× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 109dfda3eb8174a86b4c5afc722cece5299a5c1ab15252a985a85f7177fe9c1e
File name: 2cheques.cpl
Detection ratio: 39 / 46
Analysis date: 2013-08-06 13:01:14 UTC ( 8 months, 2 weeks ago )
Antivirus Result Update
AVG Downloader.Agent2.BCTF 20130806
Agnitum Trojan.DL.Agent!4ETGjvQf1fc 20130805
AhnLab-V3 Downloader/Win32.Agent 20130806
AntiVir TR/ATRAPS.Gen 20130806
Antiy-AVL Trojan/Win32.Agent.gen 20130806
Avast Win32:Delf-SOG [Trj] 20130806
BitDefender Trojan.Generic.KDV.649571 20130806
CAT-QuickHeal TrojanDownloader.Agent.gyol 20130806
Commtouch W32/Trojan.LZDK-8986 20130806
Comodo UnclassifiedMalware 20130806
DrWeb Trojan.DownLoad3.9417 20130806
ESET-NOD32 a variant of Win32/TrojanDownloader.Banload.RVO 20130806
Emsisoft Trojan.Generic.KDV.649571 (B) 20130806
F-Secure Trojan.Generic.KDV.649571 20130806
Fortinet W32/Banload.RFM!tr 20130806
GData Trojan.Generic.KDV.649571 20130806
Ikarus Win32.SuspectCrc 20130806
Jiangmin TrojanDownloader.Agent.ejvn 20130806
K7AntiVirus Riskware 20130805
K7GW Riskware 20130805
Kaspersky Trojan-Downloader.Win32.Agent.gyol 20130806
Kingsoft Win32.Malware.Heur_Generic.A.(kcloud) 20130723
Malwarebytes Trojan.Agent 20130806
McAfee Artemis!63DF45CD68D4 20130806
McAfee-GW-Edition Artemis!63DF45CD68D4 20130806
MicroWorld-eScan Trojan.Generic.KDV.649571 20130806
Microsoft TrojanDownloader:Win32/Peguese.D 20130806
NANO-Antivirus Trojan.Win32.Agent2.syqbx 20130806
Norman Suspicious_Gen4.AJHRG 20130806
PCTools Trojan.Gen 20130806
Panda Trj/Genetic.gen 20130806
Sophos Mal/Bancos-AY 20130806
Symantec Trojan.Gen 20130806
TheHacker Trojan/Downloader.Banload.ref 20130805
TotalDefense Win32/Peguese.X 20130806
TrendMicro PAK_Generic.005 20130806
TrendMicro-HouseCall PAK_Generic.005 20130806
VBA32 TrojanDownloader.Agent 20130806
VIPRE Trojan-Downloader.Win32.Agent 20130806
ByteHero 20130724
ClamAV 20130806
F-Prot 20130806
Rising 20130806
SUPERAntiSpyware 20130806
ViRobot 20130806
nProtect 20130806
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
Packers identified
F-PROT UPX
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1992-06-19 22:22:17
Link date 11:22 PM 6/19/1992
Entry Point 0x000535E0
Number of sections 3
PE sections
PE imports
VirtualProtect
VirtualFree
LoadLibraryA
VirtualAlloc
GetProcAddress
SHGetFolderPathA
RegCloseKey
SetROP2
VariantCopy
ShellExecuteA
PE exports
Number of PE resources by type
RT_STRING 15
RT_RCDATA 3
RT_ICON 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 18
PORTUGUESE BRAZILIAN 2
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
1992:06:19 23:22:17+01:00

FileType
Win32 DLL

PEType
PE32

CodeSize
114688

LinkerVersion
2.25

EntryPoint
0x535e0

InitializedDataSize
4096

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
225280

File identification
MD5 63df45cd68d43b12d49c643db8aaef87
SHA1 ec769f09b9e272bfa7d804d452eab0f8b020b6d6
SHA256 109dfda3eb8174a86b4c5afc722cece5299a5c1ab15252a985a85f7177fe9c1e
ssdeep
1536:ILRAxgXonkYjBC9/ZC/RrSYSMhnUUeHW2+Mrz+4w7L/l6Iwd3oafiMliapZLH:ILRsWTxCZ2YSMhnVP2zJwHYJHp

File size 113.5 KB ( 116224 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID UPX compressed Win32 Executable (45.1%)
Win32 EXE Yoda's Crypter (39.2%)
Win32 Executable (generic) (6.6%)
Win16/32 Executable Delphi generic (3.0%)
Generic Win/DOS Executable (2.9%)
Tags
upx pedll

VirusTotal metadata
First submission 2012-06-13 19:47:08 UTC ( 1 year, 10 months ago )
Last submission 2012-06-26 12:59:58 UTC ( 1 year, 10 months ago )
File names 1339942983.D43B12D49C643DB8AAEF87_2cheques.cpl.ViR
M1L9uj
2012-06-15_17-08-46_chuques2.cpl.exe.vir
file-4108317_ViR
fotospd2.cpl
2cheques.cpl
Advanced heuristic and reputation engines
ClamAV PUA
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: http://www.clamav.net/index.php?s=pua&lang=en .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!