VT Community Sign in ▼ Languages ▼
VirusTotal's website has changed, we need new translations, do you feel like helping the community?
Sign in to VT Community

Safety ratings and user comments (disinfection, in-the-wild locations, reverse engineering reports, etc.) on malware and URLs, free and easy.

email
password
Keep me logged in
Forgot your password? Create an account
0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is goodware. 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is malware.
File name:
document.htm_____________________
Submission date:
2010-02-01 18:00:48 (UTC)
Current status:
finished
Result:
10 /40 (25.0%)
VT Community

not reviewed
 Safety score: - 
Antivirus Version Last Update Result
a-squared 4.5.0.50 2010.02.01 -
AhnLab-V3 5.0.0.2 2010.02.01 -
AntiVir 7.9.1.154 2010.02.01 TR/Dropper.Gen
Antiy-AVL 2.0.3.7 2010.02.01 -
Authentium 5.2.0.5 2010.01.31 -
Avast 4.8.1351.0 2010.02.01 -
AVG 9.0.0.730 2010.02.01 -
BitDefender 7.2 2010.02.01 -
CAT-QuickHeal 10.00 2010.02.01 -
ClamAV 0.96.0.0-git 2010.02.01 -
Comodo 3783 2010.02.01 -
DrWeb 5.0.1.12222 2010.02.01 -
eSafe 7.0.17.0 2010.02.01 -
eTrust-Vet 35.2.7274 2010.02.01 -
F-Prot 4.5.1.85 2010.01.31 -
F-Secure 9.0.15370.0 2010.02.01 Suspicious:W32/Riskware!Online
Fortinet 4.0.14.0 2010.02.01 -
GData 19 2010.02.01 -
Ikarus T3.1.1.80.0 2010.02.01 -
Jiangmin 13.0.900 2010.01.28 -
K7AntiVirus 7.10.960 2010.01.29 -
Kaspersky 7.0.0.125 2010.02.01 -
McAfee 5879 2010.02.01 -
McAfee+Artemis 5879 2010.02.01 Artemis!C2193DC41061
McAfee-GW-Edition 6.8.5 2010.02.01 Heuristic.LooksLike.Win32.Obfuscated.J
Microsoft 1.5406 2010.02.01 Worm:Win32/Prolaco.gen!C
NOD32 4824 2010.02.01 probably a variant of Win32/Merond.AA
Norman 6.04.03 2010.01.31 W32/Obfuscated.CC!genr
nProtect 2009.1.8.0 2010.02.01 -
Panda 10.0.2.2 2010.02.01 -
PCTools 7.0.3.5 2010.02.01 -
Rising 22.33.00.04 2010.02.01 -
Sophos 4.50.0 2010.02.01 Mal/CryptBox-A
Sunbelt 3.2.1858.2 2010.01.31 Worm.Win32.Prolaco.gen (v)
Symantec 20091.2.0.41 2010.02.01 Suspicious.Insight
TheHacker 6.5.1.0.175 2010.02.01 -
TrendMicro 9.120.0.1004 2010.02.01 -
VBA32 3.12.12.1 2010.02.01 -
ViRobot 2010.2.1.2166 2010.02.01 -
VirusBuster 5.0.21.0 2010.02.01 -
Additional information
MD5   : c2193dc41061ef56591f4821392599cb
SHA1  : 80366cde71b84606ce8ecf62b5bd2e459c54942e
SHA256: d5fd8e098054a5f1b570de5d31241c1428a79fb25ec6a477261f6efaaf3d7440
ssdeep: 12288:eykDkv9hzWlAZQTkuZGBxPwM+NtNHL693yICotnMZmPPKYg7xbVynav:eykDfAgG5yOnM[*lb*]AK3xb3
File size : 607232 bytes
First seen: 2010-02-01 15:25:20
Last seen : 2010-05-27 16:47:02
Magic: PE32 executable for MS Windows (GUI) Intel 80386 32-bit
TrID:
Win32 Executable MS Visual C++ (generic) (72.0%)[*lb*]Win32 Executable Generic (16.2%)[*lb*]Win16/32 Executable Delphi generic (3.9%)[*lb*]Generic Win/DOS Executable (3.8%)[*lb*]DOS Executable Generic (3.8%)
sigcheck:
publisher....: n/a[*lb*]copyright....: n/a[*lb*]product......: n/a[*lb*]description..: n/a[*lb*]original name: n/a[*lb*]internal name: n/a[*lb*]file version.: n/a[*lb*]comments.....: n/a[*lb*]signers......: -[*lb*]signing date.: -[*lb*]verified.....: Unsigned[*lb*]
PEiD: -
PEInfo: PE structure information

[[ basic data ]]
entrypointaddress: 0x1110
timedatestamp....: 0x4B651329 (Sun Jan 31 05:20:41 2010)
machinetype......: 0x14C (Intel I386)

[[ 6 section(s) ]]
name, viradd, virsiz, rawdsiz, ntropy, md5
.text, 0x1000, 0xE5F8, 0xE600, 6.3, 30684ac3a6a9f6d5c8b826c24660a0d9
.data, 0x10000, 0x40E4, 0x4200, 0.02, b6f0e3df9be2ed2dc7bda1048de22d86
.rdata, 0x15000, 0x1C9C, 0x1E00, 4.8, 81cf6a2e185f0980c6fa5a6aa891a361
.bss, 0x17000, 0xA4, 0x0, 0.0, d41d8cd98f00b204e9800998ecf8427e
.idata, 0x18000, 0x71C, 0x800, 4.52, ccb2ba5659a0d6819b9c9d5acad3d29e
.rsrc, 0x19000, 0x7F1CC, 0x7F200, 7.99, 77eaf160b6e9839cacf5f993bfd10823

[[ 3 import(s) ]]
advapi32.dll: RegCloseKey, RegOpenKeyExA, RegSetValueExA
kernel32.dll: CreateSemaphoreA, ExitProcess, FindResourceA, FreeResource, GetCommandLineA, GetCurrentThreadId, GetLastError, GetModuleFileNameA, GetModuleHandleA, GetProcAddress, GetStartupInfoA, GetVersionExA, InterlockedDecrement, InterlockedIncrement, LoadResource, LockResource, ReleaseSemaphore, SetLastError, SetUnhandledExceptionFilter, SizeofResource, Sleep, TlsAlloc, TlsFree, TlsGetValue, TlsSetValue, WaitForSingleObject, lstrcpyA
msvcrt.dll: _stat, __getmainargs, __p__environ, __p__fmode, __set_app_type, _cexit, _iob, _onexit, _setmode, _strdup, abort, atexit, fputc, fputs, free, fwrite, malloc, memchr, memcpy, memmove, memset, printf, realloc, signal, sprintf, strcat, strcmp, strcpy, strlen
Prevx Info:
http://info.prevx.com/aboutprogramtext.asp?PX5=72113F3800A834F344DB090F024EE50061AB09CB
ThreatExpert:
http://www.threatexpert.com/report.aspx?md5=c2193dc41061ef56591f4821392599cb

VT Community

This file has never been reviewed by any VT Community member. Be the first one to comment on it!
VirusTotal Team
Add your comment... Remember that when you write comments as an anonymous user they receive the lowest possible reputation. So if you have not signed in yet don't forget to do so. How to markup your comments?
You can add basic styles to your comments using the following accepted bbcode tags:

[b]text[/b] -- bold
[i]text[/i] -- italics
[u]text[/u] -- underline
[s]text[/s] -- strikethrough
[code]text[/code] - preformatted text

You can also address comments to particular users using the "@" twitter-like mode. By prepending a "#" symbol to a word you can add custom tags to your comment, tags that can then be searched for.
Goodware
Malware
Spam attachment/link

P2P download
Propagating via IM
Network worm

Drive-by-download






ATTENTION: VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees about the availability and continuity of this service. Although the detection rate afforded by the use of multiple antivirus engines is far superior to that offered by just one product, these results DO NOT guarantee the harmlessness of a file. Currently, there is not any solution that offers a 100% effectiveness rate for detecting viruses and malware.