× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 3021d6935a31a19a15000d391e555218509394d436e95a212e7f701f697a8964
File name: pagefile.exe
Detection ratio: 33 / 41
Analysis date: 2010-01-11 14:28:16 UTC ( 9 years, 4 months ago )
Antivirus Result Update
a-squared P2P-Worm.Win32.Palevo!IK 20100111
AhnLab-V3 Win32/Rimecud.worm.125952 20100110
AntiVir TR/Crypt.ZPACK.Gen 20100111
Antiy-AVL Worm/Win32.Palevo.gen 20100111
Avast Win32:Trojan-gen 20100110
AVG SHeur2.BRXW 20100111
BitDefender Worm.P2P.Palevo.AD 20100111
CAT-QuickHeal I-Worm.Palevo.kcv 20100111
Comodo Heur.Suspicious 20100111
DrWeb Trojan.Packed.688 20100111
eSafe Win32.TRCrypt.ZPACK 20100110
F-Secure Worm:W32/Palevo.gen!E 20100111
Fortinet W32/Palevo.KCV!worm.p2p 20100109
GData Worm.P2P.Palevo.AD 20100111
Ikarus P2P-Worm.Win32.Palevo 20100111
Jiangmin Worm/Palevo.gth 20100111
K7AntiVirus Trojan.Win32.Malware.1 20100109
Kaspersky P2P-Worm.Win32.Palevo.kcv 20100111
McAfee W32/Rimecud 20100110
McAfee+Artemis W32/Rimecud 20100110
McAfee-GW-Edition Trojan.Crypt.ZPACK.Gen 20100111
Microsoft Worm:Win32/Rimecud.A 20100111
NOD32 a variant of Win32/Kryptik.BDR 20100111
Norman W32/Rimecud.AI 20100110
nProtect Worm/W32.Palevo.125952.D 20100111
Panda Suspicious file 20100110
Prevx Medium Risk Malware 20100111
Sophos AV Mal/EncPk-MX 20100111
Sunbelt Worm.Win32.Rimecud.a (v) 20100110
TrendMicro WORM_PALEVO.SMF 20100111
VBA32 P2P-Worm.Win32.Palevo.kcv 20100111
ViRobot Worm.Win32.P2P-Palevo.125952.D 20100111
VirusBuster Worm.P2P.Palevo.FGC 20100110
Authentium 20100110
ClamAV 20100111
eTrust-Vet 20100111
F-Prot 20100110
PCTools 20100111
Rising 20100111
Symantec 20100111
TheHacker 20100111
The file being studied is a Portable Executable file! More specifically, it is a unknown file.
PE header basic information
Number of sections 4
PE sections
PE imports
CreateCompatibleBitmap
ExcludeClipRect
GetDIBits
GetObjectA
SetROP2
UnrealizeObject
ExitProcess
FlushFileBuffers
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
InterlockedDecrement
IsDebuggerPresent
LCMapStringA
LoadLibraryA
ReadFile
RtlUnwind
VirtualAlloc
VirtualFree
lstrcpyA
DoEnvironmentSubstW
ExtractIconExW
SHBrowseForFolder
SHFileOperationW
SHGetFileInfoA
SHGetFolderLocation
SHGetSpecialFolderPathA
ShellExecuteW
Shell_NotifyIconW
IsWindowEnabled
LoadIconA
LoadStringA
File identification
MD5 3799f47f296befe9f38625202b72de3a
SHA1 df87a82596b5bd3fc9b20a4f2866f51cf67a8707
SHA256 3021d6935a31a19a15000d391e555218509394d436e95a212e7f701f697a8964
ssdeep
3072:Q0ufj6fYNmiVlcOVkm7Z6NFAOzyYYjwQNqu0FpUD:FuL6fY4ITJZE1OYYjw0p0r0

File size 123.0 KB ( 125952 bytes )
File type unknown
Magic literal

TrID Win32 Executable Generic (38.3%)
Win32 Dynamic Link Library (generic) (34.1%)
Win16/32 Executable Delphi generic (9.3%)
Generic Win/DOS Executable (9.0%)
DOS Executable Generic (9.0%)
VirusTotal metadata
First submission 2009-11-14 20:38:50 UTC ( 9 years, 6 months ago )
Last submission 2010-01-11 14:28:16 UTC ( 9 years, 4 months ago )
File names YPnJPR5L.fon
aa
Seq53D__Oq.docm
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!