× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 0eb7590c2188d995fb3f8394ee10db5856542cfac3a62fd3c8e54236f5ffd428
File name: 0eb7590c2188d995fb3f8394ee10db5856542cfac3a62fd3c8e54236f5ffd428.vir
Detection ratio: 41 / 56
Analysis date: 2016-01-12 17:34:52 UTC ( 8 months, 3 weeks ago )
Antivirus Result Update
ALYac Trojan.Generic.7782269 20160112
AVG Dropper.Generic6.WOT 20160112
AVware Trojan.Win32.Generic!BT 20160111
Ad-Aware Trojan.Generic.7782269 20160112
Yandex Backdoor.Dalbot!11tlJUIahBo 20160111
AhnLab-V3 Win-Trojan/Dalbot.167936 20160112
Antiy-AVL Trojan[Downloader]/Win32.Agent 20160112
Arcabit Trojan.Generic.D76BF7D 20160112
Avast Win32:Malware-gen 20160112
Avira (no cloud) TR/Dropper.Gen2 20160112
Baidu-International Trojan.Win32.Agent.PCW 20160112
BitDefender Trojan.Generic.7782269 20160112
Comodo UnclassifiedMalware 20160112
DrWeb Trojan.DownLoad3.22367 20160112
ESET-NOD32 Win32/Agent.PCW 20160112
Emsisoft Trojan.Generic.7782269 (B) 20160112
F-Secure Trojan.Generic.7782269 20160112
Fortinet W32/Agent.VZAC!tr.dldr 20160111
GData Trojan.Generic.7782269 20160112
Ikarus Trojan-Dropper.Agent 20160112
Jiangmin TrojanDownloader.Agent.dunr 20160112
K7AntiVirus Riskware ( 0015e4f01 ) 20160112
K7GW Riskware ( 0015e4f01 ) 20160112
Kaspersky HEUR:Trojan.Win32.Generic 20160112
McAfee Generic.dx!9B6692295FAD 20160112
McAfee-GW-Edition BehavesLike.Win32.SoftPulse.cm 20160112
eScan Trojan.Generic.7782269 20160112
Microsoft Backdoor:Win32/Stradatu 20160112
NANO-Antivirus Trojan.Win32.Agent2.tbibs 20160112
Panda Trj/Genetic.gen 20160112
Sophos Troj/Mdrop-EHC 20160112
Symantec Trojan Horse 20160112
Tencent Win32.Trojan-downloader.Agent.Huze 20160112
TheHacker Trojan/Agent.pcw 20160107
TrendMicro BKDR_AGENT.ERO 20160112
TrendMicro-HouseCall BKDR_AGENT.ERO 20160112
VBA32 suspected of Trojan.Downloader.gen.h 20160112
VIPRE Trojan.Win32.Generic!BT 20160112
ViRobot Trojan.Win32.A.Downloader.167936.QZ[h] 20160112
Zillya Downloader.Agent.Win32.151632 20160112
nProtect Trojan/W32.Agent.167936.AQB 20160112
AegisLab 20160112
Alibaba 20160112
Bkav 20160112
ByteHero 20160112
CAT-QuickHeal 20160112
CMC 20160111
ClamAV 20160112
Cyren 20160112
F-Prot 20160111
Malwarebytes 20160112
Qihoo-360 20160112
Rising 20160112
SUPERAntiSpyware 20160112
TotalDefense 20160112
Zoner 20160112
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
PEiD Armadillo v1.71
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-04-17 07:24:52
Entry Point 0x0000EA96
Number of sections 4
PE sections
PE imports
GetSystemTime
GetLastError
GetEnvironmentVariableA
HeapFree
GetStdHandle
LCMapStringW
SetHandleCount
GetOEMCP
LCMapStringA
HeapDestroy
ExitProcess
IsBadWritePtr
GetVersionExA
GetEnvironmentStringsW
FlushFileBuffers
GetModuleFileNameA
RtlUnwind
LoadLibraryA
GetShortPathNameA
FreeEnvironmentStringsA
CreatePipe
GetStartupInfoA
SizeofResource
GetFileType
WideCharToMultiByte
UnhandledExceptionFilter
MultiByteToWideChar
GetLocalTime
FreeEnvironmentStringsW
GetCPInfo
GetCommandLineA
GetProcAddress
HeapSize
SetStdHandle
CompareStringW
RaiseException
CreateThread
GetStringTypeA
SetFilePointer
ReadFile
IsBadCodePtr
WriteFile
GetCurrentProcess
CompareStringA
GetACP
HeapReAlloc
GetStringTypeW
SetEnvironmentVariableA
TerminateProcess
GetEnvironmentStrings
SetUnhandledExceptionFilter
GetTimeZoneInformation
LoadResource
CreateFileW
VirtualFree
Sleep
IsBadReadPtr
SetEndOfFile
CreateFileA
HeapAlloc
GetVersion
FindResourceA
VirtualAlloc
HeapCreate
GetModuleHandleA
CloseHandle
HttpQueryInfoW
InternetQueryDataAvailable
InternetConnectW
InternetWriteFile
InternetReadFile
HttpSendRequestExW
InternetCrackUrlW
InternetSetCookieW
InternetSetOptionW
InternetCloseHandle
InternetOpenW
HttpEndRequestA
HttpOpenRequestW
HttpAddRequestHeadersW
WSAStartup
gethostname
Number of PE resources by type
EXE 1
Number of PE resources by language
CHINESE SIMPLIFIED 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2012:04:17 08:24:52+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
98304

LinkerVersion
6.0

FileTypeExtension
exe

InitializedDataSize
69632

SubsystemVersion
4.0

EntryPoint
0xea96

OSVersion
4.0

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 9b6692295fadf24b512d5f63e4f74d15
SHA1 8dce6b56ff4b1ab2c9bd68a65dd5c1160efcfc6a
SHA256 0eb7590c2188d995fb3f8394ee10db5856542cfac3a62fd3c8e54236f5ffd428
ssdeep
3072:TG9WRwqzbSLPE8Uf9cWpiELFs88taiiC1ewguZlAOiqDx4qf:k5qQC93pnC1ebOZy

authentihash 3aebf44fbc052ef6b063ce6d5dcd982814971d5a04a1b445241b2d4e6647490d
imphash 7ae8f488848425acae6aaf3626ba2105
File size 164.0 KB ( 167936 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.4%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe armadillo

VirusTotal metadata
First submission 2012-06-08 11:17:24 UTC ( 4 years, 3 months ago )
Last submission 2016-01-12 17:34:52 UTC ( 8 months, 3 weeks ago )
File names file-4074159_
vti-rescan
0eb7590c2188d995fb3f8394ee10db5856542cfac3a62fd3c8e54236f5ffd428.vir
9B6692295FADF24B512D5F63E4F74D15.bin
9b6692295fadf24b512d5f63e4f74d15
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
TCP connections