× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 238ab8986f7ffe49d8705e06690e30c0db6663c3b906c0d39b9bfa7d2a8d66a1
File name: 238ab8986f7ffe49d8705e06690e30c0db6663c3b906c0d39b9bfa7d2a8d66a1
Detection ratio: 24 / 43
Analysis date: 2013-06-16 06:26:48 UTC ( 5 years, 8 months ago )
Antivirus Result Update
Yandex Trojan.Disfa!3mahzsTB4y0 20130615
AntiVir TR/Spy.Gen8 20130615
Avast MSIL:Spyware-D [Spy] 20130616
AVG MSIL.AN 20130616
BitDefender Gen:Variant.Zusy.28957 20130616
Commtouch W32/Backdoor.PLHR-5890 20130616
Comodo UnclassifiedMalware 20130616
Emsisoft Gen:Variant.Zusy.28957 (B) 20130616
ESET-NOD32 a variant of MSIL/Bladabindi.O 20130615
F-Secure Gen:Variant.Zusy.28957 20130616
Fortinet MSIL/Agent.PPW!tr 20130616
GData Gen:Variant.Zusy.28957 20130616
Ikarus Win32.SuspectCrc 20130616
Jiangmin Trojan/Generic.axopp 20130616
K7AntiVirus Trojan 20130614
K7GW Trojan 20130614
Kaspersky Trojan.MSIL.Disfa.vzd 20130616
McAfee Artemis!A647EF0168A4 20130616
McAfee-GW-Edition Artemis!A647EF0168A4 20130616
Microsoft Backdoor:MSIL/Bladabindi.B 20130616
NANO-Antivirus Trojan.Win32.Disfa.bmjpuy 20130616
Norman Bladabindi.E 20130616
Sophos AV Mal/Generic-S 20130616
TrendMicro-HouseCall TROJ_GEN.R3QB1ED 20130616
AhnLab-V3 20130615
Antiy-AVL 20130615
ByteHero 20130613
CAT-QuickHeal 20130615
ClamAV 20130616
DrWeb 20130616
eSafe 20130613
F-Prot 20130615
Kingsoft 20130506
Malwarebytes 20130615
eScan 20130616
nProtect 20130616
Panda 20130615
PCTools 20130521
Rising 20130614
SUPERAntiSpyware 20130615
Symantec 20130616
TheHacker 20130615
TotalDefense 20130614
TrendMicro 20130616
VBA32 20130615
VIPRE 20130616
ViRobot 20130615
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-02-16 09:43:49
Entry Point 0x0000DC8E
Number of sections 3
PE sections
PE imports
_CorExeMain
Number of PE resources by type
RT_ICON 1
RT_MANIFEST 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 3
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2013:02:16 09:43:49+00:00

FileType
Win32 EXE

PEType
PE32

CodeSize
42496

LinkerVersion
8.0

EntryPoint
0xdc8e

InitializedDataSize
2048

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 a647ef0168a41876a89f80a9cfbbf991
SHA1 fec21ac12b6da490190907e74f8e8723a4a2a377
SHA256 238ab8986f7ffe49d8705e06690e30c0db6663c3b906c0d39b9bfa7d2a8d66a1
ssdeep
768:cONh5sDMP6Jj50nHuiyBX6kGEIZYXImih+5xZR+4SJLlojaj12+h:cONhqZPFBXSZYYQ/ZR+4S4jajIW

File size 50.0 KB ( 51200 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit Mono/.Net assembly

TrID Generic CIL Executable (.NET, Mono, etc.) (56.7%)
Win64 Executable (generic) (21.4%)
Windows Screen Saver (10.1%)
Win32 Dynamic Link Library (generic) (5.0%)
Win32 Executable (generic) (3.4%)
Tags
peexe assembly

VirusTotal metadata
First submission 2013-03-24 06:27:01 UTC ( 5 years, 11 months ago )
Last submission 2013-03-24 06:27:01 UTC ( 5 years, 11 months ago )
File names 238ab8986f7ffe49d8705e06690e30c0db6663c3b906c0d39b9bfa7d2a8d66a1
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!