× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 29eae9df9fcfd00205d0ff1c313edf7544ebb2de5cb5af63015c145c479910ad
File name: 001651664
Detection ratio: 53 / 56
Analysis date: 2015-07-27 14:06:17 UTC ( 3 years, 6 months ago ) View latest
Antivirus Result Update
Ad-Aware Worm.Generic.225519 20150727
Yandex Trojan.PWS.Magania.VJX 20150726
AhnLab-V3 Trojan/Win32.OnlineGameHack 20150727
ALYac Spyware.OnlineGames-GLG 20150727
Antiy-AVL Trojan[GameThief]/Win32.Taworm 20150727
Arcabit Worm.Generic.D370EF 20150727
Avast Win32:OnLineGames-FNT [Trj] 20150727
AVG Worm/AutoRun.IJ 20150727
Avira (no cloud) TR/PSW.Magania.cjzj 20150727
AVware Trojan.Win32.Generic!SB.0 20150727
Baidu-International Trojan.Win32.Kamso.bbe 20150727
BitDefender Worm.Generic.225519 20150727
Bkav W32.KavoLEK.Worm 20150727
CAT-QuickHeal Trojan.Agen.rw5 20150727
ClamAV Trojan.Spy-69470 20150727
Comodo TrojWare.Win32.GameThief.Magania.~BKJ 20150727
Cyren W32/OnlineGames.CN.gen!Eldorado 20150727
DrWeb Trojan.PWS.Wsgame.12661 20150727
Emsisoft Worm.Generic.225519 (B) 20150727
ESET-NOD32 Win32/PSW.OnLineGames.NNU 20150727
F-Prot W32/Magania.UM 20150727
F-Secure Worm.Generic.225519 20150727
Fortinet W32/Magania.CEP!tr 20150727
GData Worm.Generic.225519 20150727
Ikarus Trojan-GameThief.Win32.Magania 20150727
Jiangmin Trojan/PSW.Magania.zvs 20150726
K7AntiVirus Password-Stealer ( 0013e6601 ) 20150727
K7GW Password-Stealer ( 0013e6601 ) 20150727
Kaspersky Trojan-GameThief.Win32.Magania.cepk 20150727
Kingsoft Win32.Troj.Undef.(kcloud) 20150727
Malwarebytes Spyware.Password 20150727
McAfee Generic PWS.ak 20150727
McAfee-GW-Edition BehavesLike.Win32.Sality.cc 20150726
Microsoft Worm:Win32/Taterf.B 20150727
eScan Worm.Generic.225519 20150727
NANO-Antivirus Trojan.Win32.Magania.bdahq 20150727
nProtect Trojan-PWS/W32.WebGame.118853.B 20150727
Panda W32/Lineage.LKR 20150727
Qihoo-360 HEUR/QVM19.1.Malware.Gen 20150727
Rising PE:Trojan.Win32.Generic.122C79D2!304904658 20150722
Sophos AV Mal/Taterf-B 20150727
SUPERAntiSpyware Trojan.Agent/Gen-FakeAlert 20150727
Symantec Trojan Horse 20150727
Tencent Win32.Trojan-gamethief.Magania.Syhp 20150727
TheHacker Trojan/Magania.cepk 20150723
TotalDefense Win32/Frethog.FKW 20150723
TrendMicro WORM_AUTORUN.MAR 20150727
TrendMicro-HouseCall WORM_AUTORUN.MAR 20150727
VBA32 BScope.Trojan.MTA.01233 20150727
VIPRE Trojan.Win32.Generic!SB.0 20150727
ViRobot Trojan.Win32.PSWMagania.118853[h] 20150727
Zillya Trojan.Magania.Win32.13884 20150727
Zoner Trojan.OnLineGames.NNU 20150727
AegisLab 20150727
Alibaba 20150727
ByteHero 20150727
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2009-09-16 06:30:38
Entry Point 0x000460A4
Number of sections 5
PE sections
PE imports
GetPrivateProfileSectionNamesA
GetMailslotInfo
EnterCriticalSection
GetSystemInfo
GetThreadPriorityBoost
GetDriveTypeA
GlobalFindAtomA
ExitProcess
LoadLibraryA
EndUpdateResourceA
DeleteCriticalSection
GetCommTimeouts
FileTimeToDosDateTime
GetEnvironmentStrings
GetCurrentProcessId
GetDateFormatW
GetVolumeInformationW
GetVDMCurrentDirectories
FatalAppExitA
CreateDirectoryW
GetProfileSectionA
GetPrivateProfileStringW
GetTempFileNameW
FindNextFileW
EnumSystemCodePagesA
GetCommConfig
FreeResource
FreeLibrary
GlobalMemoryStatus
GetCurrencyFormatA
GlobalCompact
CreateFileW
FatalExit
GetCurrentConsoleFont
GetLongPathNameA
IsBadReadPtr
GetProcessVersion
GetProcessTimes
GetVersion
Number of PE resources by type
RT_ICON 8
RT_STRING 4
RT_MENU 4
RT_DIALOG 2
RT_ACCELERATOR 2
RT_GROUP_ICON 2
RT_VERSION 1
Number of PE resources by language
CHINESE SIMPLIFIED 23
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2009:09:16 07:30:38+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
4096

LinkerVersion
16.17

Warning
Error processing PE data dictionary

FileTypeExtension
exe

InitializedDataSize
0

SubsystemVersion
4.0

EntryPoint
0x460a4

OSVersion
4.0

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 cd052f0b36b00be523dd990270846acf
SHA1 b9a6e57496250a175fbe6cedd423693312fe1ec3
SHA256 29eae9df9fcfd00205d0ff1c313edf7544ebb2de5cb5af63015c145c479910ad
ssdeep
3072:HcJST8v8/X8hz+4rxDVebe4DRh1FuCzm5rQj7ApTt6Cy:8AT68PKz//envOWAw

authentihash 2bdd61c866c10a31f6f1983994a5ce7e31c3f5fb1fbe2638294e9f9cc17a558b
imphash 2e3b9b04dc1394419091ea81fa248bdb
File size 116.1 KB ( 118853 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable (generic) (52.9%)
Generic Win/DOS Executable (23.5%)
DOS Executable Generic (23.5%)
Tags
peexe usb-autorun

VirusTotal metadata
First submission 2009-10-02 15:39:10 UTC ( 9 years, 4 months ago )
Last submission 2015-06-12 07:39:13 UTC ( 3 years, 8 months ago )
File names aa
b9a6e57496250a175fbe6cedd423693312fe1ec3
CD052F0B36B00BE523DD990270846ACF
Rk_YA.sys
Qwj9gz.inf
001651664
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!