× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 03bb5be0e6d29420526eb47fbed0558a0c72a9f1b6b41d1dadd280eca4a69f1f
File name: Ticket-064-2011.exe
Detection ratio: 28 / 43
Analysis date: 2011-08-18 00:23:07 UTC ( 2 years, 11 months ago ) View latest
Antivirus Result Update
AVG Win32/Heri 20110817
AhnLab-V3 Downloader/Win32.FraudLoad 20110817
AntiVir TR/Crypt.ZPACK.Gen 20110817
BitDefender Gen:Trojan.Heur.BDT.bqW@b8J!Mvci 20110818
CAT-QuickHeal (Suspicious) - DNAScan 20110817
Commtouch W32/Oficla.AT.gen!Eldorado 20110818
Comodo TrojWare.Win32.Trojan.XPack.~gen1 20110818
DrWeb Trojan.DownLoad2.24758 20110818
Emsisoft Virus.Win32.Heri!IK 20110817
F-Prot W32/Oficla.AT.gen!Eldorado 20110818
F-Secure Gen:Trojan.Heur.BDT.bqW@b8J!Mvci 20110818
Fortinet W32/FraudLoad.OR!tr.dldr 20110818
GData Gen:Trojan.Heur.BDT.bqW@b8J!Mvci 20110818
Ikarus Virus.Win32.Heri 20110817
K7AntiVirus Riskware 20110817
Kaspersky Trojan-Downloader.Win32.FraudLoad.ibu 20110818
McAfee Generic Downloader.ha 20110818
McAfee-GW-Edition Artemis!343449322815 20110817
Microsoft TrojanDownloader:Win32/Chepvil.N 20110817
NOD32 a variant of Win32/Kryptik.RAM 20110818
PCTools Trojan.FakeAV!rem 20110818
Panda Suspicious file 20110817
SUPERAntiSpyware Trojan.Agent/Gen-Downloader 20110817
Sophos Mal/ChepVil-A 20110817
Symantec Trojan.FakeAV 20110818
TrendMicro-HouseCall TROJ_BREDO.LAC 20110818
VBA32 BScope.Dropper.Pij.gen 20110817
VIPRE Trojan.Win32.Generic.pak!cobra 20110818
Antiy-AVL 20110817
Avast 20110817
Avast5 20110817
ClamAV 20110817
Jiangmin 20110817
Norman 20110817
Prevx 20110818
Rising 20110817
TheHacker 20110818
TrendMicro 20110817
ViRobot 20110817
VirusBuster 20110817
eSafe 20110817
eTrust-Vet 20110817
nProtect 20110817
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2011-08-17 05:10:37
Link date 6:10 AM 8/17/2011
Entry Point 0x00001000
Number of sections 4
PE sections
PE imports
AddUsersToEncryptedFile
VirtualProtect
LoadLibraryA
ExitProcess
GetProcAddress
Number of PE resources by type
RT_ICON 4
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 5
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2011:08:17 06:10:37+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
7168

LinkerVersion
8.0

FileAccessDate
2014:03:07 09:25:26+01:00

EntryPoint
0x1000

InitializedDataSize
21504

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

FileCreateDate
2014:03:07 09:25:26+01:00

UninitializedDataSize
0

Compressed bundles
File identification
MD5 3434493228159c393096dee63d8c4f51
SHA1 453b1540dc0dbc2e9925163a9db437040e033de1
SHA256 03bb5be0e6d29420526eb47fbed0558a0c72a9f1b6b41d1dadd280eca4a69f1f
ssdeep
384:gPmTOCEilc+/Gg1v0mVlTN9LdzUpk/LzHpvh4UVx9:gmTDJGSv0mDTN9L9UgtP

imphash 03c8687a3ba19b45fcbbcef951df27f1
File size 29.0 KB ( 29696 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe

VirusTotal metadata
First submission 2011-08-17 08:27:22 UTC ( 2 years, 11 months ago )
Last submission 2014-02-21 17:56:06 UTC ( 4 months, 3 weeks ago )
File names smona131356981765663276091
3434493228159c393096dee63d8c4f51.virus
Copy of Ticket-064-2011.exe
3434493228159c393096dee63d8c4f51.exe
03bb5be0e6d29420526eb47fbed0558a0c72a9f1b6b41d1dadd280eca4a69f1f.bin
ups1.exe
file-2639812_exe
1313608395.Ticket-064-20112.exe
Ticket-064-2011.exe
file
2116183
3434493228159c393096dee63d8c4f51
1233FFA60065A474744300DA7E133200009577AD.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!