× Cookies are disabled! This site requires cookies to be enabled to work properly
VirusTotal
SHA256: 6856fabde968cf2b3c4e8ea559b96275a30b675f6178f1a661ffdd41d16094a4
SHA1: 7fbacaace1a45b7c3094ed78718acb08cb4091cb
MD5: 31748b746e743215c0ce0758c75c4fdb
File size: 73.5 KB ( 75264 bytes )
File name: AcroRd32.exe
File type: Win32 EXE
Tags: peexe armadillo
Detection ratio: 7 / 45
Analysis date: 2012-12-03 12:16:32 UTC ( 1 ヶ月, 2 週間 ago )
More details
Antivirus Result Update
MicroWorld-eScan - 20121203
nProtect - 20121203
CAT-QuickHeal - 20121203
McAfee Artemis!31748B746E74 20121203
Malwarebytes - 20121203
TheHacker - 20121202
K7AntiVirus - 20121130
Agnitum - 20121203
F-Prot - 20121202
Symantec WS.Reputation.1 20121203
Norman - 20121203
TotalDefense - 20121203
TrendMicro-HouseCall BKDR_GOSME.AJ 20121203
Avast - 20121203
eSafe - 20121202
ClamAV - 20121202
Kaspersky - 20121203
BitDefender - 20121203
NANO-Antivirus - 20121203
SUPERAntiSpyware - 20121203
Sophos Troj/Agent-YZF 20121203
Comodo - 20121203
F-Secure - 20121203
DrWeb - 20121203
VIPRE - 20121203
AntiVir - 20121203
TrendMicro BKDR_GOSME.AJ 20121203
McAfee-GW-Edition Artemis!31748B746E74 20121203
Emsisoft - 20121203
Jiangmin - 20121203
Antiy-AVL - 20121202
Kingsoft - 20121119
Microsoft - 20121203
ViRobot - 20121203
AhnLab-V3 - 20121203
GData - 20121203
Commtouch - 20121203
ByteHero - 20121130
VBA32 - 20121130
ESET-NOD32 - 20121203
Rising - 20121203
Ikarus - 20121203
Fortinet - 20121203
AVG - 20121203
Panda Suspicious file 20121203
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!
More comments

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

Sign in Join the community
No votes. No one has voted on this item yet, be the first one to do so!
More votes
ssdeep
1536:Qd5E4bmNr6A+AqQBC9vkhYDvFekj7WBGcK+yt:M53bmNujAFCtkhYn7oGc2t
TrID
Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
PEiD packer identifier
Armadillo v1.71
ExifTool
MIMEType.................: application/octet-stream
Subsystem................: Windows GUI
MachineType..............: Intel 386 or later, and compatibles
TimeStamp................: 2012:11:14 13:35:45+00:00
FileType.................: Win32 EXE
PEType...................: PE32
CodeSize.................: 59392
LinkerVersion............: 6.0
EntryPoint...............: 0x870e
InitializedDataSize......: 20480
SubsystemVersion.........: 4.0
ImageVersion.............: 0.0
OSVersion................: 4.0
UninitializedDataSize....: 0
Portable Executable structural information
Compilation timedatestamp.....: 2012-11-14 13:35:45
Target machine................: 0x14C (Intel 386 or later processors and compatible processors)
Entry point address...........: 0x0000870E

PE Sections...................:

Name        Virtual Address  Virtual Size  Raw Size  Entropy  MD5
.text                  4096         58919     59392     6.67  0ff8948fec965bc624ad25dda6f58e25
.rdata                65536          3094      3584     5.04  ac9782a6167c6a7abbb919493a242c63
.data                 69632         16608     11264     0.60  af9436f4176130c8b6026c96aecb1ff7

PE Imports....................:

[[ADVAPI32.dll]]
GetUserNameA

[[KERNEL32.dll]]
PeekNamedPipe, GetLastError, HeapFree, GetStdHandle, LCMapStringW, SetHandleCount, WaitForSingleObject, GetDriveTypeA, LCMapStringA, CopyFileA, ExitProcess, FlushFileBuffers, GetEnvironmentStringsW, GetVersionExA, GetModuleFileNameA, RtlUnwind, LoadLibraryA, GetLocalTime, FreeEnvironmentStringsA, CreatePipe, GetStartupInfoA, GetEnvironmentStrings, GetSystemTime, GetFileSize, SetFileTime, DeleteFileA, WideCharToMultiByte, UnhandledExceptionFilter, MultiByteToWideChar, GetLogicalDrives, FreeEnvironmentStringsW, GetCommandLineA, GetProcAddress, SetStdHandle, GetFileTime, CompareStringW, GetCPInfo, GetStringTypeA, SetFilePointer, ReadFile, GetModuleHandleA, WriteFile, GetCurrentProcess, CloseHandle, GetComputerNameA, GetACP, HeapReAlloc, GetStringTypeW, SetEnvironmentVariableA, GetExitCodeProcess, TerminateProcess, CreateProcessA, GetTimeZoneInformation, GetEnvironmentVariableA, HeapCreate, VirtualFree, HeapDestroy, Sleep, GetFileType, CreateFileA, HeapAlloc, GetVersion, VirtualAlloc, GetCurrentProcessId, GetOEMCP, CompareStringA

[[WS2_32.dll]]
Ord(3), Ord(11), Ord(10), Ord(57), Ord(23), Ord(112), Ord(151), Ord(16), Ord(2), Ord(116), Ord(4), Ord(115), Ord(52), Ord(19), Ord(18), Ord(9)
Symantec Reputation
Suspicious.Insight
First seen by VirusTotal
2012-11-29 03:41:37 UTC ( 1 ヶ月, 3 週間 ago )
Last seen by VirusTotal
2012-12-03 12:16:32 UTC ( 1 ヶ月, 2 週間 ago )
File names (max. 25)
  1. acrord32.exe
  2. javaws.exe
  3. acrord32.ex
  4. AcroRd32.exe

The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.

Runtime DLLs

c:\windows\system32\mswsock.dll (successful)
dnsapi.dll (successful)
rpcrt4.dll (successful)
c:\windows\system32\winrnr.dll (successful)
rasadhlp.dll (successful)
hnetcfg.dll (successful)
c:\windows\system32\wshtcpip.dll (successful)
secur32.dll (successful)

Additional details

  • The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.

Network activity
DNS requests...
javaws.4pu.com (112.196.10.165)
TCP connections...
112.196.10.165:443
UDP communications...
<MACHINE_DNS_SERVER>:53
Blog | Twitter | | Google groups | ToS | Privacy policy