× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 09d10ae0f763e91982e1c276aad0b26a575840ad986b8f53553a4ea0a948200f
File name: hi.exe
Detection ratio: 28 / 42
Analysis date: 2012-08-27 08:10:31 UTC ( 5 years, 10 months ago ) View latest
Antivirus Result Update
AhnLab-V3 Win-Trojan/Poison.16898 20120826
AntiVir TR/Spy.16896.281 20120827
Antiy-AVL Trojan/Win32.Agent.gen 20120827
Avast Win32:Malware-gen 20120827
AVG Worm/Koobface.AU 20120826
BitDefender Gen:Trojan.Heur.FU.bqW@a4uT4@bb 20120827
Comodo UnclassifiedMalware 20120827
Emsisoft Virus.Worm.Koobface!IK 20120827
ESET-NOD32 Win32/Poison.NHM 20120826
F-Secure Gen:Trojan.Heur.FU.bqW@a4uT4@bb 20120827
Fortinet W32/Agent.TKQL!tr 20120827
GData Gen:Trojan.Heur.FU.bqW@a4uT4@bb 20120827
Ikarus Virus.Worm.Koobface 20120827
Jiangmin Trojan/Agent.ddsv 20120827
K7AntiVirus Trojan 20120825
Kaspersky Trojan.Win32.Agent.tkql 20120827
McAfee Generic PWS.y!1ij 20120827
McAfee-GW-Edition Generic PWS.y!1ij 20120827
Microsoft Backdoor:Win32/Poison.E 20120827
nProtect Trojan/W32.Agent.16896.HY 20120827
Rising Trojan.Win32.Generic.12F280AA 20120827
Sophos AV Troj/Agent-XNE 20120827
TheHacker Trojan/Agent.fxtq 20120826
TrendMicro BKDR_POISON.BLW 20120827
TrendMicro-HouseCall BKDR_POISON.BLW 20120827
VBA32 Trojan-PSW.Win32.Nilage 20120824
VIPRE Trojan.Win32.Generic!BT 20120826
ViRobot Trojan.Win32.A.Agent.16896.F 20120827
ByteHero 20120820
CAT-QuickHeal 20120827
ClamAV 20120827
Commtouch 20120827
DrWeb 20120827
eSafe 20120826
F-Prot 20120827
Norman 20120826
Panda 20120826
PCTools 20120827
SUPERAntiSpyware 20120826
Symantec 20120827
TotalDefense 20120826
VirusBuster 20120826
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2009-05-31 01:06:36
Entry Point 0x000017EC
Number of sections 4
PE sections
PE imports
_wcsicmp
memset
_strcmpi
strcat
sprintf
memcpy
GetModuleInformation
Number of PE resources by type
DLL 1
Number of PE resources by language
CHINESE SIMPLIFIED 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2009:05:31 02:06:36+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
3072

LinkerVersion
6.0

EntryPoint
0x17ec

InitializedDataSize
12800

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

PCAP parents
File identification
MD5 4a55bf1448262bf71707eef7fc168f7d
SHA1 2f695367e5a694681c33f3840c11815230306c03
SHA256 09d10ae0f763e91982e1c276aad0b26a575840ad986b8f53553a4ea0a948200f
ssdeep
384:vEkzApEOSzeO7pCdf2R4yAxuexCYZpnfWD6/W:crKOSzxpCdORfIXZ

authentihash 6bbb875f5370994b033782a2421838aa3fa6914e9e42c15400072cb5308bd5a0
imphash 8cab1ae4eceddbe4707b623a89eded54
File size 16.5 KB ( 16896 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2012-08-23 20:26:18 UTC ( 5 years, 11 months ago )
Last submission 2018-04-25 14:36:31 UTC ( 2 months, 3 weeks ago )
File names 2f695367e5a694681c33f3840c11815230306c03.exe
4a55bf1448262bf71707eef7fc168f7d.jar
file-4423527_exe
output.2136621.txt
2136621
Flash_update.exe
vti-rescan
file
hi.exe
4-9-4_1.hi.exe.malware
4a55bf1448262bf71707eef7fc168f7d.virus
4a55bf1448262bf71707eef7fc168f7d
4A55BF1448262BF71707EEF7FC168F7D
1346083285.hi.exe
hi.exe1
4a55bf1448262bf71707eef7fc168f7d.exe
update.exe
Flash_update.ex
4A55BF1448262BF71707EEF7FC168F7D.bin
09d10ae0f763e91982e1c276aad0b26a575840ad986b8f53553a4ea0a948200f
16896_4a55bf1448262bf71707eef7fc168f7d.exe
3ab630e62af15dcb6a90af646d383a2ab0332688
hi.exe
hi.exe.octet-stream
hi.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Moved files
Deleted files
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
DNS requests
TCP connections
UDP communications