× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 036e4f452041f9d573f851d48d92092060107d9ea32e0c532849d61a598b8a71
File name: 3_4.exe
Detection ratio: 28 / 46
Analysis date: 2013-02-03 12:22:46 UTC ( 6 years, 1 month ago ) View latest
Antivirus Result Update
AntiVir TR/Downloader.Gen 20130203
Avast Win32:Malware-gen 20130203
AVG unknown virus Win32/DH{AA81ICJbJSMKHhM} 20130203
BitDefender Gen:Trojan.Heur.PT.dmGfaKZ!zR 20130203
Comodo UnclassifiedMalware 20130203
DrWeb Trojan.PWS.Banker1.8391 20130203
Emsisoft Trojan-Spy.Win32.POSCardStealer (A) 20130203
eSafe Win32.Trojan 20130131
ESET-NOD32 a variant of Win32/Spy.POSCardStealer.D 20130203
F-Secure Gen:Trojan.Heur.PT.dmGfaKZ!zR 20130203
Fortinet W32/Emogen.Y 20130203
GData Gen:Trojan.Heur.PT.dmGfaKZ!zR 20130203
Ikarus Trojan.Win32.Spy 20130203
Kaspersky HEUR:Trojan.Win32.Generic 20130203
Malwarebytes Backdoor.Bot.Sam 20130203
McAfee Artemis!1EFEB85C8EC2 20130203
McAfee-GW-Edition Artemis!1EFEB85C8EC2 20130203
eScan Gen:Trojan.Heur.PT.dmGfaKZ!zR 20130203
NANO-Antivirus Trojan.Win32.POSCardStealer.bfeqtu 20130203
Norman Malware 20130202
Panda Trj/CI.A 20130203
Rising Suspicious 20130201
Sophos AV Mal/Emogen-Y 20130203
Symantec WS.Reputation.1 20130203
TheHacker Posible_Worm32 20130202
TrendMicro TROJ_GEN.RCBZ4AO 20130203
TrendMicro-HouseCall TROJ_GEN.RCBZ4AO 20130203
VIPRE Trojan.Win32.Generic!BT 20130203
Yandex 20130202
AhnLab-V3 20130202
Antiy-AVL 20130203
ByteHero 20130201
CAT-QuickHeal 20130202
ClamAV 20130203
Commtouch 20130202
F-Prot 20130201
Jiangmin 20121221
K7AntiVirus 20130201
Kingsoft 20130131
Microsoft 20130203
nProtect 20130203
PCTools 20130203
SUPERAntiSpyware 20130202
TotalDefense 20130203
VBA32 20130201
ViRobot 20130202
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Packers identified
F-PROT UPX
PEiD UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-01-17 04:22:17
Entry Point 0x00065400
Number of sections 3
PE sections
PE imports
RegCloseKey
VirtualFree
ExitProcess
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
GetProcessImageFileNameA
SHGetSpecialFolderPathA
StrStrIA
InternetOpenA
URLDownloadToFileA
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2013:01:17 05:22:17+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
61440

LinkerVersion
10.0

ImageFileCharacteristics
No relocs, Executable, 32-bit

EntryPoint
0x65400

InitializedDataSize
4096

SubsystemVersion
5.1

ImageVersion
0.0

OSVersion
5.1

UninitializedDataSize
352256

File identification
MD5 1efeb85c8ec2c07dc0517ccca7e8d743
SHA1 5563e4c2987eda056b3f74716c00d3014b9306bc
SHA256 036e4f452041f9d573f851d48d92092060107d9ea32e0c532849d61a598b8a71
ssdeep
768:ZGCOlsTLHcg46+MVjENmeB0hX66PeFo+3mkTr27gPQ1LqgovbBbcrFXEb/VN8CtT:Qqs7ZEey1A34L1LqXb0FXEZt4WY/KCo

authentihash 6b679748c285414d66b81287fe72cb0d22caee0ac720f49d3ec9acb93e289df6
imphash e59476c2f511174da844d6431fd827ff
File size 59.5 KB ( 60928 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID UPX compressed Win32 Executable (38.2%)
Win32 EXE Yoda's Crypter (37.5%)
Win32 Dynamic Link Library (generic) (9.2%)
Win32 Executable (generic) (6.3%)
OS/2 Executable (generic) (2.8%)
Tags
peexe upx via-tor

VirusTotal metadata
First submission 2013-01-22 06:02:14 UTC ( 6 years, 2 months ago )
Last submission 2019-03-14 07:19:32 UTC ( 1 week, 3 days ago )
File names Alina.exe
case3.exe
5563e4c2987eda056b3f74716c00d3014b9306bc
vti-rescan
jucheck.exe
3_4.doc
desktop.exe
9262883
9262884
925c285adfddb4a9c5ca1fd3201e518c57f6d32c
3.4.vir
1efeb85c8ec2c07dc0517ccca7e8d743.exe
adobeflash.exe
3_4.exe
Trojan.Agent.exe
036E4F452041F9D573F851D48D92092060107D9EA32E0C532849D61A598B8A71.exe
3_4.exe
output.9262884.txt
036e4f452041f9d573f851d48d92092060107d9ea32e0c532849d61a598b8a71.exe
malware.exe
java.exe
5563e4c2987eda056b3f74716c00d3014b9306bc_3_4.ex
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!