× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 22bed5afe4a5a469078893a47338e4cbe1fae2f0ae2ca8025399123a88415973
File name: 8a47a5fa46711c3fed61441632ba6264
Detection ratio: 43 / 51
Analysis date: 2014-04-07 03:43:43 UTC ( 5 years, 1 month ago )
Antivirus Result Update
Ad-Aware Trojan.Generic.5718776 20140407
Yandex Trojan.DR.Agent!+t1JlIwr9Qg 20140406
AhnLab-V3 Trojan/Win32.Tibia 20140406
AntiVir TR/Drop.Tibdef.B 20140407
Antiy-AVL Trojan[Dropper]/Win32.Agent 20140406
Avast Win32:Agent-AMXR [Trj] 20140406
AVG Dropper.Agent.ZOG 20140406
Baidu-International Trojan.Win32.Dropper.AVCO 20140406
BitDefender Trojan.Generic.5718776 20140407
Bkav W32.Clod849.Trojan.36ca 20140405
ClamAV Trojan.Dropper-26207 20140407
CMC Trojan-Spy.Win32.Tibia!O 20140404
Commtouch W32/Agent.KT.gen!Eldorado 20140407
Comodo TrojWare.Win32.TrojanDropper.Agent.~Cxdi 20140406
DrWeb Trojan.MulDrop3.1226 20140407
Emsisoft Trojan.Generic.5718776 (B) 20140407
ESET-NOD32 a variant of Win32/TrojanDropper.Agent.PEB 20140405
F-Prot W32/Agent.KT.gen!Eldorado 20140407
F-Secure Trojan.Generic.5718776 20140406
Fortinet W32/Dropper.AAAI!tr 20140406
GData Trojan.Generic.5718776 20140407
Ikarus Trojan-Dropper.Win32.Monya 20140407
Jiangmin TrojanDropper.Agent.awbk 20140406
K7AntiVirus Riskware ( d55915060 ) 20140404
K7GW Trojan ( 0019b9301 ) 20140404
Kaspersky Trojan-Dropper.Win32.Agent.cxdi 20140407
Kingsoft Win32.Troj.Agent.(kcloud) 20140407
Malwarebytes PasswordStealer.Tibia 20140407
McAfee Artemis!8A47A5FA4671 20140407
McAfee-GW-Edition Artemis!8A47A5FA4671 20140406
Microsoft TrojanDropper:Win32/Tibdef.B 20140407
eScan Trojan.Generic.5718776 20140407
NANO-Antivirus Trojan.Win32.MulDrop3.cbndjf 20140407
Norman Suspicious_Gen2.RIQPI 20140406
nProtect Trojan-Dropper/W32.Agent.3960186 20140406
Panda Trj/Genetic.gen 20140406
Qihoo-360 HEUR/Malware.QVM06.Gen 20140407
Rising PE:Trojan.Dropper!1.9D33 20140406
Sophos AV Mal/Tibia-C 20140407
Symantec Trojan Horse 20140407
TheHacker Trojan/Dropper.Agent.cxdi 20140407
VBA32 TrojanDropper.Agent 20140404
VIPRE Trojan.Win32.Generic!BT 20140407
AegisLab 20140407
ByteHero 20140407
CAT-QuickHeal 20140407
SUPERAntiSpyware 20140406
TotalDefense 20140406
TrendMicro 20140407
TrendMicro-HouseCall 20140407
ViRobot 20140406
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2010-08-22 15:09:07
Entry Point 0x00007B04
Number of sections 5
PE sections
PE imports
GetLastError
IsValidCodePage
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
SetHandleCount
GetConsoleCP
GetOEMCP
LCMapStringA
CopyFileA
IsDebuggerPresent
TlsAlloc
GetEnvironmentStringsW
FlushFileBuffers
GetModuleFileNameA
RtlUnwind
LoadLibraryA
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
EnumSystemLocalesA
GetEnvironmentStrings
GetConsoleMode
GetLocaleInfoA
GetCurrentProcessId
GetUserDefaultLCID
WriteConsoleW
CreateDirectoryA
SetStdHandle
GetWindowsDirectoryA
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
HeapSize
GetTickCount
FreeEnvironmentStringsW
GetCPInfo
GetCommandLineA
GetProcAddress
GetStringTypeA
GetLocaleInfoW
ExitProcess
SetFilePointer
RaiseException
CreateThread
TlsFree
GetModuleHandleA
ReadFile
GetConsoleOutputCP
SetUnhandledExceptionFilter
WriteFile
GetStartupInfoA
CloseHandle
GetSystemTimeAsFileTime
IsValidLocale
GetACP
HeapReAlloc
GetStringTypeW
GetModuleHandleW
GetProcessHeap
TerminateProcess
QueryPerformanceCounter
WideCharToMultiByte
InitializeCriticalSection
HeapCreate
CreateFileW
VirtualFree
WriteConsoleA
InterlockedDecrement
Sleep
GetFileType
SetEndOfFile
TlsSetValue
CreateFileA
HeapAlloc
GetCurrentThreadId
InterlockedIncrement
VirtualAlloc
InitializeCriticalSectionAndSpinCount
SetLastError
LeaveCriticalSection
ShellExecuteA
SendMessageA
FindWindowA
MessageBoxA
Number of PE resources by type
RT_ICON 16
RT_GROUP_ICON 3
RT_DIALOG 1
RT_MANIFEST 1
RT_STRING 1
RT_MENU 1
RT_ACCELERATOR 1
Number of PE resources by language
ENGLISH US 24
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2010:08:22 16:09:07+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
97792

LinkerVersion
9.0

FileAccessDate
2014:04:07 04:43:49+01:00

EntryPoint
0x7b04

InitializedDataSize
89088

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

FileCreateDate
2014:04:07 04:43:49+01:00

UninitializedDataSize
0

File identification
MD5 8a47a5fa46711c3fed61441632ba6264
SHA1 4a306fd5ca9f5e56cad20abebba221718cf48512
SHA256 22bed5afe4a5a469078893a47338e4cbe1fae2f0ae2ca8025399123a88415973
ssdeep
49152:rVmH7daP+RsX2hByz1NlWUL4qDNzbBPRSw6lwOzzSB5+efPz4Lf6Xjsz4s+:rVmH7d3hcrCqRzb9oFl81fPNjvs+

imphash c98ca60d531aefe6d0d388568056662d
File size 3.8 MB ( 3960186 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.1%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2011-10-10 09:51:12 UTC ( 7 years, 7 months ago )
Last submission 2014-04-07 03:43:43 UTC ( 5 years, 1 month ago )
File names Lx_2.cpl
aa
1044055
4a306fd5ca9f5e56cad20abebba221718cf48512.bin
30 (11)
8A47A5FA46711C3FED61441632BA6264
Tibiasavepass.php
8a47a5fa46711c3fed61441632ba6264
a8sFC7wL1.tif
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!