× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 335b063442744e15adc2ef7e810c198f74113f0d44f951b62e41a5b692d27f41
File name: 28c72c0bb445232ca7de451a37e98d5bdfdac825.bin
Detection ratio: 43 / 55
Analysis date: 2015-05-13 15:19:49 UTC ( 3 years, 1 month ago )
Antivirus Result Update
Ad-Aware Generic.Banker.Delf.DECF5643 20150513
Yandex TrojanSpy.Banker!FYQ44VsepiQ 20150513
AhnLab-V3 Trojan/Win32.Banker 20150512
ALYac Generic.Banker.Delf.DECF5643 20150513
Antiy-AVL Trojan[Banker]/Win32.Banker 20150513
Avast Win32:Trojan-gen 20150513
AVG PSW.Banker.YYU 20150513
AVware Trojan.Banker.Delf 20150513
Baidu-International Trojan.Win32.Banker.bw 20150512
BitDefender Generic.Banker.Delf.DECF5643 20150513
CMC Generic.Win32.7323a48a8b!MD 20150513
Comodo TrojWare.Win32.Spy.Banker.NAX_gen0 20150513
DrWeb Trojan.DownLoader.48953 20150513
Emsisoft Generic.Banker.Delf.DECF5643 (B) 20150513
ESET-NOD32 a variant of Win32/Spy.Banker.NFU 20150513
F-Secure Generic.Banker.Delf.DECF5643 20150425
Fortinet W32/Bancban.Fam!tr 20150513
GData Generic.Banker.Delf.DECF5643 20150513
Ikarus Trojan-Banker.Win32.Banker 20150513
K7AntiVirus Spyware ( 004c07711 ) 20150513
K7GW Spyware ( 004c07711 ) 20150513
Kaspersky Trojan-Banker.Win32.Banker.bw 20150513
Kingsoft Win32.Troj.Banker.bw.(kcloud) 20150513
McAfee PWS-Banker.gen.i 20150513
McAfee-GW-Edition PWS-Banker.gen.i 20150513
Microsoft TrojanSpy:Win32/Banker 20150513
eScan Generic.Banker.Delf.DECF5643 20150513
NANO-Antivirus Trojan.Win32.Banker.kgrgy 20150513
Norman Banker.FTQA 20150513
nProtect Trojan-Spy/W32.Banker.287744.D 20150513
Panda Trj/Banker.BZU 20150513
Qihoo-360 Malware.Radar01.Gen 20150513
Rising PE:Trojan.Spy.Banker.ctc!1610711442 20150513
Sophos AV Mal/DelpBanc-A 20150513
Symantec Infostealer.Bancos 20150513
Tencent Win32.Trojan-Banker.Banker.brpr 20150513
TheHacker Trojan/Spy.Banker.ju.4 20150511
TotalDefense Win32/Banker.HRU 20150513
TrendMicro TSPY_BANKER.CI 20150513
TrendMicro-HouseCall TSPY_BANKER.CI 20150513
VBA32 TrojanBanker.Banker 20150513
VIPRE Trojan.Banker.Delf 20150513
Zillya Trojan.Banker.Win32.4720 20150510
AegisLab 20150513
Alibaba 20150513
Bkav 20150513
ByteHero 20150513
CAT-QuickHeal 20150513
ClamAV 20150513
Cyren 20150513
F-Prot 20150513
Malwarebytes 20150513
SUPERAntiSpyware 20150512
ViRobot 20150513
Zoner 20150511
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
F-PROT UPX
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1992-06-19 22:22:17
Entry Point 0x000AED70
Number of sections 3
PE sections
PE imports
LoadLibraryA
ExitProcess
GetProcAddress
RegFlushKey
ImageList_Add
SaveDC
VariantCopy
Number of PE resources by type
RT_STRING 19
RT_BITMAP 10
RT_GROUP_CURSOR 7
RT_CURSOR 7
RT_RCDATA 3
RT_ICON 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 46
PORTUGUESE BRAZILIAN 2
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
1992:06:19 23:22:17+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
282624

LinkerVersion
2.25

FileTypeExtension
exe

InitializedDataSize
4096

SubsystemVersion
4.0

EntryPoint
0xaed70

OSVersion
4.0

ImageVersion
0.0

UninitializedDataSize
430080

File identification
MD5 7323a48a8b1b2ff331f293f56a22cb9e
SHA1 28c72c0bb445232ca7de451a37e98d5bdfdac825
SHA256 335b063442744e15adc2ef7e810c198f74113f0d44f951b62e41a5b692d27f41
ssdeep
6144:TAPaRUsuqYE477nk1lND9lKKaJqC2iQhH7xrTbVN21W8:TjUMKk1l59lKKEqCrEFPJEW

authentihash 437d3029e832b0d79aa5462858380a1d750a73db0eb6a4c191e881833711949b
imphash 2285381ee846e271922a08b51f5d4625
File size 281.0 KB ( 287744 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID UPX compressed Win32 Executable (38.5%)
Win32 EXE Yoda's Crypter (33.4%)
Win32 Executable Generic (10.7%)
Win32 Dynamic Link Library (generic) (9.5%)
Win16/32 Executable Delphi generic (2.6%)
Tags
peexe upx

VirusTotal metadata
First submission 2012-02-10 15:18:44 UTC ( 6 years, 4 months ago )
Last submission 2012-06-07 09:57:23 UTC ( 6 years ago )
File names imgit.jpg
Ug4Mo.lnk
28c72c0bb445232ca7de451a37e98d5bdfdac825.bin
aa
BHvZDrp.tif
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!