× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 01c08f2d723f1d609f1f8bf007a3fbd740b595dcea32736072540cd48b3d8290
File name: proof1.exe
Detection ratio: 27 / 46
Analysis date: 2013-07-27 19:41:49 UTC ( 8 months, 3 weeks ago )
Antivirus Result Update
AVG PSW.Banker6.AVKS 20130727
Agnitum Backdoor.Bot!ypWeV7FQzxY 20130726
AntiVir BDS/Bot.179807 20130727
Avast Win32:Malware-gen 20130727
BitDefender Backdoor.Bot.179807 20130727
ClamAV Win.Trojan.Spy-75 20130727
Commtouch W32/Backdoor.OJUH-7821 20130727
Comodo UnclassifiedMalware 20130727
DrWeb BackDoor.IRC.Bot.2468 20130727
ESET-NOD32 a variant of Win32/Injector.AGZF 20130727
Emsisoft Backdoor.Bot.179807 (B) 20130727
F-Secure Backdoor.Bot.179807 20130727
Fortinet W32/Banker.EIQTNXK!tr.spy 20130727
GData Backdoor.Bot.179807 20130727
Ikarus Backdoor.Win32.Bot 20130727
Kaspersky UDS:DangerousObject.Multi.Generic 20130727
Malwarebytes Trojan.Banker 20130727
McAfee Artemis!46F732024332 20130727
McAfee-GW-Edition Artemis!46F732024332 20130727
MicroWorld-eScan Backdoor.Bot.179807 20130727
Norman Troj_Generic.LBHSA 20130727
Panda Generic Malware 20130727
Sophos Mal/Generic-S 20130727
Symantec WS.Reputation.1 20130727
TrendMicro TROJ_SPNR.0CEA13 20130727
TrendMicro-HouseCall TROJ_SPNR.0CEA13 20130727
VIPRE Trojan.Win32.Generic!BT 20130727
AhnLab-V3 20130727
Antiy-AVL 20130727
ByteHero 20130724
CAT-QuickHeal 20130727
F-Prot 20130727
Jiangmin 20130727
K7AntiVirus 20130726
K7GW 20130726
Kingsoft 20130723
Microsoft 20130727
NANO-Antivirus 20130727
PCTools 20130727
Rising 20130726
SUPERAntiSpyware 20130727
TheHacker 20130726
TotalDefense 20130726
VBA32 20130727
ViRobot 20130727
nProtect 20130727
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
PEiD Armadillo v1.71
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-05-02 02:24:51
Entry Point 0x00002A2C
Number of sections 4
PE sections
PE imports
GetStartupInfoA
GetProcAddress
GetModuleHandleA
__p__fmode
malloc
memset
fclose
_sleep
printf
fopen
_except_handler3
memcpy
_snprintf
_XcptFilter
exit
__setusermatherr
__p__commode
_acmdln
_exit
_adjust_fdiv
free
__getmainargs
_initterm
_controlfp
__set_app_type
MessageBoxW
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2013:05:02 03:24:51+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
7168

LinkerVersion
10.0

EntryPoint
0x2a2c

InitializedDataSize
88064

SubsystemVersion
5.1

ImageVersion
0.0

OSVersion
5.1

UninitializedDataSize
0

File identification
MD5 46f7320243320ca494b00c056da7e7c3
SHA1 51ca24a7138f014909afce0cdfce1f00cde19968
SHA256 01c08f2d723f1d609f1f8bf007a3fbd740b595dcea32736072540cd48b3d8290
ssdeep
1536:eDDvTL1DyR8XrwinePEfPN4f4UdgdZ93zhBBWzzRHsJEG31WmF2XR4riNSfGIffA:kTLYBGTFBQnRMJEe8Y2XR3IQPlGUZxqI

File size 94.0 KB ( 96256 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe armadillo

VirusTotal metadata
First submission 2013-05-03 14:53:06 UTC ( 11 months, 2 weeks ago )
Last submission 2013-07-27 19:41:49 UTC ( 8 months, 3 weeks ago )
File names proof1.exe
kickit.lol
vti-rescan
46f7320243320ca494b00c056da
vt-upload-Qn_HD
file-5494132_exe
LifePackage.vxe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!