× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 1a2e85e548ecd88d4e86d5c04993fcb398cbfb9daa24a155feeffd396911e2a6
File name: citadel.exe
Detection ratio: 15 / 44
Analysis date: 2012-10-22 22:56:38 UTC ( 6 years, 4 months ago ) View latest
Antivirus Result Update
AhnLab-V3 Packed/Win32.Suspicious 20121022
AntiVir TR/Crypt.XPACK.Gen2 20121022
Avast Win32:Malware-gen 20121022
BitDefender Gen:Variant.Barys.655 20121023
Comodo TrojWare.Win32.Zbot.NEWA 20121022
Emsisoft Gen:Variant.Barys.655 (B) 20121023
F-Secure Gen:Variant.Barys.655 20121022
GData Gen:Variant.Barys.655 20121022
Ikarus Trojan.Win32.Lebag 20121022
Kingsoft Win32.Troj.Generic.a.(kcloud) 20121008
McAfee-GW-Edition Heuristic.BehavesLike.Win32.ModifiedUPX.F 20121022
eScan Gen:Variant.Barys.655 20121022
Panda Trj/CI.A 20121022
TrendMicro Cryp_Xin1 20121022
TrendMicro-HouseCall Cryp_Xin1 20121022
Yandex 20121022
Antiy-AVL 20121023
AVG 20121022
ByteHero 20121019
CAT-QuickHeal 20121022
ClamAV 20121022
Commtouch 20121022
DrWeb 20121022
eSafe 20121017
ESET-NOD32 20121022
F-Prot 20121022
Fortinet 20121022
Jiangmin 20121022
K7AntiVirus 20121022
Kaspersky 20121022
McAfee 20121022
Microsoft 20121022
Norman 20121022
nProtect 20121022
PCTools 20121022
Rising 20121022
Sophos AV 20121022
SUPERAntiSpyware 20121022
Symantec 20121022
TheHacker 20121021
TotalDefense 20121022
VBA32 20121022
VIPRE 20121023
ViRobot 20121023
The file being studied is a Portable Executable file! More specifically, it is a DOS EXE file.
Packers identified
F-PROT UPX
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-09-20 22:23:48
Entry Point 0x000B7A20
Number of sections 3
PE sections
PE imports
GetLengthSid
InitCommonControlsEx
GetOpenFileNameW
BitBlt
VirtualFree
ExitProcess
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
VariantClear
ShellExecuteW
StrCmpNIA
EndPaint
GdipFree
CoInitialize
Number of PE resources by type
RT_ICON 3
RT_DIALOG 2
RT_GROUP_ICON 1
JPG 1
RT_MANIFEST 1
Number of PE resources by language
NEUTRAL 8
PE resources
ExifTool file metadata
FileAccessDate
2014:12:16 19:24:26+01:00

FileCreateDate
2014:12:16 19:24:26+01:00

File identification
MD5 38cbbb4ffde6ff0e54724a1d70d7f64a
SHA1 ee5a956f8401cccb7eb5d8e29fd45b6f11e1d7c2
SHA256 1a2e85e548ecd88d4e86d5c04993fcb398cbfb9daa24a155feeffd396911e2a6
ssdeep
12288:hNNfdOYL4OORjXjs6ZQHceJJmg2eyGHMTW183Qsl5DWR2qpr0be+D/3:h1OYLSTjsEQHceKg2eyGHMTO8AsLDWRO

authentihash 2c6966fc6e4e5039bc1470c6ad7c0ba3e9871947406bd530661388ac45b39a18
imphash 6171636b0c7bc1a9a8263eb76e0e3d19
File size 687.5 KB ( 704000 bytes )
File type DOS EXE
Magic literal
MS-DOS executable

TrID Win32 Executable (generic) (38.8%)
DOS Executable Borland Pascal 7.0x (17.5%)
Generic Win/DOS Executable (17.2%)
DOS Executable Generic (17.2%)
Music Craft Score (8.6%)
Tags
mz upx via-tor

VirusTotal metadata
First submission 2012-10-21 15:50:52 UTC ( 6 years, 4 months ago )
Last submission 2018-05-19 09:05:26 UTC ( 9 months, 1 week ago )
File names citadel.exe
minecraft.exe
58c99fe20b348702b936abac
Payment.exe
38cbbb4ffde6ff0e54724a1d70d7f64a.vir
citadel.exe
ee5a956f8401cccb7eb5d8e29fd45b6f11e1d7c2.exe.vir
citadel_clean.exe
CITADEL.exe
citadel.exe
citadel.exe
file-4677920_exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

TrendMicro-HouseCall
TrendMicro's heuristic engine has flagged this file as: Suspicious_GEN.F47V0121.

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!