× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: dd26e737348416485348f55d031df6159ed49a6fcf999536f41f7139401e4b08
File name: 99dbe222167298f74d2e03104f77bf9c
Detection ratio: 41 / 57
Analysis date: 2015-02-02 14:55:42 UTC ( 2 years, 9 months ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Kazy.334552 20150202
Yandex Backdoor.Androm!hP7JJLrSYa8 20150201
AhnLab-V3 Win-Trojan/Agent.326656.BE 20150202
ALYac Gen:Variant.Kazy.334552 20150202
Antiy-AVL Trojan[Backdoor]/Win32.Androm 20150202
Avast Win32:Crypt-QOG [Trj] 20150202
AVG Crypt2.CMMO 20150202
Avira (no cloud) TR/Crypt.EPACK.Gen2 20150202
AVware Trojan.Win32.Kuluoz.bb (v) 20150202
BitDefender Gen:Variant.Kazy.334552 20150202
CAT-QuickHeal TrojanDownloader.Kuluoz.D3 20150202
Comodo Backdoor.Win32.Androm.BMUN 20150202
Cyren W32/Zbot.JC2.gen!Eldorado 20150202
DrWeb BackDoor.Kuluoz.4 20150202
Emsisoft Gen:Variant.Kazy.334552 (B) 20150202
ESET-NOD32 a variant of Win32/Kryptik.BUOC 20150202
F-Prot W32/Zbot.JC2.gen!Eldorado 20150202
F-Secure Gen:Variant.Kazy.334552 20150201
Fortinet W32/Asprox.B!tr 20150202
GData Gen:Variant.Kazy.334552 20150202
Ikarus Trojan-Downloader.Win32.Kuluoz 20150202
K7AntiVirus Backdoor ( 0040f78a1 ) 20150202
K7GW Backdoor ( 0040f78a1 ) 20150202
Kaspersky Backdoor.Win32.Androm.bnbz 20150202
Kingsoft Win32.Troj.Agent.v.(kcloud) 20150202
Malwarebytes Backdoor.Andromeda 20150202
McAfee Packed-AM!99DBE2221672 20150202
McAfee-GW-Edition BehavesLike.Win32.Packed.fz 20150202
Microsoft TrojanDownloader:Win32/Kuluoz.D 20150202
eScan Gen:Variant.Kazy.334552 20150202
NANO-Antivirus Trojan.Win32.Androm.ctilnt 20150202
Norman Gamarue.BEE 20150202
nProtect Backdoor/W32.Androm.326656 20150130
Rising PE:Trojan.Kuluoz!6.1445 20150130
Sophos AV Troj/Agent-AFXS 20150202
SUPERAntiSpyware Trojan.Agent/Gen-Kryptik 20150201
Symantec Packed.Generic.459 20150202
TrendMicro TROJ_KULUOZ.SMW 20150202
TrendMicro-HouseCall TROJ_KULUOZ.SMW 20150202
VIPRE Trojan.Win32.Kuluoz.bb (v) 20150202
Zillya Backdoor.Androm.Win32.6010 20150202
AegisLab 20150202
Alibaba 20150202
Baidu-International 20150202
Bkav 20150202
ByteHero 20150202
ClamAV 20150202
CMC 20150202
Jiangmin 20150131
Panda 20150202
Qihoo-360 20150202
Tencent 20150202
TheHacker 20150131
TotalDefense 20150202
VBA32 20150202
ViRobot 20150202
Zoner 20150202
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Publisher ?????????? ??????????
File version 5.1.2600.5512 (xpsp.080413-2108)
Description ??????????? ???????
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-02-06 17:56:33
Entry Point 0x00002970
Number of sections 3
PE sections
PE imports
RegOpenKeyA
TextOutA
SelectObject
GetTextMetricsA
GetStockObject
GetStartupInfoA
GetWindowsDirectoryW
CreateFileW
GlobalAlloc
GetWindowsDirectoryA
GetCurrentProcess
lstrcatW
VirtualAlloc
GetProcessHeap
GetMessageA
UpdateWindow
BeginPaint
HideCaret
SetCaretPos
CreateCaret
PostQuitMessage
DefWindowProcA
ShowWindow
DispatchMessageA
EndPaint
MessageBoxA
TranslateMessage
DestroyCaret
GetSysColor
GetDC
RegisterClassExA
ReleaseDC
ShowCaret
SendMessageA
InvalidateRect
CreateWindowExA
LoadCursorA
LoadIconA
GetFocus
malloc
memcpy
free
Number of PE resources by type
RT_STRING 49
RT_ICON 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
RUSSIAN 50
INDONESIAN *unknown* 2
PE resources
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
111104

ImageVersion
0.0

FileVersionNumber
5.1.2600.5512

LanguageCode
Russian

FileFlagsMask
0x003f

CharacterSet
Unicode

LinkerVersion
9.0

MIMEType
application/octet-stream

FileVersion
5.1.2600.5512 (xpsp.080413-2108)

TimeStamp
2014:02:06 18:56:33+01:00

FileType
Win32 EXE

PEType
PE32

FileAccessDate
2015:02:02 15:55:48+01:00

SubsystemVersion
5.0

OSVersion
5.0

FileCreateDate
2015:02:02 15:55:48+01:00

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
214528

FileSubtype
0

ProductVersionNumber
5.1.2600.5512

EntryPoint
0x2970

ObjectFileType
Executable application

File identification
MD5 99dbe222167298f74d2e03104f77bf9c
SHA1 c3b151ddfbc7d3daf7b9c80b2ea5b1675bbadaf9
SHA256 dd26e737348416485348f55d031df6159ed49a6fcf999536f41f7139401e4b08
ssdeep
1536:4voN1JUQI+xpPwbOaDlgK+EXM7k83jSvOddN7Szzj1HMwnVdfevQ:6oQgsDGK+uMIVvEfGjiwnVQQ

authentihash 212a6a1ca7740880d9979dcd92428688bf6b83f05e6e2da2db05db5ad2829573
imphash 2e9be622fed2d46197f8727efa47eaa5
File size 319.0 KB ( 326656 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe

VirusTotal metadata
First submission 2015-02-02 14:55:42 UTC ( 2 years, 9 months ago )
Last submission 2015-02-02 14:55:42 UTC ( 2 years, 9 months ago )
File names 99dbe222167298f74d2e03104f77bf9c
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Created processes
Created mutexes
Opened mutexes
Runtime DLLs