× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 1322bcd08328ac3a186eb9fa9864d59d9f9fba6165c577bbbfc4f27c8fa00d9b
File name: kb26600.exe
Detection ratio: 51 / 57
Analysis date: 2016-10-21 23:54:03 UTC ( 11 months ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKD.2688922 20161022
AegisLab Troj.Downloader.W32.Lipler.bhsb!c 20161021
AhnLab-V3 Trojan/Win32.Downloader.N69052252 20161021
ALYac Trojan.GenericKD.2688922 20161022
Antiy-AVL Trojan[Downloader]/Win32.Lipler 20161022
Arcabit Trojan.Generic.D29079A 20161021
Avast Win32:Malware-gen 20161022
AVG SHeur3.CUC 20161022
Avira (no cloud) TR/Drop.Koobface.J 20161022
AVware BehavesLike.Win32.Koobface!a (v) 20161022
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9998 20161021
BitDefender Trojan.GenericKD.2688922 20161022
Bkav W32.KoobfaceMT09B.Trojan 20161021
CAT-QuickHeal Trojan.Agen.rw4 20161021
ClamAV Win.Downloader.93924-1 20161021
Comodo NetWorm.Win32.Koobface.FR 20161021
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20160725
Cyren W32/Koobface.L.gen!Eldorado 20161021
DrWeb Trojan.DownLoad1.56515 20161021
Emsisoft Trojan.GenericKD.2688922 (B) 20161021
ESET-NOD32 Win32/Tinxy.BA 20161021
F-Prot W32/Koobface.L.gen!Eldorado 20161021
F-Secure Trojan.GenericKD.2688922 20161021
Fortinet W32/Lipler.BHSB!tr.dldr 20161021
GData Trojan.GenericKD.2688922 20161021
Ikarus Trojan.Crypt.EDU 20161021
Sophos ML trojan.win32.c2lop.a 20161018
Jiangmin TrojanDownloader.Lipler.eae 20161021
K7AntiVirus Backdoor ( 04c520811 ) 20161021
K7GW Backdoor ( 04c520811 ) 20161021
Kaspersky Trojan-Downloader.Win32.Lipler.bhsb 20161021
Malwarebytes Worm.KoobFace 20161021
McAfee W32/Koobface.worm.gen.e 20161021
McAfee-GW-Edition BehavesLike.Win32.Backdoor.dc 20161021
Microsoft TrojanDropper:Win32/Koobface.J 20161021
eScan Trojan.GenericKD.2688922 20161021
NANO-Antivirus Trojan.Win32.Lipler.rpmg 20161021
Panda Adware/NaviPromo 20161021
Qihoo-360 Win32/Trojan.6b6 20161022
Rising Malware.Heuristic!ET#99% (rdm+) 20161021
Sophos AV Mal/Koobface-C 20161021
Symantec W32.Koobface!gen4 20161021
TheHacker Trojan/Downloader.Lipler.bhsb 20161020
TotalDefense Win32/Koobface.LS 20161021
TrendMicro TROJ_FAKEAV.SMEC 20161021
TrendMicro-HouseCall TROJ_FAKEAV.SMEC 20161021
VBA32 TrojanDownloader.Lipler 20161021
VIPRE BehavesLike.Win32.Koobface!a (v) 20161021
ViRobot Trojan.Win32.S.Downloader.215552.B[h] 20161021
Yandex Trojan.DL.Lipler!MIT+GSIEzsg 20161021
Zillya Downloader.Lipler.Win32.8590 20161021
Alibaba 20161021
CMC 20161021
Kingsoft 20161022
nProtect 20161021
SUPERAntiSpyware 20161021
Tencent 20161022
Zoner 20161021
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © Protection Technology. 1990-2001.

Product Service NVIDIA
Original name kb26600.exe
Internal name kb26600.exe
File version 6.99
Description ZoneAlarm Intel Scheduled
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2004-09-03 03:59:21
Entry Point 0x000019F6
Number of sections 4
PE sections
PE imports
RegOpenKeyExA
SetFilePointer
GetLastError
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
ReleaseMutex
SetHandleCount
GetSystemInfo
GetOEMCP
LCMapStringA
HeapDestroy
GetTickCount
TlsAlloc
FlushFileBuffers
VirtualProtect
GetVersionExA
GetModuleFileNameA
RtlUnwind
LoadLibraryA
GetACP
FreeEnvironmentStringsA
DeleteCriticalSection
GetStartupInfoA
FileTimeToLocalFileTime
GetEnvironmentStrings
GetEnvironmentStringsW
GetLocaleInfoA
GetCurrentProcessId
lstrcatA
UnhandledExceptionFilter
SetFileTime
GetCPInfo
ExitProcess
MultiByteToWideChar
HeapSize
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
QueryPerformanceCounter
FileTimeToSystemTime
GetFileType
SetStdHandle
CompareStringW
GetTempPathA
WideCharToMultiByte
GetStringTypeA
GetModuleHandleA
FindFirstFileA
InterlockedExchange
lstrcpyA
GetCurrentProcess
CloseHandle
GetSystemTimeAsFileTime
FindNextFileA
GetSystemDirectoryA
HeapReAlloc
GetStringTypeW
GetCurrentThreadId
SetEnvironmentVariableA
TlsFree
TerminateProcess
ResumeThread
GetTimeZoneInformation
InitializeCriticalSection
HeapCreate
WriteFile
VirtualQuery
VirtualFree
FindClose
TlsGetValue
Sleep
DeleteTimerQueue
TlsSetValue
CreateFileA
HeapAlloc
GetVersion
LeaveCriticalSection
VirtualAlloc
SetLastError
CompareStringA
DestroyWindow
OpenIcon
CharToOemA
GetGuiResources
socket
bind
WSACleanup
WSAStartup
gethostbyname
connect
shutdown
htons
closesocket
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
7.1

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
6.99.5.36

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

CharacterSet
Windows, Latin1

InitializedDataSize
168448

EntryPoint
0x19f6

OriginalFileName
kb26600.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright Protection Technology. 1990-2001.

FileVersion
6.99

TimeStamp
2004:09:03 04:59:21+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
kb26600.exe

ProductVersion
6.99

FileDescription
ZoneAlarm Intel Scheduled

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Protection Technology

CodeSize
52736

ProductName
Service NVIDIA

ProductVersionNumber
6.99.5.36

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 6e8d0ef90d220088b6556713caca0bb4
SHA1 6a2ea783f1d91854d8bc8262fac28c3c9f770987
SHA256 1322bcd08328ac3a186eb9fa9864d59d9f9fba6165c577bbbfc4f27c8fa00d9b
ssdeep
6144:s0QxBpy/yQt2Ixc2nLhO4GGBuO7OxQv6DQo2cXgBX:s0eZYc2ndzMOSxQv2Xg

authentihash 5ef054993636aa9cec31952abd43097f30e307c51a0189bd2278266364f604e4
imphash 97eb4e270b0b3b68d6c1e077c3eb0248
File size 210.5 KB ( 215552 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
Clipper DOS Executable (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2010-03-10 17:43:30 UTC ( 7 years, 6 months ago )
Last submission 2013-10-10 23:06:09 UTC ( 3 years, 11 months ago )
File names aaa.^^^
pVESsE.bmp
6E8D0EF90D220088B6556713CACA0BB4
kb26600.exe
aa
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!