× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 30a5441a26461e9ffc86187a0c2f6574d51d27a52a6188ecbba50cc2345586c9
File name: d48a7ae9934745964951a704bcc70fe9
Detection ratio: 41 / 48
Analysis date: 2014-06-08 10:58:06 UTC ( 3 years, 4 months ago )
Antivirus Result Update
Ad-Aware Trojan.Zlob.37632 20140608
Yandex Trojan.DL.Agent!nt94pv70drU 20140607
AhnLab-V3 Trojan/Win32.Agent 20140608
AntiVir TR/Downloader.Gen 20140608
Antiy-AVL Trojan[Downloader]/Win32.Agent 20140608
AVG Downloader.Zlob.AFTC 20140608
Baidu-International Trojan.Win32.Downloader.abVV 20140608
BitDefender Trojan.Zlob.37632 20140608
Bkav W32.HDevDeco.Worm 20140606
ClamAV Trojan.Agent-61611 20140608
CMC Trojan-Downloader.Win32.Agent!O 20140607
Commtouch W32/Downloader.QFBA-1166 20140608
Comodo TrojWare.Win32.TrojanDownloader.Zlob.CSW0 20140608
DrWeb Trojan.DownLoad.12648 20140608
Emsisoft Trojan.Zlob.37632 (B) 20140608
ESET-NOD32 Win32/TrojanDownloader.Zlob.CSW 20140608
F-Prot W32/Downldr2.EVQS 20140608
Fortinet W32/Agent.ALKU!tr.dldr 20140608
GData Trojan.Zlob.37632 20140608
Ikarus Trojan-Dropper.Agent 20140608
K7AntiVirus Backdoor ( 04c4d8551 ) 20140606
K7GW Backdoor ( 04c4d8551 ) 20140606
Kaspersky Trojan-Downloader.Win32.Agent.alku 20140608
McAfee generic!bg.gsa 20140608
McAfee-GW-Edition generic!bg.gsa 20140608
Microsoft TrojanDownloader:Win32/Zlob.AOJ 20140608
eScan Trojan.Zlob.37632 20140608
NANO-Antivirus Trojan.Win32.Agent.vzrl 20140608
Norman Agent.JAYI 20140608
nProtect Trojan-Downloader/W32.Agent.63504 20140608
Panda Trj/Genetic.gen 20140608
Qihoo-360 Malware.QVM10.Gen 20140608
Rising PE:Trojan.Win32.Generic.128D0476!311231606 20140607
Sophos AV Mal/Generic-S 20140608
Symantec Trojan.Zlob 20140608
Tencent Win32.Trojan-Downloader.Agent.dcms 20140608
TheHacker Trojan/Downloader.Agent.alku 20140606
TotalDefense Win32/Zlob.CS 20140608
VBA32 TrojanDownloader.Agent 20140607
VIPRE Trojan.Win32.Generic!BT 20140608
ViRobot Trojan.Win32.Downloader.63504 20140607
AegisLab 20140608
Avast 20140608
ByteHero 20140608
CAT-QuickHeal 20140607
F-Secure 20140608
Kingsoft 20130829
Malwarebytes 20140608
SUPERAntiSpyware 20140607
TrendMicro 20140608
TrendMicro-HouseCall 20140608
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2008-10-23 13:21:40
Entry Point 0x00002575
Number of sections 5
PE sections
PE imports
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetStdHandle
EnterCriticalSection
GetConsoleOutputCP
SetHandleCount
WaitForSingleObject
GetOEMCP
QueryPerformanceCounter
IsDebuggerPresent
HeapAlloc
TlsAlloc
GetEnvironmentStringsW
FlushFileBuffers
GetModuleFileNameA
RtlUnwind
LoadLibraryA
FreeEnvironmentStringsA
DeleteCriticalSection
GetStartupInfoA
GetEnvironmentStrings
GetConsoleMode
GetLocaleInfoA
GetFileSize
LCMapStringW
WideCharToMultiByte
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
HeapSize
SetStdHandle
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
LeaveCriticalSection
GetStringTypeA
GetFileType
GetTempFileNameW
CreateWaitableTimerW
RaiseException
GetCPInfo
TlsFree
SetFilePointer
ReadFile
SetUnhandledExceptionFilter
GetTempPathW
GetCurrentProcess
CloseHandle
GetSystemTimeAsFileTime
DeleteFileW
GetACP
HeapReAlloc
GetStringTypeW
GetModuleHandleW
TerminateProcess
GetConsoleCP
LCMapStringA
WriteConsoleA
VirtualAlloc
IsValidCodePage
HeapCreate
WriteFile
CreateFileW
CreateProcessW
InterlockedDecrement
Sleep
SetLastError
GetTickCount
TlsSetValue
CreateFileA
GetCurrentThreadId
SetWaitableTimer
VirtualFree
ExitProcess
GetCurrentProcessId
WriteConsoleW
InterlockedIncrement
LoadStringW
wsprintfW
CoInitializeEx
CoCreateInstance
CoInitializeSecurity
Number of PE resources by type
RT_STRING 1
Number of PE resources by language
ENGLISH US 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2008:10:23 13:21:40+00:00

FileType
Win32 EXE

PEType
PE32

CodeSize
40960

LinkerVersion
9.0

FileAccessDate
2014:06:08 10:57:21+00:00

EntryPoint
0x2575

InitializedDataSize
28672

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

FileCreateDate
2014:06:08 10:57:21+00:00

UninitializedDataSize
0

File identification
MD5 d48a7ae9934745964951a704bcc70fe9
SHA1 bcb084095bfb0ab94c1a6d6e5a57759d1b604305
SHA256 30a5441a26461e9ffc86187a0c2f6574d51d27a52a6188ecbba50cc2345586c9
ssdeep
768:aOJqGQz+BX03TjoCgp9kRLXUhH0U/i1jlbOZmGwXN/Nd4JeEMyvYcHkp58drB/B:asfBaO9kRbUM1lO+XN/sNvYc+5gT

imphash 0ba81c7afd52cbcb3d298490796caee5
File size 62.0 KB ( 63504 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2008-10-26 14:44:51 UTC ( 8 years, 11 months ago )
Last submission 2014-06-08 10:58:06 UTC ( 3 years, 4 months ago )
File names D48A7AE9934745964951A704BCC70FE9
d48a7ae9934745964951a704bcc70fe9
aa
ty0cUd6.jar
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
DNS requests