× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 1991a037623749e339e5128458bf30f434953fcce10a5ed442db55bcc6746550
File name: 00F6E0637CC8DD4EBB1866809517C35E
Detection ratio: 36 / 41
Analysis date: 2012-06-07 03:42:10 UTC ( 6 years, 3 months ago )
Antivirus Result Update
AhnLab-V3 Trojan/Win32.VBKrypt 20120606
AntiVir TR/Dropper.Gen 20120606
Avast Win32:Zbot-MRI [Trj] 20120606
AVG Dropper.Generic.BPCI 20120607
BitDefender Win32.Worm.Koobface.AOX 20120607
ClamAV PUA.Win32.Packer.Anti-4 20120606
Commtouch W32/Worm.BKZM 20120607
Comodo TrojWare.Win32.Trojan.Agent.Gen 20120607
DrWeb Trojan.DownLoad1.37139 20120607
Emsisoft Virus.Win32.VBInject!IK 20120607
eSafe Win32.TrojanHorse 20120605
F-Prot W32/Worm.BKZM 20120606
F-Secure Net-Worm:W32/Koobface.ETA 20120607
Fortinet W32/VBInjector.AGB!tr 20120607
GData Win32.Worm.Koobface.AOX 20120607
Ikarus Virus.Win32.VBInject 20120607
Jiangmin Worm/Koobface.aoa 20120607
K7AntiVirus EmailWorm 20120606
McAfee Artemis!00F6E0637CC8 20120607
McAfee-GW-Edition Heuristic.BehavesLike.Win32.Downloader.D 20120606
Microsoft VirTool:Win32/VBInject.DS 20120606
NOD32 Win32/Koobface.NCR 20120606
Norman W32/Suspicious_Gen2.SYCSQ 20120605
nProtect Worm/W32.Koobface.37376.D 20120606
Panda Suspicious file 20120606
PCTools Net-Worm.Koobface.B!rem 20120607
Rising Trojan.Win32.Generic.122D3830 20120606
Sophos AV Mal/Behav-370 20120607
Symantec W32.Koobface.D 20120607
TheHacker Posible_Worm32 20120607
TrendMicro WORM_KOOBFACE.JS 20120607
TrendMicro-HouseCall WORM_KOOBFACE.JS 20120607
VBA32 SScope.Trojan-Dropper.VB.064 20120606
VIPRE Trojan.Win32.Buzus (v) 20120607
ViRobot Worm.Win32.S.Net-Koobface.37376 20120607
VirusBuster Worm.Koobface!zYqCqDUQU3Q 20120605
Antiy-AVL 20120607
ByteHero 20120606
CAT-QuickHeal 20120606
SUPERAntiSpyware 20120607
TotalDefense 20120606
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
PEiD UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2010-02-04 21:13:26
Entry Point 0x0000F220
Number of sections 3
PE sections
PE imports
LoadLibraryA, GetProcAddress, ExitProcess
CallWindowProcA
ExifTool file metadata
UninitializedDataSize
24576

LinkerVersion
6.0

ImageVersion
1.0

FileSubtype
0

FileVersionNumber
0.1.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

CharacterSet
Unicode

InitializedDataSize
4096

FileOS
Win32

MIMEType
application/octet-stream

TimeStamp
2010:02:04 22:13:26+01:00

FileType
Win32 EXE

PEType
PE32

SubsystemVersion
4.0

OSVersion
4.0

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
36864

ProductVersionNumber
0.1.0.0

EntryPoint
0xf220

ObjectFileType
Executable application

File identification
MD5 00f6e0637cc8dd4ebb1866809517c35e
SHA1 f7a390f5e5541e55bd7ebdf3eb81677442b0ce82
SHA256 1991a037623749e339e5128458bf30f434953fcce10a5ed442db55bcc6746550
ssdeep
768:TDNKZ8GfeJldjZ0XPbUIjec/87BrvC9DM/STpsykhpm:E+lFZVIX09bCpM/STNkjm

File size 36.5 KB ( 37376 bytes )
File type Win32 EXE
Magic literal
MS-DOS executable PE for MS Windows (GUI) Intel 80386 32-bit, UPX compressed

TrID UPX compressed Win32 Executable (43.8%)
Win32 EXE Yoda's Crypter (38.1%)
Win32 Executable Generic (12.2%)
Generic Win/DOS Executable (2.8%)
DOS Executable Generic (2.8%)
Tags
upx

VirusTotal metadata
First submission 2010-02-04 23:58:51 UTC ( 8 years, 7 months ago )
Last submission 2012-06-07 03:42:10 UTC ( 6 years, 3 months ago )
File names zJfIhtJnR.gif
00F6E0637CC8DD4EBB1866809517C35E
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Behaviour characterization
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!