× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 0a5606ffe4c85e364ad921994b3560bab23f4776afaef65d05b6d0b9eef4511c
File name: challenge.exe
Detection ratio: 48 / 50
Analysis date: 2014-03-13 13:01:39 UTC ( 1 month ago )
Antivirus Result Update
AVG BackDoor.Generic14.IFV 20140312
Ad-Aware Trojan.Generic.6445764 20140313
Agnitum Trojan.DL.Unruy.Gen.4 20140312
AhnLab-V3 Backdoor/Win32.Banito 20140313
AntiVir TR/Dldr.Unruy.qak 20140313
Antiy-AVL Trojan[:HEUR]/Win32.Unknown 20140311
Avast Win32:Unruy-B [Trj] 20140313
Baidu-International Trojan.Win32.Generic.AA 20140313
BitDefender Trojan.Generic.6445764 20140313
Bkav W32.RelpaceFileExeVs6.Worm 20140313
CAT-QuickHeal TrojanDownloader.Unruy.Q 20140313
CMC Backdoor.Win32.Banito!O 20140313
ClamAV Win.Trojan.Unruy-677 20140312
Commtouch W32/Unruy.H.gen!Eldorado 20140313
Comodo TrojWare.Win32.TrojanClicker.Cycler.CP 20140313
DrWeb BackDoor.Bandito.1079 20140313
ESET-NOD32 a variant of Win32/Kryptik.AJLF 20140313
Emsisoft Trojan.Generic.6445764 (B) 20140313
F-Prot W32/Unruy.H.gen!Eldorado 20140313
F-Secure Trojan.Generic.6445764 20140313
Fortinet W32/Obfucusted.AAAA!tr 20140313
GData Trojan.Generic.6445764 20140313
Ikarus Backdoor.Win32.Banito 20140313
Jiangmin Backdoor/Banito.zj 20140313
K7AntiVirus Riskware ( 1e3644820 ) 20140312
K7GW Riskware ( 0040eff71 ) 20140312
Kaspersky HEUR:Trojan.Win32.Generic 20140313
Kingsoft Win32.AtInfect.lx.250891 20140313
Malwarebytes Trojan.Downloader 20140313
McAfee Generic Downloader.jn 20140313
McAfee-GW-Edition Generic Downloader.jn 20140313
MicroWorld-eScan Trojan.Generic.6445764 20140313
Microsoft TrojanDownloader:Win32/Unruy.Q 20140313
NANO-Antivirus Trojan.Win32.Renamer.lloxl 20140313
Norman Unruy.AA 20140313
Panda Trj/Genetic.gen 20140313
Qihoo-360 Virus.Win32.Banito.CK 20140313
Rising PE:Trojan.Win32.Fednu.syt!1075348209 20140313
Sophos Troj/Dloadr-DJH 20140313
Symantec Trojan.ADH 20140313
TheHacker Backdoor/Banito.dvw 20140312
TotalDefense Win32/Unruy.AFF!genus 20140313
TrendMicro TROJ_UNRUY.SMP1 20140313
TrendMicro-HouseCall TROJ_UNRUY.SMP1 20140313
VBA32 Trojan.TE.01527 20140313
VIPRE Trojan-Downloader.Win32.Unruy.q (v) 20140313
ViRobot Backdoor.Win32.A.Banito.274136 20140313
nProtect Backdoor/W32.Banito.275883 20140313
ByteHero 20140313
SUPERAntiSpyware 20140313
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
PEiD Armadillo v1.71
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2011-06-18 10:29:12
Link date 11:29 AM 6/18/2011
Entry Point 0x000344B6
Number of sections 4
PE sections
PE imports
SetPaletteEntries
CreateRectRgn
GetBkMode
IntersectClipRect
GetClipBox
CreateDIBSection
CreateCompatibleDC
RealizePalette
GetStartupInfoA
LoadLibraryA
GetModuleHandleA
GetProcAddress
_purecall
__p__fmode
_acmdln
_ftol
__dllonexit
_except_handler3
??2@YAPAXI@Z
_onexit
exit
_XcptFilter
??1type_info@@UAE@XZ
__setusermatherr
__p__commode
__CxxFrameHandler
_CxxThrowException
_adjust_fdiv
??3@YAXPAX@Z
__getmainargs
_exit
_initterm
_controlfp
__set_app_type
Number of PE resources by type
RT_BITMAP 1
RT_ICON 1
RT_GROUP_ICON 1
Number of PE resources by language
CHINESE SIMPLIFIED 3
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2011:06:18 11:29:12+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
221184

LinkerVersion
6.0

FileAccessDate
2014:03:13 14:01:54+01:00

EntryPoint
0x344b6

InitializedDataSize
40960

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

FileCreateDate
2014:03:13 14:01:54+01:00

UninitializedDataSize
0

Compressed bundles
File identification
MD5 172aed81c4fde1cf23f1615acedfad65
SHA1 c47faf863fd93a310408848f829090f4e783e74c
SHA256 0a5606ffe4c85e364ad921994b3560bab23f4776afaef65d05b6d0b9eef4511c
ssdeep
6144:zBWUV+ziUcC3h8W9w4oeDee9EBas3FIxbR+d+9zY7/IKabv1mtTBw2D:1WUGxQ+9EbIz1mtTJ

imphash ac11580f07cf28764a1c222ddc40ef16
File size 269.4 KB ( 275883 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (64.6%)
Win32 Dynamic Link Library (generic) (15.3%)
Win32 Executable (generic) (10.5%)
Generic Win/DOS Executable (4.6%)
DOS Executable Generic (4.6%)
Tags
peexe armadillo

VirusTotal metadata
First submission 2011-09-19 00:57:06 UTC ( 2 years, 7 months ago )
Last submission 2014-02-05 14:20:40 UTC ( 2 months, 1 week ago )
File names challenge.exe
file-5048463_ex_
challenge.ex_
challenge.bad
172aed81c4fde1cf23f1615acedfad65
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!