× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 1b513c4ef04a85d2b576c7e0ac07bfb498feb13e046338bcd1364eeb66f3dd0f
File name: IamNiceBMP-fb.com
Detection ratio: 27 / 50
Analysis date: 2014-02-10 10:33:07 UTC ( 1 year ago ) View latest
Antivirus Result Update
AVG Downloader.Generic13.BVPJ 20140210
Ad-Aware Gen:Variant.Kazy.333212 20140210
AntiVir TR/Crypt.EPACK.Gen2 20140210
Avast Win32:Malware-gen 20140210
Baidu-International Trojan.Win32.Andromeda.ak 20140210
BitDefender Gen:Variant.Kazy.333212 20140210
DrWeb Trojan.DownLoad3.21597 20140210
ESET-NOD32 a variant of Win32/Kryptik.BUII 20140210
Emsisoft Gen:Variant.Kazy.333212 (B) 20140210
F-Secure Gen:Variant.Kazy.333212 20140210
Fortinet W32/Zbot.FG!tr 20140210
GData Gen:Variant.Kazy.333212 20140210
K7GW Trojan ( 00494bef1 ) 20140207
Kaspersky Trojan-Downloader.Win32.Andromeda.aile 20140210
Kingsoft Win32.TrojDownloader.Andromeda.ai.(kcloud) 20140210
Malwarebytes Trojan.Agent 20140210
McAfee Artemis!391312E234F8 20140210
McAfee-GW-Edition Artemis!391312E234F8 20140210
MicroWorld-eScan Gen:Variant.Kazy.333212 20140210
Microsoft TrojanDownloader:Win32/Tofsee.D 20140210
Norman Suspicious_Gen4.FTJDQ 20140210
Panda Suspicious file 20140209
Qihoo-360 HEUR/Malware.QVM19.Gen 20140210
Sophos Mal/Generic-S 20140210
TrendMicro TROJ_GEN.R0CBC0DB714 20140210
TrendMicro-HouseCall TROJ_GEN.R0CBC0DB714 20140210
VIPRE Trojan.Win32.Generic!BT 20140210
Agnitum 20140209
AhnLab-V3 20140210
Antiy-AVL 20140210
Bkav 20140210
ByteHero 20140210
CAT-QuickHeal 20140210
CMC 20140210
ClamAV 20140209
Commtouch 20140210
Comodo 20140209
F-Prot 20140210
Ikarus 20140210
Jiangmin 20140210
K7AntiVirus 20140207
NANO-Antivirus 20140210
Rising 20140209
SUPERAntiSpyware 20140208
Symantec 20140210
TheHacker 20140208
TotalDefense 20140210
VBA32 20140210
ViRobot 20140210
nProtect 20140209
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Developer metadata
Publisher ?????????? ??????????
Description ?????? DCOM ?????????? ?????? NPP
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-02-04 05:30:17
Link date 6:30 AM 2/4/2014
Entry Point 0x00001BA0
Number of sections 9
PE sections
PE imports
RegOpenKeyA
LineTo
DeleteEnhMetaFile
Rectangle
MoveToEx
GetStockObject
GetStartupInfoA
VirtualAllocEx
LocalAlloc
ReadFile
GetProcAddress
LoadLibraryA
GetMessageA
CreateWindowExA
LoadCursorA
LoadIconA
UpdateWindow
DispatchMessageA
BeginPaint
TranslateMessage
GetClientRect
PostQuitMessage
DefWindowProcA
ShowWindow
GetSysColor
RegisterClassExA
Number of PE resources by type
RT_STRING 1
RT_MESSAGETABLE 1
RT_VERSION 1
Number of PE resources by language
RUSSIAN 3
ExifTool file metadata
SubsystemVersion
5.0

InitializedDataSize
24064

ImageVersion
0.0

FileVersionNumber
5.1.2600.5512

UninitializedDataSize
0

LanguageCode
Russian

FileFlagsMask
0x003f

CharacterSet
Unicode

LinkerVersion
9.0

MIMEType
application/octet-stream

TimeStamp
2014:02:04 06:30:17+01:00

FileType
Win32 EXE

PEType
PE32

FileAccessDate
2014:11:06 23:22:36+01:00

FileDescription
DCOM NPP

OSVersion
5.0

FileCreateDate
2014:11:06 23:22:36+01:00

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
14336

FileSubtype
0

ProductVersionNumber
5.1.2600.5512

EntryPoint
0x1ba0

ObjectFileType
Executable application

File identification
MD5 391312e234f8de0209b507b4dc490745
SHA1 fba1867d6a2bbd49ddcf8a7baa0d5e27deaa497c
SHA256 1b513c4ef04a85d2b576c7e0ac07bfb498feb13e046338bcd1364eeb66f3dd0f
ssdeep
384:Vg/aBrk/HyKFn7N942Lgoqs1sHHgHHHGb+rvk:+/6kpn7o2WKsHgHR8

authentihash f8521b1c680647c51541771e7259f92e7bb17cc19fa380893a193d1bb9cd067c
imphash 3bebea7a7d4cf5c2720eacae273b3b72
File size 38.5 KB ( 39424 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe via-tor

VirusTotal metadata
First submission 2014-02-04 06:17:35 UTC ( 1 year ago )
Last submission 2014-02-10 10:33:07 UTC ( 1 year ago )
File names YouSexyJPEG-fb.com
IamSexyJPEG-facebook.com
IamNiceJPG-facebook.com
MeLolBMP-facebook.com
YouFunnyBMP-fb.com
IamNiceBMP-fb.com
MeNakedPIC-fb.com
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Runtime DLLs
HTTP requests
TCP connections