× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 2fc6050083f81eb74a1aaa86ab99d6b06f13ace38f94e1fdee9ec0e62fdea5c3
File name: vt-upload-zXgeN
Detection ratio: 41 / 47
Analysis date: 2013-07-18 09:21:31 UTC ( 4 years, 7 months ago )
Antivirus Result Update
Yandex Suspicious!SA 20130717
AhnLab-V3 Trojan/Win32.Downloader 20130717
AntiVir BDS/Backdoor.Gen 20130718
Avast Win32:Tiny-ADF [Rtk] 20130718
AVG PSW.OnlineGames 20130718
BitDefender Trojan.Generic.6498092 20130718
CAT-QuickHeal W32.Viking.gen 20130718
Commtouch W32/Heuristic-210!Eldorado 20130718
Comodo Packed.Win32.MNSP.Gen 20130718
DrWeb Trojan.MulDrop.34016 20130718
Emsisoft Trojan.Generic.6498092 (B) 20130718
eSafe Win32.Looked.gen 20130717
ESET-NOD32 a variant of Win32/AntiAV.NBD 20130718
F-Prot W32/Heuristic-210!Eldorado 20130718
F-Secure Trojan.Generic.6498092 20130718
Fortinet W32/Geral.DEE!tr.dldr 20130718
GData Trojan.Generic.6498092 20130718
Ikarus Trojan.Win32.AntiAV 20130718
Jiangmin TrojanDownloader.Geral.kf 20130718
K7AntiVirus Trojan 20130717
K7GW Trojan 20130717
Kaspersky Trojan-Downloader.Win32.Geral.dee 20130718
Kingsoft Win32.Hack.Agent.(kcloud) 20130718
Malwarebytes Trojan.KillAV 20130718
McAfee Artemis!C7049B8054A9 20130718
McAfee-GW-Edition Heuristic.BehavesLike.Win32.Suspicious-BAY.G 20130717
Microsoft TrojanDropper:Win32/Dogrobot.E 20130718
NANO-Antivirus Trojan.Win32.Geral.iljwr 20130718
Norman Suspicious_U.gen1 20130718
nProtect Trojan-Downloader/W32.Geral.34314 20130718
Panda Trj/Genetic.gen 20130718
PCTools Trojan.Dropper 20130718
Rising Trojan.Win32.KillAV.bwp 20130718
Sophos AV Mal/Mdrop-P 20130718
Symantec Trojan.Dropper 20130718
TotalDefense Win32/Dogrobot.GA 20130718
TrendMicro TROJ_GERAL.SMEI 20130718
TrendMicro-HouseCall TROJ_GERAL.SMEI 20130718
VBA32 BScope.Trojan.SvcHorse.01643 20130717
VIPRE LooksLike.Win32.KryptPck!a (v) 20130718
ViRobot Trojan.Win32.S.Downloader.34314.B 20130718
Antiy-AVL 20130718
ByteHero 20130613
ClamAV 20130718
eScan 20130718
SUPERAntiSpyware 20130718
TheHacker 20130717
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright ? 2008

Version 1, 0, 0, 1
File version 1, 0, 0, 1
Packers identified
Command UPack
F-PROT UPack
PEiD Upack 0.24 - 0.27 beta / 0.28 alpha -> Dwing
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Entry Point 0x0001E18D
Number of sections 2
PE sections
PE imports
LoadLibraryA
GetProcAddress
Number of PE resources by type
SERVER 3
RT_VERSION 1
Number of PE resources by language
CHINESE SIMPLIFIED 4
PE resources
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
81920

ImageVersion
0.0

FileVersionNumber
1.0.0.1

LanguageCode
Chinese (Simplified)

FileFlagsMask
0x003f

CharacterSet
Unicode

LinkerVersion
0.37

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
1, 0, 0, 1

TimeStamp
0000:00:00 00:00:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
1, 0, 0, 1

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Win32

LegalCopyright
Copyright ? 2008

MachineType
Intel 386 or later, and compatibles

CodeSize
0

FileSubtype
0

ProductVersionNumber
1.0.0.1

EntryPoint
0x1e18d

ObjectFileType
Executable application

File identification
MD5 c7049b8054a9d5a8d541604823259670
SHA1 665b41f98838ef297dffdf8fac3283d844f24943
SHA256 2fc6050083f81eb74a1aaa86ab99d6b06f13ace38f94e1fdee9ec0e62fdea5c3
ssdeep
768:B2ZWNp6YRoxBkamrzax4oqfa7AKjhW0pKA7MuihPFC:B2MvRDzmqAAKjnKA7Li

File size 33.5 KB ( 34314 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID DOS Executable Generic (100.0%)
Tags
peexe upack

VirusTotal metadata
First submission 2010-08-30 06:10:06 UTC ( 7 years, 5 months ago )
Last submission 2013-07-18 09:21:31 UTC ( 4 years, 7 months ago )
File names iLRd.inf
YpiE5Fh1.ps1
vt-upload-zXgeN
aa
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!