× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 239ed753232d3cc0e75323d16d359150937934d30da022628e575997c8dd60a2
File name: DarkSeoul_5FCD6E1DACE6B0599429D913850F0364
Detection ratio: 40 / 46
Analysis date: 2013-04-01 16:42:04 UTC ( 6 years ago ) View latest
Antivirus Result Update
Yandex Trojan.EraseMBR!5xv7ttMjDOk 20130401
AhnLab-V3 Win-Trojan/Agent.24576.JPG 20130401
AntiVir TR/KillMBR.Y.1 20130401
Antiy-AVL Trojan/Win32.EraseMBR 20130401
Avast Win32:DarkSeoul-C [Trj] 20130401
AVG KillApp.EE 20130401
BitDefender Trojan.Generic.KDV.908587 20130401
CAT-QuickHeal Trojan.Dembr 20130401
ClamAV Win.Trojan.Agent-257543 20130401
Commtouch W32/Trojan.EOYT-1372 20130401
Comodo UnclassifiedMalware 20130401
DrWeb Trojan.KillFiles.10563 20130401
Emsisoft Trojan.Win32.Dembr.AMN (A) 20130401
eSafe Win32.Trojan 20130328
ESET-NOD32 Win32/KillDisk.NAS 20130401
F-Prot W32/Jokra.A 20130401
F-Secure Trojan.Generic.KDV.908587 20130401
Fortinet W32/Kast.A!tr 20130401
GData Trojan.Generic.KDV.908587 20130401
Ikarus Trojan.MBR.Killer 20130401
K7AntiVirus Trojan 20130401
Kaspersky Trojan.Win32.EraseMBR.b 20130401
Kingsoft Win32.Troj.Agent.BV.(kcloud) 20130401
Malwarebytes Trojan.MBR.Killer 20130401
McAfee KillMBR-FBIA 20130401
McAfee-GW-Edition KillMBR-FBIA 20130401
Microsoft Trojan:Win32/Dembr.A 20130401
NANO-Antivirus Virus.Win32.Gen.ccmw 20130401
Norman DarkSeoul.A 20130401
nProtect Trojan/W32.KillMBR.Gen 20130401
Panda Trj/Jokra.A 20130401
PCTools Trojan.Jokra 20130401
Rising Trojan.Win32.Generic.1456E4D9 20130328
Sophos AV Troj/MBRKill-A 20130401
Symantec Trojan.Jokra 20130401
TrendMicro TROJ_KILLMBR.SM 20130401
TrendMicro-HouseCall TROJ_KILLMBR.SM 20130401
VBA32 OScope.Trojan.KillMBR.2113 20130330
VIPRE Win32.Malware!Drop 20130401
ViRobot Trojan.Win32.S.KillMBR.24576.C 20130401
ByteHero 20130322
Jiangmin 20130331
eScan 20130401
SUPERAntiSpyware 20130401
TheHacker 20130401
TotalDefense 20130401
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-01-31 10:27:18
Entry Point 0x00001000
Number of sections 3
PE sections
PE imports
HeapFree
GetStdHandle
LCMapStringW
SetHandleCount
GetOEMCP
LCMapStringA
HeapDestroy
ExitProcess
GetEnvironmentStringsW
GetModuleFileNameA
RtlUnwind
LoadLibraryA
FreeEnvironmentStringsA
GetCurrentProcess
GetEnvironmentStrings
GetCPInfo
UnhandledExceptionFilter
MultiByteToWideChar
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
WideCharToMultiByte
GetStringTypeA
WriteFile
GetStartupInfoA
GetACP
HeapReAlloc
GetStringTypeW
TerminateProcess
HeapCreate
VirtualFree
GetFileType
HeapAlloc
GetVersion
VirtualAlloc
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

SubsystemVersion
4.0

MachineType
Intel 386 or later, and compatibles

TimeStamp
2013:01:31 11:27:18+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
12288

LinkerVersion
6.0

FileTypeExtension
exe

InitializedDataSize
8192

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

EntryPoint
0x1000

OSVersion
4.0

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 5fcd6e1dace6b0599429d913850f0364
SHA1 9f69da40dda6367789041aaff01cf61d562b7c21
SHA256 239ed753232d3cc0e75323d16d359150937934d30da022628e575997c8dd60a2
ssdeep
192:09AGTBGMutqbqxQPJUF5r8ojHHP1iVYPfl2noM1qtT57MkJRVtyycpc7numoZ9:0AGTBGMpmxQCPrPdDMEN5yycpcrumoZ

authentihash 248ac9114c8ae3995030449e7adb933f3cb1eb5679a6d0e1310e517587de0fa3
imphash 8cf2375491e257d65da71e5d263d7df7
File size 24.0 KB ( 24576 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2013-03-20 10:19:25 UTC ( 6 years, 1 month ago )
Last submission 2018-11-10 05:08:52 UTC ( 5 months, 2 weeks ago )
File names OthDown.exe
AmAgent.vir
OthDown.exe
vti-rescan
AmAgent.exe
5fcd6e1dace6b0599429d913850f0364_OthDown.exe
OthDown
320.exe
?�릭금�?!!.exe
02_OthDown.exe_
5fcd6e1dace6b0599429d913850f0364_OthDown.exe.vir
AmAgent.exe
5FCD6E1DACE6B0599429D913850F0364
5fcd6e1dace6b0599429d913850f0364.virus
3
ㅁ.exe
virus.exe
DarkSeoul_5FCD6E1DACE6B0599429D913850F0364.exe
.ex_
320.exe
5FCD6E1DACE6B0599429D913850F0364_OthDown.ex_
OthDown.ex_
DarkSeoul_5FCD6E1DACE6B0599429D913850F0364
OthDown.vir
5FCD6E1DACE6B0599429D913850F0364.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Runtime DLLs