× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 1265a40629b4678beb724137a64fd9e20e211acd925f016e77f6b584aff8f1b1
File name: 1265a40629b4678beb724137a64fd9e20e211acd925f016e77f6b584aff8f1b1
Detection ratio: 28 / 42
Analysis date: 2012-07-11 18:48:09 UTC ( 6 years, 9 months ago ) View latest
Antivirus Result Update
AhnLab-V3 Win-Trojan/Agent.117248.GV 20120711
AntiVir TR/Agent.117248.20 20120711
Avast Win32:Malware-gen 20120711
AVG Generic26.LDI 20120711
BitDefender DeepScan:Generic.Malware.P!.5936F6C7 20120711
Comodo UnclassifiedMalware 20120711
DrWeb Trojan.Click2.26269 20120711
eSafe Win32.TRAgent 20120710
F-Secure DeepScan:Generic.Malware.P!.5936F6C7 20120711
Fortinet W32/Trackr!tr 20120711
GData DeepScan:Generic.Malware.P!.5936F6C7 20120711
Jiangmin Trojan/Banker.Agent.bhj 20120711
K7AntiVirus Trojan 20120711
Kaspersky Trojan-Banker.Win32.Agent.fyn 20120711
McAfee PWS-Banker!h2w 20120711
McAfee-GW-Edition PWS-Banker!h2w 20120711
NOD32 probably a variant of Win32/Spy.Banker.HUHJDJY 20120711
Norman W32/Suspicious_Gen2.QXAKE 20120711
nProtect Trojan/W32.Agent.117248.NB 20120711
Panda Trj/CI.A 20120711
Sophos AV Troj/Trackr-Gen 20120711
Symantec WS.Reputation.1 20120711
TheHacker Trojan/Agent.fyn 20120711
TrendMicro-HouseCall TROJ_GEN.R01B1L1 20120711
VBA32 TrojanBanker.Agent.fyn 20120711
VIPRE Trojan.Win32.Generic!BT 20120711
ViRobot Trojan.Win32.A.Agent.117248.B 20120711
VirusBuster Trojan.PWS.Agent!AOkdvIuCi0g 20120711
Antiy-AVL 20120711
ByteHero 20120613
CAT-QuickHeal 20120711
ClamAV 20120711
Commtouch 20120711
Emsisoft 20120711
F-Prot 20120711
Ikarus 20120711
Microsoft 20120711
PCTools 20120711
Rising 20120711
SUPERAntiSpyware 20120711
TotalDefense 20120710
TrendMicro 20120711
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1992-06-19 22:22:17
Entry Point 0x00018C34
Number of sections 8
PE sections
PE imports
CloseServiceHandle
RegCloseKey
StartServiceCtrlDispatcherA
OpenServiceA
SetServiceStatus
CreateServiceA
QueryServiceStatus
RegQueryValueExA
ControlService
DeleteService
RegOpenKeyExA
OpenSCManagerA
RegisterServiceCtrlHandlerA
GetLastError
EnumCalendarInfoA
GetStdHandle
EnterCriticalSection
lstrlenA
WaitForSingleObject
FreeLibrary
ExitProcess
GetThreadLocale
GetVersionExA
GetModuleFileNameA
RtlUnwind
DuplicateHandle
GetLocalTime
DeleteCriticalSection
GetStartupInfoA
GetDateFormatA
LoadLibraryExA
GetLocaleInfoA
LocalAlloc
OpenProcess
VirtualQueryEx
GetCPInfo
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
ReadProcessMemory
GetCommandLineA
GetProcAddress
GetCurrentThread
SuspendThread
SetFilePointer
RaiseException
CompareStringA
CloseHandle
WideCharToMultiByte
GetModuleHandleA
FindFirstFileA
FormatMessageA
WriteFile
GetCurrentProcess
ReadFile
ResetEvent
lstrcpynA
GetACP
GetDiskFreeSpaceA
GetCurrentThreadId
GetFullPathNameA
SetEvent
LocalFree
ResumeThread
InitializeCriticalSection
VirtualQuery
VirtualFree
CreateEventA
FindClose
InterlockedDecrement
Sleep
GetFileType
SetEndOfFile
TlsSetValue
CreateFileA
GetStringTypeExA
GetVersion
LeaveCriticalSection
VirtualAlloc
GetFileSize
InterlockedIncrement
VariantChangeType
SafeArrayGetLBound
SafeArrayPtrOfIndex
SysAllocStringLen
VariantClear
SafeArrayCreate
SysReAllocStringLen
SafeArrayGetUBound
VariantCopy
SysFreeString
VariantInit
GetSystemMetrics
LoadStringA
CharLowerA
CharNextA
MessageBoxA
CharUpperA
GetKeyboardType
CharToOemA
Number of PE resources by type
RT_STRING 7
RT_RCDATA 2
Number of PE resources by language
NEUTRAL 9
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
1992:06:19 23:22:17+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
98304

LinkerVersion
2.25

EntryPoint
0x18c34

InitializedDataSize
17920

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 516cef2625a822a253b89b9ef523ba37
SHA1 df74d626df43247fdcd380bbc37b68f48b8c11d4
SHA256 1265a40629b4678beb724137a64fd9e20e211acd925f016e77f6b584aff8f1b1
ssdeep
3072:U28d4ti9UzpOBN9Hogg5LUSm4z2i4DQFu/U3buRKlemZ9DnGAekEBghde/Rx7Gys:VGj8ez+Ci4DQFu/U3buRKlemZ9DnGAeR

authentihash f1601e928cd450680ede5b60c1b9afdd7dc099c78202d400e2e18ae3d51300f2
imphash d98380415a9e01bc213802830c18c1ec
File size 114.5 KB ( 117248 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win32 Executable Borland Delphi 7 (95.2%)
Win32 Executable Delphi generic (2.0%)
Win32 Dynamic Link Library (generic) (0.9%)
Win32 Executable (generic) (0.6%)
Win16/32 Executable Delphi generic (0.2%)
Tags
peexe

VirusTotal metadata
First submission 2011-09-11 03:27:47 UTC ( 7 years, 7 months ago )
Last submission 2018-02-20 23:18:53 UTC ( 1 year, 2 months ago )
File names QKCxUM.inf
1265a40629b4678beb724137a64fd9e20e211acd925f016e77f6b584aff8f1b1.exe
file-4240098_exe
rdasrv.exe
516cef2625a822a253b89b9ef523ba37
rdasrv.exe
rdasrv.exe
rdasrv.exe
1265a40629b4678beb724137a64fd9e20e211acd925f016e77f6b584aff8f1b1
rdasrv.exe
aa
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files