× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 30274c2d679e93455318eda9e660e50873f5c633e3221dcef8712000e8f6b2bd
File name: 1107244
Detection ratio: 10 / 43
Analysis date: 2011-12-17 17:31:37 UTC ( 7 years, 4 months ago )
Antivirus Result Update
AntiVir APPL/Agent.232206 20111216
Emsisoft Riskware.RemoteAdmin.Win32.WinVNC-based.AMN!A2 20111217
eSafe Win32.APPLAgent 20111215
Fortinet RAT/WinVNC_based 20111217
Jiangmin Trojan/FraudPack.tii 20111217
K7AntiVirus RemoteTool 20111215
Kaspersky not-a-virus:RemoteAdmin.Win32.WinVNC-based.c 20111217
McAfee RemAdm-VNC 20111217
McAfee-GW-Edition RemAdm-VNC 20111216
Symantec WS.Reputation.1 20111217
AhnLab-V3 20111217
Antiy-AVL 20111217
Avast 20111217
AVG 20111217
BitDefender 20111217
ByteHero 20111207
CAT-QuickHeal 20111217
ClamAV 20111217
Commtouch 20111217
Comodo 20111217
DrWeb 20111217
eTrust-Vet 20111216
F-Prot 20111217
F-Secure 20111217
GData 20111217
Ikarus 20111217
Microsoft 20111217
NOD32 20111217
Norman 20111217
nProtect 20111217
Panda 20111217
PCTools 20111217
Prevx 20111217
Rising 20111216
Sophos AV 20111217
SUPERAntiSpyware 20111217
TheHacker 20111216
TrendMicro 20111217
TrendMicro-HouseCall 20111217
VBA32 20111214
VIPRE 20111217
ViRobot 20111217
VirusBuster 20111216
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
F-PROT NSIS, UTF-8, UPX, 7Z, Unicode
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2009-12-05 22:53:24
Entry Point 0x0000355E
Number of sections 5
PE sections
PE imports
RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA
ImageList_AddMasked
ImageList_Destroy
ImageList_Create
1 more function(s) imported by ordinal)
SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject
CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
GetWindowsDirectoryA
SetFileTime
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
SetFilePointer
MulDiv
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetTempPathA
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation
EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetAsyncKeyState
IsDlgButtonChecked
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
RegisterClassA
OpenClipboard
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
wvsprintfA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
ShowWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
EmptyClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
SetForegroundWindow
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA
CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2009:12:05 23:53:24+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
25600

LinkerVersion
6.0

EntryPoint
0x355e

InitializedDataSize
169984

SubsystemVersion
4.0

ImageVersion
6.0

OSVersion
4.0

UninitializedDataSize
1024

File identification
MD5 6a774d2c6bb1c8487166e1e9dcfbd833
SHA1 be325cf447a82d327f188548b38ce3f3d526dad0
SHA256 30274c2d679e93455318eda9e660e50873f5c633e3221dcef8712000e8f6b2bd
ssdeep
98304:A33fzMYY85a3uuLI5GEyz9ruylh9Isu/hSyMki:Afz3Y8E3uuL1JruylhO/hSyMh

File size 4.0 MB ( 4161292 bytes )
File type Win32 EXE
Magic literal

TrID Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
Tags
nsis upx

VirusTotal metadata
First submission 2011-11-21 13:58:06 UTC ( 7 years, 5 months ago )
Last submission 2011-12-17 17:31:37 UTC ( 7 years, 4 months ago )
File names aa
1107244
DEMO.exe
hOi5RVYx.chm
gnRngfPP.scr
file-3289369_EXE
6a774d2c6bb1c8487166e1e9dcfbd833
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!