× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 041fce3bdcf15db414b2ea47e47b07fcf605749237b2471a5a54da4318b5e0a8
File name: isheriff_acb47770d4a42ce75481eebf3a0f54a5.bin
Detection ratio: 43 / 56
Analysis date: 2016-06-10 17:11:20 UTC ( 2 months, 2 weeks ago )
Antivirus Result Update
ALYac Gen:Variant.Zusy.68588 20160610
AVG BackDoor.Generic17.CIWO 20160610
AVware Trojan.Win32.Generic!BT 20160610
Ad-Aware Gen:Variant.Zusy.68588 20160610
AegisLab Backdoor.W32.Papras.pzv!c 20160610
AhnLab-V3 Trojan/Win32.Papras 20160610
Antiy-AVL Trojan[Backdoor]/Win32.Papras 20160610
Avast Win32:Evo-gen [Susp] 20160610
Avira (no cloud) TR/Zusy.68588.1 20160610
Baidu-International Backdoor.Win32.Papras.wlz 20160606
BitDefender Gen:Variant.Zusy.68588 20160610
Bkav HW32.Packed.7906 20160610
CAT-QuickHeal TrojanSpy.Ursnif.r3 20160610
Comodo Worm.Win32.Papras.CSA 20160610
Cyren W32/Trojan.VSDN-3758 20160610
DrWeb Trojan.MulDrop5.3696 20160610
ESET-NOD32 a variant of Win32/Kryptik.BNEO 20160610
Emsisoft Gen:Variant.Zusy.68588 (B) 20160610
Fortinet W32/Krypt.UIWK!tr 20160610
GData Gen:Variant.Zusy.68588 20160610
Ikarus Gen.Heur 20160610
Jiangmin Backdoor/Papras.cgg 20160610
K7AntiVirus Password-Stealer ( 00037fdb1 ) 20160610
K7GW Password-Stealer ( 00037fdb1 ) 20160610
Kaspersky Backdoor.Win32.Papras.wlz 20160610
Malwarebytes Trojan.FakeAV 20160610
McAfee Generic.dx!ACB47770D4A4 20160610
McAfee-GW-Edition BehavesLike.Win32.Expiro.gc 20160610
eScan Gen:Variant.Zusy.68588 20160610
Microsoft TrojanSpy:Win32/Ursnif 20160610
Panda Generic Malware 20160610
Qihoo-360 HEUR/Malware.QVM20.Gen 20160610
Rising Trojan.Generic-JoLYVR8mn6V (Cloud) 20160610
Sophos Mal/Generic-S 20160610
Symantec Trojan.Gen.2 20160610
Tencent Win32.Backdoor.Papras.Lqeu 20160610
TheHacker Trojan/Kryptik.bneo 20160610
TrendMicro TROJ_SPNV.03KH13 20160610
TrendMicro-HouseCall TROJ_SPNV.03KH13 20160610
VBA32 Backdoor.Papras 20160610
VIPRE Trojan.Win32.Generic!BT 20160610
Yandex Backdoor.Papras!EruNwpdbyiY 20160609
Zillya Backdoor.Papras.Win32.2514 20160609
Alibaba 20160608
Arcabit 20160610
Baidu 20160608
CMC 20160607
ClamAV 20160610
F-Prot 20160610
Kingsoft 20160610
NANO-Antivirus 20160610
SUPERAntiSpyware 20160610
TotalDefense 20160610
ViRobot 20160610
Zoner 20160610
nProtect 20160610
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
2011, Bitdefender Corp.

Product Bitdefender Antivirus Software
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2005-08-25 23:30:12
Entry Point 0x00009FE7
Number of sections 3
PE sections
PE imports
CyStr
QBColor
IsDate
I2
FormatCurrency
DateR4
gNofree
SetContextWorkerThread
CheckType
LateIdStAd
DateR8
CharValueBstr
InvokeMethod2
IsProjectOnStack
CyErr
IsNull
FailedFriend
rtDecFrom
TstGt
R4Str
GetObjConnectionCounts
SetMemObj
Type
StrCopy
FPException
I4Str
SetUnkAddref
GetObject
StrVal
Resume
Sqr
TextCmpGt
IPMT
BASIC_DISPINTERFACE_GetTypeInfo
CyMulI2
TypeName
R4Cy
PutFxStr3
StrR4
GetTimer
CmpLe
CyI2
LeftTrim
Int
Obj
IndexStore
R8Cy
ForEachCollObj
OnError
SetAddref
FileReset
RecDestruct
FileWidth
UI1
ForEachCollAd
CyForNext
ResetProject
StrDate
CyMul
Round
RightTrim
CreateContext
TstLt
g
PackDate
GetFileAttr
I2ForNextCheck
Move
NextEach
FpCy
EraseNoPop
Ptr
GetErl
FileSeek
InputCount
AryLock
TstLe
PutMemStr
InvokeMethod
FPInt
CmpLt
Array
OctFrom
StrCmp
SetUnk
GetObjectA
AddFontResourceA
ExtTextOutW
CreateRectRgn
CreatePen
SetTextAlign
GetTextExtentPoint32W
SetTextColor
OpenThread
HeapFree
EnterCriticalSection
FileTimeToDosDateTime
GetFileType
GlobalReAlloc
SetThreadPriority
lstrlenA
GlobalFree
GetCommandLineW
LocalFileTimeToFileTime
HeapAlloc
CloseHandle
WriteFileEx
CreateFileA
GetThreadPriority
GetCurrentThreadId
GlobalAlloc
LeaveCriticalSection
NtCreateSection
NtMapViewOfSection
GetMessageA
RedrawWindow
EndDialog
DefMDIChildProcW
SetWindowPos
AppendMenuA
GetWindowRect
RegisterClassExW
SetCapture
GetDlgItemTextA
SetWindowLongA
GetSysColor
GetCursorPos
WaitMessage
CheckMenuItem
SetParent
SetWindowTextW
GetSubMenu
CreateMenu
CallWindowProcW
TrackPopupMenu
SetWindowsHookExA
IsDlgButtonChecked
GetMenuState
EnumClipboardFormats
GetClassNameA
GetWindowLongW
SetCursor
Number of PE resources by type
RT_ICON 4
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 6
PE resources
Debug information
ExifTool file metadata
SpecialBuild
1201

UninitializedDataSize
0

LinkerVersion
7.1

ImageVersion
2.9

FileSubtype
0

FileVersionNumber
7.11.1.0

LanguageCode
Unknown (0009)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
58368

PrivateBuild
1201

EntryPoint
0x9fe7

MIMEType
application/octet-stream

Subsystem
Windows GUI

TimeStamp
2005:08:26 00:30:12+01:00

FileType
Win32 EXE

PEType
PE32

SubsystemVersion
4.0

OSVersion
5.1

FileOS
Windows NT 32-bit

LegalCopyright
2011, Bitdefender Corp.

MachineType
Intel 386 or later, and compatibles

CompanyName
Bitdefender Corp.

CodeSize
400384

ProductName
Bitdefender Antivirus Software

ProductVersionNumber
7.11.1.0

FileTypeExtension
exe

ObjectFileType
Unknown

File identification
MD5 acb47770d4a42ce75481eebf3a0f54a5
SHA1 e989dec862fb97498aca0e0debaef58a75e8c4e9
SHA256 041fce3bdcf15db414b2ea47e47b07fcf605749237b2471a5a54da4318b5e0a8
ssdeep
12288:SPF9VhFXFhDloyzGVgZXGbrHDYuxQnPl1nOD0:S9hFXFhZocJGHHDnQLOg

authentihash d5fc9d3fb55de180299a2f91fd8aae64492298c2a30b0b0cf1c75eaa8672ef11
imphash b8f92e4d1d1a2d9fbd9513951c9360ee
File size 449.0 KB ( 459776 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Tags
peexe

VirusTotal metadata
First submission 2013-11-16 11:45:43 UTC ( 2 years, 9 months ago )
Last submission 2016-06-10 17:11:20 UTC ( 2 months, 2 weeks ago )
File names output.17119094.txt
clock.exe
17119094
ACB47770D4A42CE75481EEBF3A0F54A5
1917967694934230080.exe
e7a08a3116d1d72b6c671ad513a2c0a7a8949a3f
1917568915044412507.exe
isheriff_acb47770d4a42ce75481eebf3a0f54a5.bin
1917636176348778375.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
Behaviour characterization
Zemana
dll-injection

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!