× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 199f2357c24e71d955a4e6c2d07645aa04d9474e0c8c914a1edd69a02e3f8a70
File name: DHL_notification.exe
Detection ratio: 27 / 43
Analysis date: 2011-03-10 13:01:41 UTC ( 4 years, 1 month ago ) View latest
Antivirus Result Update
AVG Dropper.Generic3.ACGC 20110310
AhnLab-V3 Win-Trojan/Oficla.62464.B 20110310
AntiVir TR/Spy.SpyEyes.for 20110310
Avast Win32:Malware-gen 20110310
Avast5 Win32:Malware-gen 20110310
BitDefender Trojan.Generic.KDV.152136 20110310
Commtouch W32/Trojan3.CLA 20110310
Emsisoft Win32.Outbreak!IK 20110310
F-Prot W32/Trojan3.CLA 20110310
F-Secure Trojan-Downloader:W32/Karagany.E 20110310
GData Trojan.Generic.KDV.152136 20110310
Ikarus Trojan-Spy.Win32.SpyEyes 20110310
Kaspersky Trojan-Spy.Win32.SpyEyes.for 20110310
McAfee Generic Packed 20110310
McAfee-GW-Edition Artemis!BDA72E57D263 20110310
Microsoft TrojanDownloader:Win32/Karagany.A 20110310
NOD32 a variant of Win32/Injector.FBK 20110310
PCTools Malware.Pilleuz!rem 20110310
Panda Suspicious file 20110309
Sophos Troj/Agent-QQP 20110310
Symantec W32.Pilleuz 20110310
TheHacker Trojan/CI.gen 20110310
TrendMicro PAK_Generic.001 20110310
TrendMicro-HouseCall PAK_Generic.001 20110310
VIPRE Trojan.Win32.Generic!BT 20110310
ViRobot Spyware.SpyEyes.62464 20110310
eTrust-Vet Win32/Kelihos.AX 20110310
Antiy-AVL 20110309
CAT-QuickHeal 20110310
ClamAV 20110310
Comodo 20110309
DrWeb 20110310
Fortinet 20110310
Jiangmin 20110310
K7AntiVirus 20110309
Norman 20110310
Prevx 20110310
Rising 20110310
SUPERAntiSpyware 20110310
VBA32 20110310
VirusBuster 20110309
eSafe 20110309
nProtect 20110215
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
PEiD UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2011-03-09 14:24:16
Link date 3:24 PM 3/9/2011
Entry Point 0x0006C310
Number of sections 3
PE sections
PE imports
OpenProcessToken
GetTcpStatistics
VirtualFree
ExitProcess
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
SetRect
Number of PE resources by type
RT_ICON 1
RT_MANIFEST 1
RT_GROUP_ICON 1
Number of PE resources by language
RUSSIAN 2
ENGLISH US 1
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2011:03:09 15:24:16+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
65536

LinkerVersion
10.0

FileAccessDate
2015:02:15 05:40:57+01:00

EntryPoint
0x6c310

InitializedDataSize
65536

SubsystemVersion
5.1

ImageVersion
0.0

OSVersion
5.1

FileCreateDate
2015:02:15 05:40:57+01:00

UninitializedDataSize
327680

File identification
MD5 bda72e57d263241d52b1fe2ef014cba9
SHA1 fa9dc14b100f1bf5124cd23c322c109b38a70675
SHA256 199f2357c24e71d955a4e6c2d07645aa04d9474e0c8c914a1edd69a02e3f8a70
ssdeep
1536:dYCd4VnDuXLs29GjRXBcldB5PTVhG28iZX5kMd2Oxylt:dYC+DubNiXBcDvVZX5kMsOxylt

authentihash 047f922acf95e74ef899a74309198521c418343adfec04556700923a58ddcfaf
imphash 276ba640604d1f393defd1a981ac5e5c
File size 61.0 KB ( 62464 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID UPX compressed Win32 Executable (42.3%)
Win32 EXE Yoda's Crypter (36.7%)
Win32 Dynamic Link Library (generic) (9.1%)
Win32 Executable (generic) (6.2%)
Generic Win/DOS Executable (2.7%)
Tags
peexe upx

VirusTotal metadata
First submission 2011-03-09 15:39:55 UTC ( 4 years, 1 month ago )
Last submission 2012-10-10 01:52:31 UTC ( 2 years, 6 months ago )
File names DHL_notification.exe$
00000061
DHL_notification.exe
BDA72E57D263241D52B1FE2EF014CBA9
smona129968422760959642164
adobe2
@C__Documents and Settings_dell_Application Data_Adobe_AdobeUtil.exe
err.log481187
AdobeUtil.exe
350C3C2200FD884EF43A007483FE3E00EC3A35F0.exe
file-1949092_exe
AdobeUtil.exe64760523
AdobeUtil.ex_
bda72e57d263241d52b1fe2ef014cba9
DHL_notification1.exe
smona129968459578135808979
smona130631061829634593595
DHL_notification.ex_
Advanced heuristic and reputation engines
ClamAV PUA
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: http://www.clamav.net/doc/pua.html .

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!