× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 33ca064372471969102e9a1095162d003307b6e238d52be335b34aa72b5265ca
File name: vistrvfd.exe
Detection ratio: 42 / 54
Analysis date: 2015-12-05 03:03:49 UTC ( 3 years, 1 month ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Kazy.164838 20151205
Yandex Trojan.Inject!wKwCiTdg0Bc 20151204
AhnLab-V3 Downloader/Win32.Karagany 20151204
ALYac Gen:Variant.Kazy.164838 20151204
Antiy-AVL Trojan/Win32.Inject 20151205
Arcabit Trojan.Kazy.D283E6 20151205
Avast Win32:GenMalicious-MDN [Trj] 20151205
AVG Win32/Heim 20151204
AVware Trojan.Win32.Zbocheman.fb (v) 20151205
Baidu-International Trojan.Win32.Inject.fjze 20151204
BitDefender Gen:Variant.Kazy.164838 20151205
CAT-QuickHeal TrojanDownloader.Dofoil.r3 20151204
Comodo UnclassifiedMalware 20151202
DrWeb BackDoor.Tishop.25 20151205
Emsisoft Gen:Variant.Kazy.164838 (B) 20151205
ESET-NOD32 a variant of Win32/Kryptik.AYXH 20151205
F-Secure Gen:Variant.Kazy.164838 20151205
Fortinet W32/Kryptik.AXA!tr 20151204
GData Gen:Variant.Kazy.164838 20151205
Ikarus Trojan-Downloader.Win32.Karagany 20151205
Jiangmin Trojan/Inject.awoc 20151204
K7AntiVirus Riskware ( 0040eff71 ) 20151202
K7GW Riskware ( 0040eff71 ) 20151202
Kaspersky Trojan.Win32.Inject.fjze 20151205
Malwarebytes Trojan.Agent.RVGen5 20151205
McAfee Artemis!3ACA6ADFA6FC 20151205
McAfee-GW-Edition BehavesLike.Win32.Gael.nc 20151205
Microsoft TrojanDownloader:Win32/Dofoil.U 20151205
eScan Gen:Variant.Kazy.164838 20151205
NANO-Antivirus Trojan.Win32.Inject.bohljq 20151205
Panda Trj/OCJ.D 20151204
Qihoo-360 HEUR/Malware.QVM11.Gen 20151205
Sophos AV Mal/ZboCheMan-N 20151204
Symantec Trojan.Gen.2 20151204
Tencent Win32.Trojan.Inject.Lnew 20151205
TheHacker Posible_Worm32 20151205
TrendMicro TROJ_SPNR.07DO13 20151205
TrendMicro-HouseCall TROJ_SPNR.07DO13 20151205
VBA32 Trojan.Inject 20151204
VIPRE Trojan.Win32.Zbocheman.fb (v) 20151205
ViRobot Trojan.Win32.Inject.32768.R[h] 20151204
Zillya Trojan.Inject.Win32.59697 20151204
AegisLab 20151204
Alibaba 20151204
Bkav 20151204
ByteHero 20151205
ClamAV 20151204
CMC 20151201
Cyren 20151205
F-Prot 20151205
nProtect 20151204
Rising 20151203
SUPERAntiSpyware 20151205
Zoner 20151205
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Gravy 1995 2005

Original name Data.exe
File version 1, 7, 6
Packers identified
F-PROT UPX
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2009-01-28 21:33:30
Entry Point 0x00115DD0
Number of sections 3
PE sections
PE imports
LsaSetSecret
SetTextAlign
VirtualFree
ExitProcess
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
EndDialog
Number of PE resources by type
RT_DIALOG 14
RT_MENU 5
RT_BITMAP 2
RT_VERSION 1
Number of PE resources by language
ARABIC JORDAN 22
PE resources
ExifTool file metadata
UrN4EFYqYsCmMWT
CwoyC6tJasTpbUxsCW

UninitializedDataSize
1105920

LinkerVersion
5.0

ImageVersion
0.0

FileVersionNumber
1.7.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

pnIVFt7iKIegKT
VVawVhONBeBIH

CharacterSet
Unicode

InitializedDataSize
4096

Tag8daVQch5bFUSisyEm
NRgsjmt11tK6yt5

EntryPoint
0x115dd0

OriginalFileName
Data.exe

KBuwiDbftJa7PUwA
BdAG8RRc8TNqTDJq2PdQ

MIMEType
application/octet-stream

LegalCopyright
Gravy 1995 2005

Qjs7d7xNG1Jc
7HaLNaSan55BjRgrG

FileVersion
1, 7, 6

TimeStamp
2009:01:28 22:33:30+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
1 7 2237

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Eh_a?

Tag4vrAkTrkED
oQrG783vnOCsdeSEY

CodeSize
28672

cGqPSBmy8JSlPrA
vuDDvcFbs8OEk

FileSubtype
0

ProductVersionNumber
1.7.0.0

RvbSXoQwYWFFfss
vtxEI8pC5wtH

FileTypeExtension
exe

ObjectFileType
Executable application

XrpoSceObVd4eUQTow
Yrwje3pWUGt

qv46fkEM3lyf4tY1kCxI
6j3sRgEgKXtg

File identification
MD5 3aca6adfa6fcaaf6b45e85d538fb709d
SHA1 95a6df51c1ad3d6066c249cd911b3561a06c8677
SHA256 33ca064372471969102e9a1095162d003307b6e238d52be335b34aa72b5265ca
ssdeep
768:WydWIzze20D7HAl9ILKUHHDt24tkE9ZHjwNDud8ZNNmWmTepr:WysIzze/nHa+x2CJnUo8bInepr

authentihash 441bbbbf7971f6d6f9ad7105a1de2f7653eefad510a936ea406b68daf63b7925
imphash c183af6de61bf2093a5f1a15ce42339f
File size 32.0 KB ( 32768 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID UPX compressed Win32 Executable (66.9%)
Win32 Dynamic Link Library (generic) (14.4%)
Win32 Executable (generic) (9.8%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe upx

VirusTotal metadata
First submission 2013-04-16 23:33:27 UTC ( 5 years, 9 months ago )
Last submission 2015-12-05 03:03:49 UTC ( 3 years, 1 month ago )
File names vistrvfd.exe
Data.exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Searched windows
Runtime DLLs