Virustotal. MD5: 0fba190253a84d28d022008ee42ea8e5 Trojan.Banker.LDU Win-Trojan/Ldu.222208 TR/Spy.Banker.QC.2

File sounds.exe received on 2008.11.12 20:07:40 (UTC)
Current status: finished

Result: 11/35 (31.43%)

Antivirus	Version	Last Update	Result
AhnLab-V3	2008.11.13.0	2008.11.12	Win-Trojan/Ldu.222208
AntiVir	7.9.0.31	2008.11.12	TR/Spy.Banker.QC.2
Authentium	5.1.0.4	2008.11.12	-
Avast	4.8.1248.0	2008.11.12	Win32:Spyware-gen
AVG	8.0.0.199	2008.11.12	-
BitDefender	7.2	2008.11.12	Trojan.Banker.LDU
CAT-QuickHeal	9.50	2008.11.12	-
ClamAV	0.94.1	2008.11.12	-
DrWeb	4.44.0.09170	2008.11.12	-
eSafe	7.0.17.0	2008.11.12	Suspicious File
eTrust-Vet	31.6.6204	2008.11.11	-
Ewido	4.0	2008.11.12	-
F-Prot	4.4.4.56	2008.11.11	-
F-Secure	8.0.14332.0	2008.11.12	-
Fortinet	3.117.0.0	2008.11.12	-
GData	19	2008.11.12	Trojan.Banker.LDU
Ikarus	T3.1.1.45.0	2008.11.12	Trojan-Spy.Win32.Banker.IS
K7AntiVirus	7.10.523	2008.11.12	-
Kaspersky	7.0.0.125	2008.11.12	-
McAfee	5431	2008.11.12	-
Microsoft	1.4104	2008.11.12	-
NOD32	3607	2008.11.12	-
Norman	5.80.02	2008.11.12	-
Panda	9.0.0.4	2008.11.12	Trj/Banker.LLK
PCTools	4.4.2.0	2008.11.12	-
Prevx1	V2	2008.11.12	Suspicious
Rising	21.03.22.00	2008.11.12	-
SecureWeb-Gateway	6.7.6	2008.11.12	Trojan.Spy.Banker.QC.2
Sophos	4.35.0	2008.11.12	Sus/Behav-269
Sunbelt	3.1.1785.2	2008.11.11	-
TheHacker	6.3.1.1.149	2008.11.12	-
TrendMicro	8.700.0.1004	2008.11.12	-
VBA32	3.12.8.9	2008.11.11	-
ViRobot	2008.11.12.1463	2008.11.12	-
VirusBuster	4.5.11.0	2008.11.12	-

Additional information
File size: 222208 bytes
MD5...: 0fba190253a84d28d022008ee42ea8e5
SHA1..: 8e79c08777f7cba9402fe76aff9d53f8dd06e64a
SHA256: dfb52b5ed0f6c7960249e91d7de1d13fc74df4630790af20d5cf58f994c699f3
SHA512: 1930a850d29a1e58969724b939053b076a10f7c1099f601e3bab6fe0292c7c18 eeeee860104ee0e8284defa9e9ca2c2cee2aba032caea97d4896e87072edb530
PEiD..: -
TrID..: File type identification UPX compressed Win32 Executable (38.5%) Win32 EXE Yoda's Crypter (33.4%) Win32 Executable Generic (10.7%) Win32 Dynamic Link Library (generic) (9.5%) Win16/32 Executable Delphi generic (2.6%)
PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x495020 timedatestamp.....: 0x2a425e19 (Fri Jun 19 22:22:17 1992) machinetype.......: 0x14c (I386) ( 3 sections ) name viradd virsiz rawdsiz ntrpy md5 UPX0 0x1000 0x5f000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e UPX1 0x60000 0x36000 0x35200 7.92 f949295cdcedef1b795af00c277d4a08 .rsrc 0x96000 0x1000 0xe00 3.24 ca0e1c06e56753eb5e76014bd48c969e ( 8 imports ) > KERNEL32.DLL: LoadLibraryA, GetProcAddress, ExitProcess > advapi32.dll: RegCloseKey > comctl32.dll: ImageList_Add > gdi32.dll: SaveDC > ole32.dll: OleDraw > oleaut32.dll: VariantCopy > user32.dll: GetDC > version.dll: VerQueryValueA ( 0 exports )
Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=23C0388200960AED64C603F13F350400F2C21BCD
packers (Kaspersky): UPX
packers (F-Prot): UPX

ATTENTION: VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees about the availability and continuity of this service. Although the detection rate afforded by the use of multiple antivirus engines is far superior to that offered by just one product, these results DO NOT guarantee the harmlessness of a file. Currently, there is not any solution that offers a 100% effectiveness rate for detecting viruses and malware.


	Virustotal is a service that analyzes suspicious files and facilitates the quick detection of viruses, worms, trojans, and all kinds of malware detected by antivirus engines. More information...

Virustotal is a service that analyzes suspicious files and facilitates the quick detection of viruses, worms, trojans, and all kinds of malware detected by antivirus engines. More information...