× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 27c1c477a490c7df92e665e554a2a955edd9099d5e6a5cd610187e5d5cc368cd
File name: CriotON v1.3a.EXE
Detection ratio: 32 / 42
Analysis date: 2012-06-27 11:52:10 UTC ( 5 years, 3 months ago ) View latest
Antivirus Result Update
AhnLab-V3 Win-Trojan/Jakuz.84992 20120627
AntiVir SPR/Jakuz.B.2 20120627
Avast Win32:Trojan-gen 20120627
BitDefender Trojan.Generic.4002287 20120627
Commtouch W32/VirTool.BQC 20120627
Comodo TrojWare.Win32.TrojanDropper.Agent.~ASX 20120627
DrWeb VirusConstructor.KuzjaCry 20120627
Emsisoft Trojan.VBS.Kalmar.Dropper.A!IK 20120627
eSafe Win32.Jakuz.b 20120626
F-Prot W32/VirTool.BQC 20120627
F-Secure Trojan.Generic.4002287 20120627
Fortinet Malware_fam.gw 20120627
GData Trojan.Generic.4002287 20120627
Ikarus Trojan.VBS.Kalmar.Dropper.A 20120627
Jiangmin TrojanDownloader.VBS.Iwill.c 20120627
K7AntiVirus Trojan 20120626
Kaspersky HackTool.VBS.Jakuz.e 20120627
McAfee Artemis!6A0CD0E41FA8 20120627
McAfee-GW-Edition Artemis!6A0CD0E41FA8 20120626
Microsoft HackTool:Win32/Jakuz 20120627
NOD32 probably a variant of Win32/Agent.JYWKIXD 20120627
Norman W32/Hacktool.RLN 20120627
nProtect Trojan/W32.HackTool.44032.E 20120627
Panda Generic Trojan 20120627
PCTools Hacktool.Generic 20120627
Sophos AV Mal/Generic-L 20120627
Symantec Hacktool 20120627
TheHacker Trojan/Hacktool.Jakuz.b 20120626
TrendMicro DIALER_WIN32DIAL 20120627
TrendMicro-HouseCall DIALER_WIN32DIAL 20120626
VIPRE Trojan.Win32.Generic!BT 20120627
VirusBuster HackTool.Jakuz!isYhI6iFVz0 20120626
Antiy-AVL 20120627
AVG 20120627
ByteHero 20120626
CAT-QuickHeal 20120627
ClamAV 20120627
Rising 20120627
SUPERAntiSpyware 20120627
TotalDefense 20120627
VBA32 20120626
ViRobot 20120627
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
PEiD UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2007-01-09 13:57:44
Entry Point 0x0001B4E0
Number of sections 3
PE sections
PE imports
VirtualProtect
LoadLibraryA
ExitProcess
GetProcAddress
VarBstrFromCy
CopyRect
CoGetObject
Number of PE resources by type
RT_STRING 4
Struct(121) 4
RT_ICON 3
RT_DIALOG 1
TYPELIB 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 14
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2007:01:09 14:57:44+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
20480

LinkerVersion
6.0

EntryPoint
0x1b4e0

InitializedDataSize
24576

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
90112

File identification
MD5 6a0cd0e41fa877dd859cc3bd98941d78
SHA1 1db115e82351b169bf1efbe7e30aaab02556f627
SHA256 27c1c477a490c7df92e665e554a2a955edd9099d5e6a5cd610187e5d5cc368cd
ssdeep
768:deY0kxKU1AiCpSTi9ZIo30a/tcxqSfanlYsvIz6rrY4:1N8qnySTi9Ko300GanlYFiX

authentihash 75cf52bdb6eb18f690959d6054c76456ab319986cc16c16c72f8ea287162b82d
imphash d60f4435b5ef34227b42ded647f66f54
File size 43.0 KB ( 44032 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID UPX compressed Win32 Executable (39.3%)
Win32 EXE Yoda's Crypter (38.6%)
Win32 Dynamic Link Library (generic) (9.5%)
Win32 Executable (generic) (6.5%)
Generic Win/DOS Executable (2.9%)
Tags
peexe upx

VirusTotal metadata
First submission 2007-05-20 12:53:33 UTC ( 10 years, 5 months ago )
Last submission 2017-07-15 10:40:29 UTC ( 3 months ago )
File names 6A0CD0E41FA877DD859CC3BD98941D78
HackTool.VBS.Jakuz.e
HackTool.VBS.Jakuz.e
KUZJA-CRYPTOR.EXE
27c1c477a490c7df92e665e554a2a955edd9099d5e6a5cd610187e5d5cc368cd.vir
6a0cd0e41fa877dd859cc3bd98941d78
smona130759609707528185764
KUZJA-CRYPTOR.EX
myfile.exe
1db115e82351b169bf1efbe7e30aaab02556f627
CriotON v1.3a.EXE
KUZJA-CRYPTOR.EXE
file-3001855_EXE
6a0cd0e41fa877dd859cc3bd98941d78.exe
6a0cd0e41fa877dd859cc3bd98941d781db115e82351b169bf1efbe7e30aaab02556f62744032.exe
1db115e82351b169bf1efbe7e30aaab02556f627.bin
smona132588620573433025513
1db115e82351b169bf1efbe7e30aaab02556f627_KUZJA-CRYPTOR.EX
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!