× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 0a5606ffe4c85e364ad921994b3560bab23f4776afaef65d05b6d0b9eef4511c
File name: unp314571.tmp
Detection ratio: 52 / 57
Analysis date: 2015-01-23 07:30:20 UTC ( 6 months, 1 week ago )
Antivirus Result Update
ALYac Gen:Variant.Unruy.5 20150123
AVG Generic_r.LC 20150123
AVware Trojan-Downloader.Win32.Unruy.q (v) 20150123
Ad-Aware Gen:Variant.Unruy.5 20150123
Agnitum Trojan.DL.Unruy.Gen.4 20150122
AhnLab-V3 Backdoor/Win32.Banito 20150122
Antiy-AVL Trojan[:HEUR]/Win32.Unknown 20150123
Avast Win32:Unruy-B [Trj] 20150123
Avira TR/Dldr.Unruy.qak 20150123
Baidu-International Trojan.Win32.Kryptik.bAJLF 20150122
BitDefender Gen:Variant.Unruy.5 20150123
Bkav W32.RelpaceFileExeVs6.Worm 20150122
CAT-QuickHeal TrojanDownloader.Unruy.Q 20150123
CMC Backdoor.Win32.Banito!O 20150120
ClamAV Win.Trojan.Unruy-677 20150123
Comodo TrojWare.Win32.TrojanClicker.Cycler.CP 20150123
Cyren W32/Unruy.H.gen!Eldorado 20150123
DrWeb BackDoor.Bandito.1079 20150123
ESET-NOD32 a variant of Win32/Kryptik.AJLF 20150123
Emsisoft Gen:Variant.Unruy.5 (B) 20150123
F-Prot W32/Unruy.H.gen!Eldorado 20150123
F-Secure Gen:Variant.Unruy.5 20150123
Fortinet W32/Obfucusted.AAAA!tr 20150121
GData Gen:Variant.Unruy.5 20150123
Ikarus Backdoor.Win32.Banito 20150123
Jiangmin Backdoor/Banito.zj 20150122
K7AntiVirus Riskware ( 0040eff71 ) 20150123
K7GW Riskware ( 0040eff71 ) 20150123
Kaspersky HEUR:Trojan.Win32.Generic 20150123
Kingsoft Win32.AtInfect.lx.250891 20150123
Malwarebytes Trojan.Downloader 20150123
McAfee Generic Downloader.jn 20150123
McAfee-GW-Edition BehavesLike.Win32.Mabezat.dh 20150123
MicroWorld-eScan Gen:Variant.Unruy.5 20150123
Microsoft TrojanDownloader:Win32/Unruy.Q 20150123
NANO-Antivirus Trojan.Win32.Renamer.lloxl 20150123
Norman Unruy.AA 20150123
Qihoo-360 Virus.Win32.Banito.CK 20150123
Rising PE:Trojan.Win32.Fednu.syt!1075348209 20150122
SUPERAntiSpyware Trojan.Agent/Gen-Banito 20150123
Sophos Troj/Dloadr-DJH 20150123
Symantec Trojan.ADH 20150123
Tencent Trojan.Win32.Downloader.tpq 20150123
TheHacker Backdoor/Banito.dvw 20150123
TotalDefense Win32/Unruy.AFF!genus 20150122
TrendMicro TROJ_UNRUY.SMP1 20150123
TrendMicro-HouseCall TROJ_UNRUY.SMP1 20150123
VBA32 Trojan.TE.01527 20150122
VIPRE Trojan-Downloader.Win32.Unruy.q (v) 20150123
ViRobot Backdoor.Win32.A.Banito.274136[h] 20150123
Zillya Backdoor.Banito.Win32.5630 20150122
nProtect Backdoor/W32.Banito.275883 20150122
AegisLab 20150123
Alibaba 20150120
ByteHero 20150123
Panda 20150122
Zoner 20150121
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
PEiD Armadillo v1.71
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2011-06-18 10:29:12
Link date 11:29 AM 6/18/2011
Entry Point 0x000344B6
Number of sections 4
PE sections
PE imports
SetPaletteEntries
CreateRectRgn
GetBkMode
IntersectClipRect
GetClipBox
CreateDIBSection
CreateCompatibleDC
RealizePalette
GetStartupInfoA
LoadLibraryA
GetModuleHandleA
GetProcAddress
_purecall
__p__fmode
_acmdln
_ftol
__dllonexit
_except_handler3
??2@YAPAXI@Z
_onexit
exit
_XcptFilter
??1type_info@@UAE@XZ
__setusermatherr
__p__commode
__CxxFrameHandler
_CxxThrowException
_adjust_fdiv
??3@YAXPAX@Z
__getmainargs
_exit
_initterm
_controlfp
__set_app_type
Number of PE resources by type
RT_BITMAP 1
RT_ICON 1
RT_GROUP_ICON 1
Number of PE resources by language
CHINESE SIMPLIFIED 3
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2011:06:18 11:29:12+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
221184

LinkerVersion
6.0

FileAccessDate
2015:01:23 08:30:29+01:00

EntryPoint
0x344b6

InitializedDataSize
40960

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

FileCreateDate
2015:01:23 08:30:29+01:00

UninitializedDataSize
0

Compressed bundles
File identification
MD5 172aed81c4fde1cf23f1615acedfad65
SHA1 c47faf863fd93a310408848f829090f4e783e74c
SHA256 0a5606ffe4c85e364ad921994b3560bab23f4776afaef65d05b6d0b9eef4511c
ssdeep
6144:zBWUV+ziUcC3h8W9w4oeDee9EBas3FIxbR+d+9zY7/IKabv1mtTBw2D:1WUGxQ+9EbIz1mtTJ

authentihash 8a5946ecb521a65666166391d2525fe5e81fdaf34c6ccbad74c87fecf50e6a07
imphash ac11580f07cf28764a1c222ddc40ef16
File size 269.4 KB ( 275883 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (64.6%)
Win32 Dynamic Link Library (generic) (15.3%)
Win32 Executable (generic) (10.5%)
Generic Win/DOS Executable (4.6%)
DOS Executable Generic (4.6%)
Tags
peexe armadillo

VirusTotal metadata
First submission 2011-09-19 00:57:06 UTC ( 3 years, 10 months ago )
Last submission 2015-01-23 07:30:20 UTC ( 6 months, 1 week ago )
File names challenge.bad
file-5048463_ex_
virus.exe
challenge.exe
172aed81c4fde1cf23f1615acedfad65
unp314571.tmp
challenge.ex_
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!