× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 046a7fac35a29f66e37193a2048f6a324754df131bad07c21f87fc814d7763f5
File name: 004028859
Detection ratio: 50 / 57
Analysis date: 2015-08-28 17:51:48 UTC ( 2 years, 1 month ago )
Antivirus Result Update
Ad-Aware Trojan.Generic.KDV.647871 20150828
Yandex Worm.AutoRun!tSqW3tx0AYY 20150828
AhnLab-V3 Win-Trojan/Dapato.112096 20150828
ALYac Spyware.Zbot.KB 20150828
Antiy-AVL Trojan[Packed]/Win32.Krap 20150828
Arcabit Trojan.Generic.KDV.D9E2BF 20150828
Avast Win32:Cridex-N [Trj] 20150828
AVG PSW.Generic9.CMJF 20150828
Avira (no cloud) WORM/Cridex.E.5 20150828
AVware Trojan.Win32.Generic!SB.0 20150828
Baidu-International Worm.Win32.Spy.Banker 20150828
BitDefender Trojan.Generic.KDV.647871 20150828
Bkav W32.OnGameWPAIIXUSR.Trojan 20150828
CAT-QuickHeal Trojan.Krap.rw6 20150828
ClamAV Win.Trojan.Agent-826164 20150828
Comodo TrojWare.Win32.Kryptik.UHZ 20150828
Cyren W32/Zbot.DQ.gen!Eldorado 20150828
Emsisoft Trojan.Generic.KDV.647871 (B) 20150828
ESET-NOD32 Win32/AutoRun.Spy.Banker.P 20150828
F-Prot W32/Zbot.DQ.gen!Eldorado 20150828
F-Secure Trojan.Generic.KDV.647871 20150828
Fortinet W32/Dapato.BHXH!tr 20150828
GData Trojan.Generic.KDV.647871 20150828
Ikarus Packer.Win32.Krap 20150828
Jiangmin TrojanDropper.Dapato.ize 20150827
K7AntiVirus P2PWorm ( 003ae9c41 ) 20150828
K7GW P2PWorm ( 003ae9c41 ) 20150828
Kaspersky Trojan-Ransom.Win32.Blocker.hmnq 20150828
Kingsoft Win32.Troj.Dapato.(kcloud) 20150828
Malwarebytes Spyware.Zeus 20150828
McAfee PWS-Zbot.gen.uh 20150828
McAfee-GW-Edition PWS-Zbot.gen.uh 20150828
Microsoft Worm:Win32/Cridex.E 20150828
eScan Trojan.Generic.KDV.647871 20150828
NANO-Antivirus Trojan.Win32.DownLoader6.stlir 20150828
nProtect Trojan/W32.Agent.112096.B 20150828
Panda Generic Malware 20150828
Qihoo-360 Trojan.Generic 20150828
Sophos AV Troj/DwnLdr-KAY 20150828
Symantec W32.Cridex 20150827
Tencent Win32.Trojan.Falsesign.Afhq 20150828
TheHacker Trojan/Dropper.Dapato.bhxh 20150828
TotalDefense Win32/Cridex.BA 20150828
TrendMicro TROJ_KRYPTIK.MIC 20150828
TrendMicro-HouseCall TROJ_KRYPTIK.MIC 20150828
VBA32 BScope.Malware-Cryptor.SB.01798 20150828
VIPRE Trojan.Win32.Generic!SB.0 20150828
ViRobot Dropper.A.Dapato.112096[h] 20150828
Zillya Dropper.Dapato.Win32.10107 20150828
Zoner I-Worm.AutoRun.Banker.P 20150828
AegisLab 20150828
Alibaba 20150828
ByteHero 20150828
CMC 20150827
DrWeb 20150828
Rising 20150826
SUPERAntiSpyware 20150826
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Publisher Eay0
Signature verification A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.
Signers
[+] Eay0
Status A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.
Issuer None
Valid from 8:20 AM 6/9/2012
Valid to 12:59 AM 1/1/2040
Valid usage Code Signing
Algorithm SHA1
Thumbprint FB331E534846057A0881593EC4ED4D548BAED00D
Serial number 3E 30 9F 2E 56 A8 14 94 41 10 A1 EE 46 DC 47 BE
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-06-12 06:01:32
Entry Point 0x000015E0
Number of sections 6
PE sections
Overlays
MD5 27a9fc121dda2c8f6c60fd6aa92a8780
File type data
Offset 111104
Size 992
Entropy 6.98
PE imports
TextOutA
SelectObject
GetTextMetricsA
GetStockObject
SetBkMode
GetWindowsDirectoryW
LoadLibraryW
CreateFileW
ReadFile
GetCommandLineA
GetProcAddress
lstrcatW
ReleaseDC
CreateWindowExA
LoadCursorA
LoadIconA
UpdateWindow
DispatchMessageA
BeginPaint
TranslateMessage
PostQuitMessage
DefWindowProcA
ShowWindow
RegisterClassExA
GetMessageA
GetDC
InvalidateRect
Number of PE resources by type
RT_STRING 3
RT_ICON 2
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 6
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2012:06:12 07:01:32+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
23040

LinkerVersion
2.5

FileTypeExtension
exe

InitializedDataSize
87552

SubsystemVersion
4.0

EntryPoint
0x15e0

OSVersion
4.0

ImageVersion
0.0

UninitializedDataSize
0

Compressed bundles
File identification
MD5 734aadd62d0662256a65510271d40048
SHA1 67e9c32c97b47e058aeee928c4cdc28773883b90
SHA256 046a7fac35a29f66e37193a2048f6a324754df131bad07c21f87fc814d7763f5
ssdeep
1536:vTraAg6weVtDASIUh5gOH3u17bZP16DwpyLJrnlIsyI:vvX6Y5jMbzByBIzI

authentihash 8509b4f3309278adc802a1702c0921ac4c295864a5e6cfe11ccd7d636724ff25
imphash 5cc5f65225f24f0f8c6c7c1da0c021f1
File size 109.5 KB ( 112096 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ 4.x (88.6%)
Win32 Dynamic Link Library (generic) (4.3%)
Win32 Executable (generic) (2.9%)
Win16/32 Executable Delphi generic (1.3%)
Generic Win/DOS Executable (1.3%)
Tags
peexe signed overlay

VirusTotal metadata
First submission 2012-06-12 08:23:41 UTC ( 5 years, 4 months ago )
Last submission 2015-06-12 08:58:53 UTC ( 2 years, 4 months ago )
File names 182b5-eDI6dn
KB01148523.exe
vti-rescan
004028859
182b5.EXE
"calc.exe"
47E9A414E04FECF8B52A010E05F1BE00BAF66BCA.exe
734aadd62d0662256a65510271d40048
"contacts.exe"
readme.exe
168-734AADD62D0662256A65510271D40048_103-readme.exe
182b5
046a7fac35a29f66e37193a2048f6a324754df131bad07c21f87fc814d7763f5.bin
KB00698548.xe
WL-98552070892aab074e58272ebe1ca21d-0
734AADD62D0662256A65510271D40048_103-readme.exe
file-4095128_
734aadd62d0662256a65510271d40048.malware
KB00565190.exe
output.1666019.txt
1666019
734aadd62d0662256a65510271d40048
046a7fac35a29f66e37193a2048f6a324754df131bad07c21f87fc814d7763f5
u1206a.exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!