× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 06b088b81c4dfe7d0fe2e50df0b803d310a1aecb0dfed6b76bb937aefa32efbb
File name: aa
Detection ratio: 35 / 40
Analysis date: 2010-06-15 15:41:58 UTC ( 8 years, 7 months ago )
Antivirus Result Update
a-squared Trojan.Win32.Koblu!IK 20100615
AhnLab-V3 Trojan/Win32.Koblu 20100615
AntiVir TR/Koblu.dfu 20100615
Antiy-AVL Trojan/Win32.Koblu.gen 20100611
Avast Win32:Refpron-BC 20100615
Avast5 Win32:Refpron-BC 20100615
AVG Generic18.GKT 20100615
BitDefender Trojan.Generic.KD.11140 20100615
CAT-QuickHeal Trojan.Koblu.dfu 20100615
Comodo TrojWare.Win32.Koblu.D 20100615
DrWeb Trojan.Siggen.64418 20100615
eSafe Win32.Refpron.Q 20100615
eTrust-Vet Win32/Refpron.RJ 20100615
F-Secure Trojan.Generic.KD.11140 20100615
Fortinet W32/REFPRON.E!tr 20100615
GData Trojan.Generic.KD.11140 20100615
Ikarus Trojan.Win32.Koblu 20100615
Jiangmin Trojan/Koblu.wn 20100615
Kaspersky Trojan.Win32.Koblu.dfu 20100615
McAfee Refpron.gen.q 20100615
McAfee-GW-Edition Refpron.gen.q 20100615
NOD32 Win32/Refpron.IQ 20100615
Norman W32/Refpron.CNZ 20100615
nProtect Trojan/W32.Small.33280.T 20100615
Panda Trj/Refpron.D 20100614
PCTools Trojan.Gen 20100615
Sophos AV Mal/Refpron-E 20100615
Sunbelt VirTool.Win32.DelfInject.gen!AA (v) 20100615
Symantec Trojan.Gen 20100615
TheHacker Trojan/Koblu.dfu 20100614
TrendMicro TROJ_KOBLU.AA 20100615
TrendMicro-HouseCall TROJ_KOBLU.AA 20100615
VBA32 Trojan.Win32.Koblu.dfu 20100615
ViRobot Trojan.Win32.Koblu.33280.E 20100615
VirusBuster Trojan.Koblu.CQD 20100615
Authentium 20100615
ClamAV 20100615
F-Prot 20100614
Microsoft 20100615
Rising 20100613
The file being studied is a Portable Executable file! More specifically, it is a unknown file.
PE header basic information
Number of sections 8
PE sections
PE imports
GetCurrentThreadId
MultiByteToWideChar
ExitProcess
UnhandledExceptionFilter
RtlUnwind
RaiseException
TlsSetValue
TlsGetValue
LocalAlloc
GetModuleHandleA
FreeLibrary
HeapFree
HeapReAlloc
HeapAlloc
GetProcessHeap
LoadLibraryW
GetProcAddress
SysFreeString
SysAllocStringLen
File identification
MD5 978610ceb1ba299c175f27b3c8284f2b
SHA1 22d02c819aa6b07296f610333bde919e55e85fbb
SHA256 06b088b81c4dfe7d0fe2e50df0b803d310a1aecb0dfed6b76bb937aefa32efbb
ssdeep
384:lXg/kU4gCM/4W1+03iDqb8ryOZfmz09H7aR4ADz6WMiW8xP1SPo2nRfs38L0+B:dpg1vudryPTDVxtStnVsML

File size 32.5 KB ( 33280 bytes )
File type unknown
Magic literal

TrID Win32 Executable Borland Delphi 6 (92.2%)
Win32 Executable Generic (2.9%)
Win32 Dynamic Link Library (generic) (2.6%)
Win16/32 Executable Delphi generic (0.7%)
Generic Win/DOS Executable (0.7%)
VirusTotal metadata
First submission 2010-05-11 06:45:32 UTC ( 8 years, 8 months ago )
Last submission 2010-06-15 15:41:58 UTC ( 8 years, 7 months ago )
File names 5GLx_RpY.ocx
aa
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!