× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 0ccc0fa74b365d3416adf608c651350960dc1a6014d2023c6474efe4bf439813
File name: 2.exe
Detection ratio: 21 / 48
Analysis date: 2013-12-10 00:00:05 UTC ( 4 months, 1 week ago )
Antivirus Result Update
AVG Generic35.ANPN 20131209
Agnitum Trojan.Sharik!cUYbwWex8nY 20131209
AhnLab-V3 Trojan/Win32.ZAccess 20131209
AntiVir TR/Sharik.qtt 20131210
Avast Win32:Malware-gen 20131210
Baidu-International Trojan.Win32.Sharik.aeU 20131209
ESET-NOD32 a variant of Generik.JPTNNXS 20131209
Fortinet W32/Sharik.JPTNNXS!tr 20131210
GData Win32.Trojan.Agent.4S61BS 20131210
Ikarus Trojan.Win32.Sharik 20131209
K7AntiVirus Trojan ( 00490aa91 ) 20131209
K7GW Trojan ( 00490aa91 ) 20131209
Kaspersky Trojan.Win32.Sharik.qtt 20131210
Malwarebytes Trojan.Agent 20131209
McAfee RDN/Generic.dx!c2n 20131210
McAfee-GW-Edition Artemis!C29AFAF8B49E 20131209
Norman Troj_Generic.ROPKE 20131209
Panda Suspicious file 20131209
Sophos Mal/Generic-S 20131210
TrendMicro-HouseCall TROJ_GEN.R0CBB01L613 20131209
VIPRE Trojan.Win32.Generic!BT 20131210
Ad-Aware 20131210
Antiy-AVL 20131209
BitDefender 20131210
Bkav 20131209
ByteHero 20131127
CAT-QuickHeal 20131209
ClamAV 20131209
Commtouch 20131209
Comodo 20131209
DrWeb 20131210
Emsisoft 20131210
F-Prot 20131210
F-Secure 20131209
Jiangmin 20131209
Kingsoft 20130829
MicroWorld-eScan 20131210
Microsoft 20131209
NANO-Antivirus 20131209
Rising 20131209
SUPERAntiSpyware 20131209
Symantec 20131210
TheHacker 20131209
TotalDefense 20131209
TrendMicro 20131210
VBA32 20131209
ViRobot 20131209
nProtect 20131209
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-12-02 18:36:18
Entry Point 0x00001000
Number of sections 6
PE sections
PE imports
IsWow64Process
GetLastError
GetCurrentProcess
ExitProcess
GetModuleHandleA
MessageBoxA
CreateWindowExA
GetScrollPos
Number of PE resources by type
RT_ICON 1
RT_GROUP_ICON 1
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 3
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2013:12:02 19:36:18+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
512

LinkerVersion
1.7

EntryPoint
0x1000

InitializedDataSize
30208

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
1.0

UninitializedDataSize
0

File identification
MD5 c29afaf8b49e40696fb0d1546f2d18b4
SHA1 186ca334c46c32d41a33069d78963882c41b9c7e
SHA256 0ccc0fa74b365d3416adf608c651350960dc1a6014d2023c6474efe4bf439813
ssdeep
384:aWenIGhBPE+vM2lh7FEnPscX1rGFXLBG+vwEnKL7eVaPU:aoqBHhREkcQ9LBlYfAaP

File size 31.0 KB ( 31744 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (72.2%)
Win32 Executable (generic) (11.7%)
Win16/32 Executable Delphi generic (5.4%)
Generic Win/DOS Executable (5.2%)
DOS Executable Generic (5.2%)
Tags
peexe

VirusTotal metadata
First submission 2013-12-02 20:11:27 UTC ( 4 months, 2 weeks ago )
Last submission 2013-12-10 00:00:05 UTC ( 4 months, 1 week ago )
File names gvtfifjh.exe
vt-upload-wUySS
2.exe
Advanced heuristic and reputation engines
ClamAV PUA
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: http://www.clamav.net/index.php?s=pua&lang=en .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!