entry Point 0x000135D2
Number of sections 3
PE sections
PE imports
GetStdHandle
WaitForSingleObject
EncodePointer
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
EnumSystemLocalesW
LoadLibraryExW
FreeEnvironmentStringsW
GetLocaleInfoW
SetStdHandle
GetCPInfo
InterlockedExchange
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
FreeLibrary
LocalFree
FreeLibraryAndExitThread
LoadResource
FindClose
TlsGetValue
SetLastError
OutputDebugStringW
GetModuleFileNameW
IsDebuggerPresent
HeapAlloc
GetVersionExA
GetModuleFileNameA
SetConsoleCtrlHandler
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
FatalAppExitA
SetFilePointerEx
CreateMutexA
GetModuleHandleA
CreateSemaphoreW
IsProcessorFeaturePresent
DecodePointer
TerminateProcess
SetUnhandledExceptionFilter
GetModuleHandleExW
SetEndOfFile
GetCurrentThreadId
InterlockedIncrement
WriteConsoleW
AreFileApisANSI
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
LoadLibraryW
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetStartupInfoA
GetDateFormatW
GetStartupInfoW
GetUserDefaultLCID
GetProcessHeap
GetTimeFormatW
IsValidLocale
GetProcAddress
CreateEventW
CreateFileW
CreateEventA
GetFileType
TlsSetValue
CreateFileA
ExitProcess
LeaveCriticalSection
GetLastError
LCMapStringW
GetConsoleCP
CompareStringW
GetEnvironmentStringsW
lstrlenW
CompareFileTime
GetCurrentProcessId
GetCurrentDirectoryA
HeapSize
GetCommandLineA
GetCurrentThread
RaiseException
TlsFree
SetFilePointer
ReadFile
CloseHandle
GetACP
GetModuleHandleW
WideCharToMultiByte
IsValidCodePage
Sleep
VirtualAlloc
StrCmpNW
GetSystemMetrics
SetWindowPos
Ord(91)
OleGetClipboard
Number of PE resources by type
RT_ICON 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 2
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2014:10:22 06:24:13+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
205312

LinkerVersion
9.0

EntryPoint
0x135d2

InitializedDataSize
22016

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
0

File identification
MD5 ce9052431f28b68b9ae95c8b30f73064
SHA1 6ba78fe32113b11fdef2c6401351059787738815
SHA256 785c1514fa334e4906fa987c3cfdb7844d75a6dc5c8bee53e9b714e43e2f2bd9
ssdeep
3072:pr5FHFonsZ5pX4Qgoiged765f/9scK2FarcQVrClxnpqyj8Irl+P9Uvx4FpHjOzK:lGMpXLTiged+Z/9tarcnpfqMuh

authentihash 5c2904ed94d86d957c9a4a1993d665636dafcfed8875a17a63a34c79f4a58944
imphash 11ea83e996050babbc878069c9116d47
File size 215.5 KB ( 220672 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe

VirusTotal metadata
First submission 2015-02-24 05:56:53 UTC ( 2 years, 3 months ago )
Last submission 2015-02-24 05:56:53 UTC ( 2 years, 3 months ago )
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Created processes
Created mutexes
Opened mutexes
Runtime DLLs