× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 041fce3bdcf15db414b2ea47e47b07fcf605749237b2471a5a54da4318b5e0a8
File name: ACB47770D4A42CE75481EEBF3A0F54A5
Detection ratio: 40 / 50
Analysis date: 2014-02-07 04:48:10 UTC ( 1 year, 2 months ago )
Antivirus Result Update
AVG BackDoor.Generic17.CIWO 20140206
Ad-Aware Gen:Variant.Zusy.68588 20140206
Agnitum Backdoor.Papras!EruNwpdbyiY 20140204
AntiVir TR/Zusy.68588.1 20140206
Antiy-AVL Backdoor/Win32.Papras.gen 20140205
Avast Win32:Malware-gen 20140206
Baidu-International Backdoor.Win32.Papras.aLva 20140206
BitDefender Gen:Variant.Zusy.68588 20140206
Bkav W32.Clodb5b.Trojan.2eae 20140125
CAT-QuickHeal TrojanSpy.Ursnif 20140206
Commtouch W32/Trojan.VSDN-3758 20140206
Comodo Worm.Win32.Papras.CSA 20140206
DrWeb Trojan.MulDrop5.3696 20140206
ESET-NOD32 a variant of Win32/Kryptik.BNEO 20140206
Emsisoft Gen:Variant.Zusy.68588 (B) 20140206
F-Secure Gen:Variant.Zusy.68588 20140206
Fortinet W32/Krypt.UIWK!tr 20140206
GData Gen:Variant.Zusy.68588 20140206
Ikarus Gen.Heur 20140206
Jiangmin Backdoor/Papras.cqf 20140206
K7AntiVirus Password-Stealer ( 00037fdb1 ) 20140206
K7GW Password-Stealer ( 00037fdb1 ) 20140206
Kaspersky Backdoor.Win32.Papras.pzv 20140206
Kingsoft Win32.Troj.Generic.a.(kcloud) 20140207
Malwarebytes Trojan.FakeAV 20140206
McAfee RDN/Generic BackDoor!uw 20140206
McAfee-GW-Edition RDN/Generic BackDoor!uw 20140206
MicroWorld-eScan Gen:Variant.Zusy.68588 20140206
Microsoft TrojanSpy:Win32/Ursnif 20140206
Norman Troj_Generic.RDFFO 20140206
Panda Generic Malware 20140206
Qihoo-360 HEUR/Malware.QVM20.Gen 20140207
Rising PE:Malware.XPACK-HIE/Heur!1.9C48 20140206
Sophos Mal/Generic-S 20140206
Symantec Trojan.Gen.2 20140206
TheHacker Trojan/Kryptik.bneo 20140205
TrendMicro TROJ_SPNV.03KH13 20140206
TrendMicro-HouseCall TROJ_SPNV.03KH13 20140206
VBA32 Backdoor.Papras 20140206
VIPRE Trojan.Win32.Generic!BT 20140206
AhnLab-V3 20140206
ByteHero 20140207
CMC 20140122
ClamAV 20140206
F-Prot 20140206
NANO-Antivirus 20140206
SUPERAntiSpyware 20140206
TotalDefense 20140205
ViRobot 20140206
nProtect 20140206
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Developer metadata
Copyright
2011, Bitdefender Corp.

Publisher Bitdefender Corp.
Product Bitdefender Antivirus Software
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2005-08-25 23:30:12
Link date 12:30 AM 8/26/2005
Entry Point 0x00009FE7
Number of sections 3
PE sections
PE imports
CyStr
QBColor
IsDate
I2
FormatCurrency
DateR4
gNofree
SetContextWorkerThread
CheckType
LateIdStAd
DateR8
CharValueBstr
InvokeMethod2
IsProjectOnStack
CyErr
IsNull
FailedFriend
rtDecFrom
TstGt
R4Str
GetObjConnectionCounts
SetMemObj
Type
StrCopy
FPException
I4Str
SetUnkAddref
GetObject
StrVal
Resume
Sqr
TextCmpGt
IPMT
BASIC_DISPINTERFACE_GetTypeInfo
CyMulI2
TypeName
R4Cy
PutFxStr3
StrR4
GetTimer
CmpLe
CyI2
LeftTrim
Int
Obj
IndexStore
R8Cy
ForEachCollObj
OnError
SetAddref
FileReset
RecDestruct
FileWidth
UI1
ForEachCollAd
CyForNext
ResetProject
StrDate
CyMul
Round
RightTrim
CreateContext
TstLt
g
PackDate
GetFileAttr
I2ForNextCheck
Move
NextEach
FpCy
EraseNoPop
Ptr
GetErl
FileSeek
InputCount
AryLock
TstLe
PutMemStr
InvokeMethod
FPInt
CmpLt
Array
OctFrom
StrCmp
SetUnk
GetObjectA
AddFontResourceA
ExtTextOutW
CreateRectRgn
CreatePen
SetTextAlign
GetTextExtentPoint32W
SetTextColor
OpenThread
HeapFree
EnterCriticalSection
FileTimeToDosDateTime
GetFileType
GlobalReAlloc
SetThreadPriority
lstrlenA
GlobalFree
GetCommandLineW
LocalFileTimeToFileTime
HeapAlloc
CloseHandle
WriteFileEx
CreateFileA
GetThreadPriority
GetCurrentThreadId
GlobalAlloc
LeaveCriticalSection
NtCreateSection
NtMapViewOfSection
GetMessageA
RedrawWindow
EndDialog
DefMDIChildProcW
SetWindowPos
AppendMenuA
GetWindowRect
RegisterClassExW
SetCapture
GetDlgItemTextA
SetWindowLongA
GetSysColor
GetCursorPos
WaitMessage
CheckMenuItem
SetParent
SetWindowTextW
GetSubMenu
CreateMenu
CallWindowProcW
TrackPopupMenu
SetWindowsHookExA
IsDlgButtonChecked
GetMenuState
EnumClipboardFormats
GetClassNameA
GetWindowLongW
SetCursor
Number of PE resources by type
RT_ICON 4
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 6
ExifTool file metadata
SpecialBuild
1201

UninitializedDataSize
0

LinkerVersion
7.1

ImageVersion
2.9

FileSubtype
0

FileVersionNumber
7.11.1.0

LanguageCode
Unknown (0009)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
58368

PrivateBuild
1201

MIMEType
application/octet-stream

LegalCopyright
2011, Bitdefender Corp.

TimeStamp
2005:08:26 00:30:12+01:00

FileType
Win32 EXE

PEType
PE32

FileAccessDate
2014:02:07 05:42:26+01:00

SubsystemVersion
4.0

OSVersion
5.1

FileCreateDate
2014:02:07 05:42:26+01:00

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Bitdefender Corp.

CodeSize
400384

ProductName
Bitdefender Antivirus Software

ProductVersionNumber
7.11.1.0

EntryPoint
0x9fe7

ObjectFileType
Unknown

File identification
MD5 acb47770d4a42ce75481eebf3a0f54a5
SHA1 e989dec862fb97498aca0e0debaef58a75e8c4e9
SHA256 041fce3bdcf15db414b2ea47e47b07fcf605749237b2471a5a54da4318b5e0a8
ssdeep
12288:SPF9VhFXFhDloyzGVgZXGbrHDYuxQnPl1nOD0:S9hFXFhZocJGHHDnQLOg

imphash b8f92e4d1d1a2d9fbd9513951c9360ee
File size 449.0 KB ( 459776 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe

VirusTotal metadata
First submission 2013-11-16 11:45:43 UTC ( 1 year, 5 months ago )
Last submission 2014-02-07 04:48:10 UTC ( 1 year, 2 months ago )
File names output.17119094.txt
clock.exe
17119094
ACB47770D4A42CE75481EEBF3A0F54A5
1917967694934230080.exe
e7a08a3116d1d72b6c671ad513a2c0a7a8949a3f
1917568915044412507.exe
1917636176348778375.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
Behaviour characterization
Zemana
dll-injection

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!