× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 1b0a695e0af22c0a74811711b4d7dfdf19ed2afa5efa6d65df53d65b0b77c3e4
File name: 2cf88023b167091d0d126a05a12048b5
Detection ratio: 46 / 55
Analysis date: 2015-04-21 09:11:10 UTC ( 3 years, 10 months ago )
Antivirus Result Update
Ad-Aware Backdoor.Agent.ABHW 20150421
Yandex Win32.Virut.Y.Gen 20150420
AhnLab-V3 Win-Trojan/Bamital.Gen 20150421
Antiy-AVL Trojan/Win32.Pakes 20150421
Avast Win32:Sality 20150421
AVG Generic22.BPCM 20150421
Avira (no cloud) W32/Virut.Gen 20150421
Baidu-International Trojan.W32.Autorun.BMC 20150421
BitDefender Backdoor.Agent.ABHW 20150421
Bkav W32.InjectAdwaredDwnMainA.Trojan 20150420
CAT-QuickHeal W32.Virut.Cur1 20150421
ClamAV WIN.Ransom.Lockscreen 20150421
Comodo Virus.Win32.Virut.Ce 20150421
Cyren W32/Bamital.N.gen!Eldorado 20150421
DrWeb Trojan.MulDrop3.45645 20150421
Emsisoft Backdoor.Agent.ABHW (B) 20150421
ESET-NOD32 Win32/Virut.NBP 20150421
F-Prot W32/Bamital.N.gen!Eldorado 20150421
F-Secure Backdoor.Agent.ABHW 20150421
Fortinet W32/Drooptroop.SMY!tr 20150421
GData Backdoor.Agent.ABHW 20150421
Ikarus Trojan-Ransom.Win32.PornoBlocker 20150421
Jiangmin Trojan/PornoBlocker.aua 20150420
K7AntiVirus Trojan ( 0038b1be1 ) 20150421
K7GW Trojan ( 0038b1be1 ) 20150421
Kaspersky Trojan.Win32.Pakes.tyi 20150421
Kingsoft Win32.Virut.ce.53248 20150421
Malwarebytes Backdoor.IRCBot 20150421
McAfee Generic BackDoor.ya 20150421
McAfee-GW-Edition BehavesLike.Win32.Backdoor.cc 20150420
Microsoft Trojan:Win32/Ramnit.A 20150421
eScan Backdoor.Agent.ABHW 20150421
NANO-Antivirus Trojan.Win32.PornoBlocker.ebkls 20150421
Norman Ramnit.O 20150421
nProtect Trojan/W32.Packer.198144.O 20150421
Panda Trj/Bamital.E 20150421
Rising PE:Trojan.Win32.Fednu.ueo!1075351062 20150420
Sophos AV W32/Ramnit-A 20150421
SUPERAntiSpyware Trojan.Agent/Gen-PornoBlocker 20150421
Symantec W32.Virut.CF 20150421
Tencent Trojan.Win32.Pakes.aac 20150421
TotalDefense Win32/Pakes.EA!genus 20150420
TrendMicro TROJ_DYER.BMC 20150421
TrendMicro-HouseCall TROJ_FAKEAV.SMUP 20150421
VBA32 Trojan.Pakes 20150420
VIPRE Trojan.Win32.Encpk.aak (v) 20150421
AegisLab 20150421
Alibaba 20150421
ByteHero 20150421
CMC 20150421
Qihoo-360 20150421
TheHacker 20150421
ViRobot 20150421
Zillya 20150420
Zoner 20150420
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
F-PROT UPX
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Entry Point 0x0004D240
Number of sections 3
PE sections
PE imports
VirtualFree
ExitProcess
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
SetWindowTextA
Number of PE resources by type
RT_ICON 12
RT_DIALOG 2
RT_MENU 1
RT_GROUP_ICON 1
Number of PE resources by language
RUSSIAN 16
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
0000:00:00 00:00:00

FileType
Win32 EXE

PEType
PE32

CodeSize
77824

LinkerVersion
7.4

EntryPoint
0x4d240

InitializedDataSize
32768

SubsystemVersion
4.0

ImageVersion
7.2

OSVersion
5.0

UninitializedDataSize
237568

File identification
MD5 2cf88023b167091d0d126a05a12048b5
SHA1 7956e63f97f59dc8b901d5cbd085b40758608920
SHA256 1b0a695e0af22c0a74811711b4d7dfdf19ed2afa5efa6d65df53d65b0b77c3e4
ssdeep
6144:vMzzILGFkzhr0pGj9oNH4WENdrWko4QH5:vcoqGj9o14ZNdKk0Z

authentihash 6d255c00373da41656f97118e70b7efe7afaba270a790b85ec84beb7c9bda49a
imphash 7197d8f25970cc6df2d2b302df40eb11
File size 193.5 KB ( 198144 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Generic Win/DOS Executable (49.9%)
DOS Executable Generic (49.8%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)
Tags
peexe upx

VirusTotal metadata
First submission 2015-04-21 09:11:10 UTC ( 3 years, 10 months ago )
Last submission 2015-04-21 09:11:10 UTC ( 3 years, 10 months ago )
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Created processes
Opened mutexes
Runtime DLLs