× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 1397acad86969d06d87f93eec60ce8f43008fd9be9bae822cd3353817fda4e1a
File name: wbj.exe
Detection ratio: 49 / 53
Analysis date: 2016-07-05 13:36:20 UTC ( 2 years, 9 months ago )
Antivirus Result Update
Ad-Aware Packer.Malware.NSAnti.J 20160705
AegisLab Troj.GameThief.W32.Magania.btzz!c 20160705
AhnLab-V3 Dropper/Win32.OnlineGameHack.N38822103 20160705
ALYac Packer.Malware.NSAnti.J 20160705
Antiy-AVL Trojan[GameThief]/Win32.Magania 20160705
Arcabit Packer.Malware.NSAnti.J 20160705
Avast Win32:Kamso [Trj] 20160705
AVG Win32/Heri 20160705
Avira (no cloud) TR/ATRAPS.Gen2 20160705
AVware BehavesLike.Win32.Malware.bse (vs) 20160705
Baidu Win32.Trojan-PSW.OnlineGames.a 20160705
BitDefender Packer.Malware.NSAnti.J 20160705
CAT-QuickHeal Worm.AutoRun.gen 20160705
ClamAV Win.Trojan.Magania-11386 20160705
CMC Generic.Win32.dcfea8db35!CMCRadar 20160704
Comodo TrojWare.Win32.PSW.Magania.~Btzz 20160705
Cyren W32/Trojan.CYLC-5114 20160705
DrWeb Trojan.PWS.Wsgame.12824 20160705
Emsisoft Packer.Malware.NSAnti.J (B) 20160704
ESET-NOD32 Win32/PSW.OnLineGames.NNU 20160705
F-Prot W32/Trojan3.BFC 20160705
F-Secure Packer.Malware.NSAnti.J 20160705
GData Packer.Malware.NSAnti.J 20160705
Ikarus Virus.Win32.Heri 20160705
Jiangmin Trojan/PSW.Magania.xla 20160705
K7AntiVirus Password-Stealer ( 0001a8f31 ) 20160705
K7GW Password-Stealer ( 0001a8f31 ) 20160705
Kaspersky Trojan-GameThief.Win32.Magania.btzz 20160705
Kingsoft Win32.PSWTroj.Magania.(kcloud) 20160705
Malwarebytes Worm.Magania 20160705
McAfee Generic PWS.ak 20160705
McAfee-GW-Edition BehavesLike.Win32.Downloader.cc 20160705
Microsoft Worm:Win32/Taterf.B 20160705
eScan Packer.Malware.NSAnti.J 20160705
NANO-Antivirus Trojan.Win32.Magania.dfamco 20160705
nProtect Trojan/W32.Agent.106711 20160705
Panda Generic Malware 20160705
Qihoo-360 QVM19.1.Malware.Gen 20160705
Sophos AV Mal/Taterf-B 20160705
Symantec W32.SillyFDC.BCT 20160701
Tencent Win32.Trojan-gamethief.Magania.Wwok 20160705
TheHacker Trojan/Magania.btzz 20160705
TotalDefense Win32/Frethog.FAA 20160705
TrendMicro WORM_TATERF.BMC 20160705
TrendMicro-HouseCall WORM_TATERF.BMC 20160705
VBA32 BScope.Trojan.MTA.01233 20160705
VIPRE BehavesLike.Win32.Malware.bse (vs) 20160705
ViRobot Trojan.Win32.PSWMagania.106711[h] 20160705
Zillya Trojan.OnLineGames.Win32.21129 20160705
Alibaba 20160705
Bkav 20160705
Fortinet 20160705
SUPERAntiSpyware 20160705
Zoner 20160705
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2009-08-03 05:17:30
Entry Point 0x00035279
Number of sections 4
PE sections
PE imports
EnumSystemCodePagesA
GetEnvironmentStringsA
GetTapeStatus
ExitProcess
DisableThreadLibraryCalls
GetHandleInformation
LoadLibraryA
GetLocalTime
CreateFiber
GetDateFormatA
GetLocaleInfoA
GetCurrentProcessId
FindClose
DeleteFileA
GetCurrentDirectoryA
GetVolumeInformationW
DeleteFileW
GlobalLock
EnumLanguageGroupLocalesA
GetCommModemStatus
GetTempPathA
EraseTape
CreateThread
GetProfileStringA
GetTimeFormatA
GetComputerNameExW
EnumResourceLanguagesA
FindFirstFileW
ExitThread
GetStringTypeW
GetDiskFreeSpaceExA
FreeUserPhysicalPages
CreateFileW
GetDiskFreeSpaceExW
IsBadReadPtr
GetCurrentThread
FindFirstVolumeW
Number of PE resources by type
RT_ICON 8
RT_STRING 4
RT_DIALOG 2
RT_ACCELERATOR 2
RT_GROUP_ICON 2
RT_MENU 1
RT_VERSION 1
Number of PE resources by language
CHINESE SIMPLIFIED 20
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2009:08:03 06:17:30+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
4096

LinkerVersion
11.28

Warning
Error processing PE data dictionary

EntryPoint
0x35279

InitializedDataSize
0

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 dcfea8db35c0f234f5a07a3669988629
SHA1 e7e122e51e97e337b4ec5a5325f18493f2f28bad
SHA256 1397acad86969d06d87f93eec60ce8f43008fd9be9bae822cd3353817fda4e1a
ssdeep
3072:HJ+g/DsUjnPrXV0bGuBdi8k9YP3CTbau9gO6mWR3f:pz/IUjPx0qeVkCMaOh6

authentihash f0d32435c1b15686e3321569a8dd7d36231685134d912f2e15c0c701f78440ae
imphash bc08fcf9c5f617015adfc00b9699e1e3
File size 104.2 KB ( 106711 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable (generic) (52.9%)
Generic Win/DOS Executable (23.5%)
DOS Executable Generic (23.5%)
Tags
peexe usb-autorun

VirusTotal metadata
First submission 2009-08-10 17:28:39 UTC ( 9 years, 8 months ago )
Last submission 2016-07-05 13:36:20 UTC ( 2 years, 9 months ago )
File names wbj.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!