× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 0690c9d963fec6373f0b9260130d50be7a34a01b59d9389327a9765fb1d6045b
File name: 7a9691d46bb010cb533c6d7fb26e92d5
Detection ratio: 35 / 44
Analysis date: 2011-09-03 17:11:49 UTC ( 5 years, 9 months ago ) View latest
Antivirus Result Update
AhnLab-V3 Win-Trojan/Xema.variant 20110903
AntiVir TR/Rootkit.Gen 20110902
Antiy-AVL Trojan/Win32.Agent.gen 20110903
Avast Win32:Agent-ENT [Rtk] 20110902
Avast5 Win32:Agent-ENT [Rtk] 20110902
AVG BackDoor.Generic4.NNN 20110903
BitDefender Trojan.NTRootK.BC 20110903
Commtouch W32/Rootkit.KR 20110903
Comodo TrojWare.Win32.Rootkit.Agent.DG 20110903
DrWeb Trojan.NtRootKit.552 20110903
Emsisoft Rootkit.Win32.Agent.dg!IK 20110903
F-Prot W32/Rootkit.KR 20110903
F-Secure Trojan.NTRootK.BC 20110903
Fortinet W32/NTRootK.BC!tr 20110903
GData Trojan.NTRootK.BC 20110903
Ikarus Rootkit.Win32.Agent.dg 20110903
Jiangmin Rootkit.Vanti.bpd 20110903
K7AntiVirus Riskware 20110902
Kaspersky Rootkit.Win32.Agent.dg 20110903
McAfee PWS-Gogo.sys 20110903
McAfee-GW-Edition PWS-Gogo.sys 20110902
Microsoft VirTool:WinNT/Rootkitdrv.CD 20110903
NOD32 Win32/Rootkit.Agent.DG 20110903
Norman W32/Rootkit.RX 20110903
nProtect Trojan/W32.Rootkit.20153 20110903
Panda Rootkit/Gogo.A 20110903
PCTools Hacktool.Rootkit 20110903
Rising Trojan.Win32.Generic.122F7E01 20110830
Sophos Troj/NTRootK-BC 20110903
Symantec Hacktool.Rootkit 20110903
TheHacker Trojan/Agent.dg 20110903
TrendMicro TROJ_AGENT.AWUU 20110903
TrendMicro-HouseCall TROJ_AGENT.AWUU 20110903
VIPRE Rootkit.Win32.Agent.dg 20110903
VirusBuster Trojan.NTRootkit!mrv8m1JV0q8 20110903
ByteHero 20110822
CAT-QuickHeal 20110903
ClamAV 20110902
eSafe 20110901
eTrust-Vet 20110902
Prevx 20110903
SUPERAntiSpyware 20110903
VBA32 20110902
ViRobot 20110903
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Native subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2006-05-17 08:49:38
Entry Point 0x0000038F
Number of sections 5
PE sections
PE imports
KfLowerIrql
KeRaiseIrqlToDpcLevel
strncmp
RtlInitUnicodeString
PsLookupProcessByProcessId
ZwCreateFile
_wcsnicmp
_stricmp
_wcslwr
swprintf
ZwEnumerateKey
wcsrchr
IoDriverObjectType
strncpy
_except_handler3
DbgPrint
IoCreateDevice
MmProbeAndLockPages
ObReferenceObjectByName
wcslen
IoDeleteDevice
IoGetCurrentProcess
PsSetCreateProcessNotifyRoutine
ExFreePool
ZwMapViewOfSection
ExAllocatePoolWithTag
KeServiceDescriptorTable
_wcsicmp
IofCompleteRequest
NtBuildNumber
IoDeleteSymbolicLink
wcsncpy
ZwQueryValueKey
ObfDereferenceObject
ZwUnmapViewOfSection
ZwOpenKey
IoAllocateMdl
IoCreateSymbolicLink
wcscpy
ZwSetValueKey
MmIsAddressValid
ZwCreateSection
wcsstr
wcsncmp
ZwClose
IoFreeMdl
MmUnlockPages
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Native

MachineType
Intel 386 or later, and compatibles

TimeStamp
2006:05:17 09:49:38+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
11584

LinkerVersion
5.12

FileAccessDate
2014:03:25 08:54:47+01:00

EntryPoint
0x038f

InitializedDataSize
7104

SubsystemVersion
5.0

ImageVersion
5.0

OSVersion
5.0

FileCreateDate
2014:03:25 08:54:47+01:00

UninitializedDataSize
0

File identification
MD5 7a9691d46bb010cb533c6d7fb26e92d5
SHA1 842291359bba140052909c1ec3f11bf58709d84f
SHA256 0690c9d963fec6373f0b9260130d50be7a34a01b59d9389327a9765fb1d6045b
ssdeep
384:sia9Uyo0qwbAvYiEW8LFXteAm1zk3fOX9C:sia9LMvYiqcnEyC

imphash 1881cbf48dc1acd1550e6ac95fe5bf93
File size 19.7 KB ( 20153 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (native) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe native

VirusTotal metadata
First submission 2007-01-10 20:23:47 UTC ( 10 years, 5 months ago )
Last submission 2014-03-25 07:50:07 UTC ( 3 years, 3 months ago )
File names 7A9691D46BB010CB533C6D7FB26E92D5
aa
7a9691d46bb010cb533c6d7fb26e92d5
VideoAti0.sys
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!