× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 0e5c0381d38c412e64cd4c75d42f8f8df91b4255da6264439949ba2d595a83df
File name: dpn4.txt-xd8PyC
Detection ratio: 39 / 44
Analysis date: 2013-02-26 14:54:12 UTC ( 6 years, 2 months ago )
Antivirus Result Update
Yandex Backdoor.VB!fA1uLSOYhA4 20130226
AntiVir TR/Dropper.Gen 20130227
Avast Win32:VB-QQH [Trj] 20130227
AVG BackDoor.VB.KIR 20130226
BitDefender Trojan.Generic.4682862 20130227
CAT-QuickHeal Backdoor.VB.lvn 20130227
Commtouch W32/MalwareS.BHTV 20130226
Comodo TrojWare.Win32.Trojan.Agent.Gen 20130227
DrWeb Trojan.Siggen1.30509 20130227
Emsisoft Trojan.Generic.4682862 (B) 20130227
ESET-NOD32 Win32/VB.PAM 20130226
F-Prot W32/MalwareS.BHTV 20130226
F-Secure Trojan.Generic.4682862 20130226
Fortinet W32/VB.PWQ!tr 20130227
GData Trojan.Generic.4682862 20130227
Ikarus Backdoor.Win32.VB 20130226
Jiangmin Backdoor/VB.jkn 20130226
K7AntiVirus Riskware 20130226
Kaspersky Backdoor.Win32.VB.lvn 20130226
Kingsoft Win32.Troj.Generic.kd.(kcloud) 20130225
Malwarebytes Spyware.Passwords 20130227
McAfee Artemis!CE48C3C03AA8 20130227
McAfee-GW-Edition Heuristic.BehavesLike.Win32.Downloader.A 20130227
Microsoft Trojan:Win32/Kimejkay.B 20130226
eScan Trojan.Generic.4682862 20130227
Norman VBDoor.XQB 20130226
nProtect Backdoor/W32.Agent.41472.AC 20130226
Panda Trj/Downloader.XSI 20130226
PCTools Backdoor.Trojan 20130225
Sophos AV Troj/VBAgent-G 20130227
SUPERAntiSpyware Trojan.Agent/Gen 20130227
Symantec Backdoor.Trojan 20130227
TheHacker Posible_Worm32 20130226
TotalDefense Win32/GoBacker.GT 20130226
TrendMicro TROJ_VB.SMIR 20130227
TrendMicro-HouseCall TROJ_GEN.F47V0107 20130227
VBA32 Trojan.VBRA.07196 20130226
VIPRE Backdoor.Win32.VB.lvn (v) 20130227
ViRobot Backdoor.Win32.VB.45568.D 20130227
Antiy-AVL 20130226
ByteHero 20130221
ClamAV 20130227
NANO-Antivirus 20130227
Rising 20130227
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
PEiD UPX 2.93 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2010-06-29 11:33:39
Entry Point 0x00031FB0
Number of sections 3
PE sections
PE imports
VirtualFree
ExitProcess
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
Ord(546)
Number of PE resources by type
3 1
Number of PE resources by language
NEUTRAL 1
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2010:06:29 12:33:39+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
40960

LinkerVersion
6.0

EntryPoint
0x31fb0

InitializedDataSize
4096

SubsystemVersion
4.0

ImageVersion
1.1

OSVersion
4.0

UninitializedDataSize
163840

File identification
MD5 ce48c3c03aa847ca3028436600d37415
SHA1 50236d6e8a3f82e96c34f6eab35753b8276536e8
SHA256 0e5c0381d38c412e64cd4c75d42f8f8df91b4255da6264439949ba2d595a83df
ssdeep
768:bVS7w7A0Kn1Jz1F1IpX4aa4vdh65tbmbzM1bgZvi63xnbcuyD7U:E7w7jX4aZvdhitiXMJg9i63xnouy8

File size 40.5 KB ( 41472 bytes )
File type Win32 EXE
Magic literal
MS-DOS executable PE for MS Windows (GUI) Intel 80386 32-bit, UPX compressed

TrID UPX compressed Win32 Executable (39.5%)
Win32 EXE Yoda's Crypter (34.3%)
Win32 Executable Generic (11.0%)
Win32 Dynamic Link Library (generic) (9.8%)
Generic Win/DOS Executable (2.5%)
Tags
peexe upx

VirusTotal metadata
First submission 2010-06-29 13:53:44 UTC ( 8 years, 10 months ago )
Last submission 2013-02-26 14:54:12 UTC ( 6 years, 2 months ago )
File names dpn4.txt-xd8PyC
4ZWT11POkd.vcf
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!