× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 2d51bce661263c7bf8b93dbecee39b557daf57506c675cd7786621922ab4a8d6
File name: 2830.ico
Detection ratio: 56 / 65
Analysis date: 2017-08-29 23:05:41 UTC ( 4 months, 3 weeks ago )
Antivirus Result Update
Ad-Aware Trojan.Delf.Inject.Z 20170829
AegisLab Troj.W32.Generic!c 20170829
AhnLab-V3 Trojan/Win32.Pincav.C141480 20170829
ALYac Trojan.Delf.Inject.Z 20170829
Antiy-AVL Trojan/Win32.AGeneric 20170829
Arcabit Trojan.Delf.Inject.Z 20170829
Avast Win32:Delf-RXC [Trj] 20170829
AVG Win32:Delf-RXC [Trj] 20170829
Avira (no cloud) TR/Spy.Banker.Gen2 20170829
AVware Trojan.Win32.Generic!BT 20170829
BitDefender Trojan.Delf.Inject.Z 20170829
Bkav W32.ProgramOnnasp.Trojan 20170829
CAT-QuickHeal Trojan.Banker.S7850 20170829
CMC Trojan-GameThief.Win32.Nilage!O 20170828
Comodo UnclassifiedMalware 20170829
Cylance Unsafe 20170830
Cyren W32/DelfInject.A.gen!Eldorado 20170829
DrWeb Trojan.DownLoader5.15375 20170829
Emsisoft Trojan.Delf.Inject.Z (B) 20170829
Endgame malicious (moderate confidence) 20170821
ESET-NOD32 a variant of Win32/Spy.Banker.WTP 20170829
F-Prot W32/DelfInject.A.gen!Eldorado 20170829
F-Secure Trojan.Delf.Inject.Z 20170829
Fortinet W32/Generic.AC.290CDD!tr 20170829
GData Trojan.Delf.Inject.Z 20170829
Ikarus Virus.Win32.DelfInject 20170829
Jiangmin Trojan/Pincav.ozf 20170829
K7AntiVirus Riskware ( 0015e4f01 ) 20170829
K7GW Riskware ( 0015e4f01 ) 20170828
Kaspersky HEUR:Trojan.Win32.Generic 20170829
MAX malware (ai score=81) 20170829
McAfee Artemis!FAEF48DB0888 20170829
McAfee-GW-Edition BehavesLike.Win32.Injector.dc 20170829
Microsoft VirTool:Win32/DelfInject 20170829
eScan Trojan.Delf.Inject.Z 20170829
NANO-Antivirus Trojan.Win32.Banker.crojys 20170829
Palo Alto Networks (Known Signatures) generic.ml 20170830
Panda Bck/Koobface.AA 20170829
Qihoo-360 Win32/Trojan.1bc 20170830
Rising Trojan.Generic (cloud:BEdXPGPYOtP) 20170829
Sophos AV Troj/Pincav-Gen 20170829
SUPERAntiSpyware Trojan.Agent/Gen-Delf 20170829
Symantec Backdoor.Graybird 20170829
Tencent Win32.Trojan.Generic.Ehid 20170830
TheHacker Trojan/Spy.Banker.wtp 20170828
TotalDefense Win32/DelfInject.WH 20170829
TrendMicro TSPY_BANKER.MJSM 20170829
TrendMicro-HouseCall TSPY_BANKER.MJSM 20170829
VBA32 Trojan.Buzus 20170829
VIPRE Trojan.Win32.Generic!BT 20170829
ViRobot Trojan.Win32.Z.Banker.265728.K 20170829
Webroot W32.Rogue.Gen 20170830
Yandex TrojanSpy.Banker!Gxr7Y7huye0 20170829
Zillya Trojan.Banker.Win32.55617 20170829
ZoneAlarm by Check Point HEUR:Trojan.Win32.Generic 20170829
Zoner Trojan.Banker.WTP 20170829
Alibaba 20170829
Baidu 20170829
ClamAV 20170829
CrowdStrike Falcon (ML) 20170804
Sophos ML 20170822
Kingsoft 20170830
Malwarebytes 20170829
nProtect 20170829
SentinelOne (Static ML) 20170806
Symantec Mobile Insight 20170829
Trustlook 20170830
WhiteArmor 20170829
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
Command UPX
F-PROT UPX
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-01-22 14:17:55
Entry Point 0x000BC640
Number of sections 3
PE sections
PE imports
VirtualProtect
LoadLibraryA
ExitProcess
GetProcAddress
RegFlushKey
ImageList_Add
SaveDC
CoTaskMemFree
VariantCopy
VerQueryValueA
Number of PE resources by type
RT_BITMAP 21
RT_STRING 21
RT_GROUP_CURSOR 7
RT_CURSOR 7
RT_RCDATA 4
Number of PE resources by language
ENGLISH US 35
NEUTRAL 25
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2012:01:22 15:17:55+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
262144

LinkerVersion
2.25

EntryPoint
0xbc640

InitializedDataSize
4096

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
507904

File identification
MD5 faef48db08888e05b08bde38509df4c1
SHA1 b21d9a22c33b332a5a54a419d575a66562ef59b0
SHA256 2d51bce661263c7bf8b93dbecee39b557daf57506c675cd7786621922ab4a8d6
ssdeep
6144:aKM3BeIMlhsZnB+MJpg8cjW1PVYSMtYsrGmbMnNcS:aKaoIMYq2pgc+3Jb6B

authentihash ee30dd6d7ae1697f7c69a18d3d343f2e8e4b25a66f76db36b03adaa6644c5eb2
imphash c9357d92be9c6361d93c80da78df6b0e
File size 259.5 KB ( 265728 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID UPX compressed Win32 Executable (38.2%)
Win32 EXE Yoda's Crypter (37.5%)
Win32 Dynamic Link Library (generic) (9.2%)
Win32 Executable (generic) (6.3%)
Win16/32 Executable Delphi generic (2.9%)
Tags
peexe upx

VirusTotal metadata
First submission 2012-01-23 13:25:39 UTC ( 5 years, 12 months ago )
Last submission 2013-04-14 17:30:32 UTC ( 4 years, 9 months ago )
File names avast.exe.vir
aa
faef48db08888e05b08bde38509df4c1
FdqZdUip.7z
b21d9a22c33b332a5a54a419d575a66562ef59b0.bin
STPnWEc.tar
file
2830.ico
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!