× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: d0f919b897f20b9644e9935790ec448423c2cfc1005032f49331f88e43c10458
File name: vt-upload-AF3lK
Detection ratio: 22 / 47
Analysis date: 2013-11-11 03:52:54 UTC ( 5 měsíců ago )
Antivirus Result Update
AhnLab-V3 Trojan/Win32.CryptoVB 20131110
AntiVir TR/Dropper.VB.5955 20131111
Avast Win32:Rootkit-gen [Rtk] 20131111
BitDefender Gen:Variant.Zusy.71043 20131111
DrWeb Trojan.PWS.Siggen1.9152 20131111
ESET-NOD32 a variant of Win32/Injector.AQPJ 20131110
Emsisoft Gen:Variant.Zusy.71043 (B) 20131111
F-Secure Gen:Variant.Zusy.71043 20131111
Fortinet W32/Fareit.ADBJ!tr.pws 20131111
GData Gen:Variant.Zusy.71043 20131111
Kaspersky Trojan-PSW.Win32.Fareit.amjl 20131111
Kingsoft Win32.Troj.Generic.a.(kcloud) 20130829
Malwarebytes Trojan.Backdoor.VB 20131111
McAfee Artemis!2AB9D49B213E 20131111
McAfee-GW-Edition Heuristic.BehavesLike.Win32.Suspicious-PKR.G 20131110
MicroWorld-eScan Gen:Variant.Zusy.71043 20131111
Microsoft Trojan:Win32/EyeStye.N 20131111
Panda Trj/Genetic.gen 20131110
Sophos Troj/Agent-ADBJ 20131111
TheHacker Posible_Worm32 20131107
TrendMicro-HouseCall TROJ_GEN.R0CBH01KA13 20131111
VIPRE Trojan.Win32.Generic!BT 20131111
AVG 20131110
Agnitum 20131110
Antiy-AVL 20131107
Baidu-International 20131110
Bkav 20131109
ByteHero 20131105
CAT-QuickHeal 20131110
ClamAV 20131111
Commtouch 20131111
Comodo 20131111
F-Prot 20131111
Ikarus 20131111
Jiangmin 20131110
K7AntiVirus 20131108
K7GW 20131108
NANO-Antivirus 20131111
Norman 20131110
Rising 20131111
SUPERAntiSpyware 20131110
Symantec 20131111
TotalDefense 20131108
TrendMicro 20131111
VBA32 20131108
ViRobot 20131110
nProtect 20131110
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file.
Packers identified
PEiD UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-11-08 01:09:12
Entry Point 0x00015A70
Number of sections 3
PE sections
PE imports
VirtualFree
ExitProcess
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
Ord(616)
SystemParametersInfoW
Number of PE resources by type
RT_ICON 3
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 4
File identification
MD5 2ab9d49b213e64edb6c9209bd811870c
SHA1 e7c8395c5237623fabe99597b5491df515dbad29
SHA256 d0f919b897f20b9644e9935790ec448423c2cfc1005032f49331f88e43c10458
ssdeep
3072:2BEoyvWrsumJazE5eHP1CWHaYkb/T5ldsI+CcAXXrQAK/96DAkE:2BXyvHJazE5eHPwAgrdsFLe7QR6LE

File size 146.1 KB ( 149610 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (55.5%)
UPX compressed Win32 Executable (20.6%)
Win32 EXE Yoda's Crypter (17.9%)
Win32 Executable (generic) (3.0%)
Generic Win/DOS Executable (1.3%)
Tags
peexe upx

VirusTotal metadata
First submission 2013-11-11 03:52:54 UTC ( 5 měsíců ago )
Last submission 2013-11-11 03:52:54 UTC ( 5 měsíců ago )
File names vt-upload-AF3lK
Advanced heuristic and reputation engines
ClamAV PUA
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: http://www.clamav.net/index.php?s=pua&lang=en .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!