× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 3444c0be7a4d72d811f4afa3a221dbb52c5c8b1afa8512acaa89e9e18c8240d3
File name: 3c70a942f1a58ae8830b077e6baf977e.exe
Detection ratio: 46 / 53
Analysis date: 2014-07-17 01:02:04 UTC ( 4 years, 1 month ago )
Antivirus Result Update
Ad-Aware Trojan.Generic.6679287 20140717
Yandex Trojan.Agent!I4PwQiz5fMQ 20140716
AhnLab-V3 Win-Trojan/Koobface.253952.B 20140716
AntiVir TR/Agent.awz 20140717
Avast Win32:Malware-gen 20140717
AVG Generic2_c.BRUZ 20140716
Baidu-International Trojan.Win32.Agent.Ayv 20140716
BitDefender Trojan.Generic.6679287 20140717
Bkav W32.DropperHNI.Trojan 20140716
CMC Trojan.Win32.Agent!O 20140716
Commtouch W32/Trojan.HMMD-6990 20140717
Comodo UnclassifiedMalware 20140716
DrWeb Trojan.Siggen2.724 20140717
Emsisoft Trojan.Generic.6679287 (B) 20140717
ESET-NOD32 Win32/Koobface.NDJ 20140716
F-Prot W32/Trojan2.NFPA 20140717
F-Secure Trojan.Generic.6679287 20140717
Fortinet W32/Agent!tr 20140717
GData Trojan.Generic.6679287 20140717
Ikarus Trojan.Win32.Agent 20140717
Jiangmin Trojan/Agent.eiua 20140716
K7AntiVirus Trojan ( 0006f4d71 ) 20140716
K7GW Trojan ( 0006f4d71 ) 20140716
Kaspersky Trojan.Win32.Agent.ezni 20140716
Kingsoft Win32.Malware.Heur_Generic.B.(kcloud) 20140717
Malwarebytes Trojan.Agent 20140717
McAfee Artemis!3C70A942F1A5 20140717
McAfee-GW-Edition Artemis!3C70A942F1A5 20140716
Microsoft Trojan:Win32/Koobface.gen!N 20140716
eScan Trojan.Generic.6679287 20140717
NANO-Antivirus Trojan.Win32.Agent.bdvvx 20140717
Norman BAT_Sample.A.dropper 20140716
nProtect Trojan/W32.Agent.253952.GT 20140716
Panda W32/Koobface.KG.worm 20140716
Qihoo-360 Win32/Trojan.e63 20140717
Rising PE:Trojan.Win32.Generic.12435ED7!306405079 20140716
Sophos AV Mal/Generic-L 20140716
Symantec Trojan.Gen 20140717
Tencent Win32.Trojan.Agent.wxc 20140717
TotalDefense Win32/Koobface.WA 20140716
TrendMicro TROJ_LAMEWAR.VTG 20140717
TrendMicro-HouseCall TROJ_LAMEWAR.VTG 20140716
VBA32 Trojan.Agent 20140715
VIPRE BehavesLike.Win32.Malware.bsf (vs) 20140717
ViRobot Worm.Win32.S.Net-Koobface.253952 20140716
Zillya Trojan.Agent.Win32.108386 20140716
AegisLab 20140717
ByteHero 20140717
CAT-QuickHeal 20140716
ClamAV 20140716
SUPERAntiSpyware 20140717
TheHacker 20140714
Zoner 20140714
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
PEiD UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2010-08-25 12:51:53
Entry Point 0x0008A6F0
Number of sections 3
PE sections
PE imports
VirtualFree
ExitProcess
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
SHGetSpecialFolderPathA
PathFileExistsA
CharToOemA
InternetSetCookieA
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2010:08:25 13:51:53+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
253952

LinkerVersion
10.0

FileAccessDate
2014:07:17 02:03:43+01:00

EntryPoint
0x8a6f0

InitializedDataSize
4096

SubsystemVersion
5.1

ImageVersion
0.0

OSVersion
5.1

FileCreateDate
2014:07:17 02:03:43+01:00

UninitializedDataSize
311296

File identification
MD5 3c70a942f1a58ae8830b077e6baf977e
SHA1 c73c72bcbc43c396b13ff356e71fb35d1f8bc052
SHA256 3444c0be7a4d72d811f4afa3a221dbb52c5c8b1afa8512acaa89e9e18c8240d3
ssdeep
6144:mCB7NpSPYOJgGoEgWylCeHvJXOXZlhWZ6Gtt:B77SPYOfoY2CIiZWIU

imphash b6a9f3ef1cd5ce8163dfe5bf86661cb3
File size 248.0 KB ( 253952 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID UPX compressed Win32 Executable (42.3%)
Win32 EXE Yoda's Crypter (36.7%)
Win32 Dynamic Link Library (generic) (9.1%)
Win32 Executable (generic) (6.2%)
Generic Win/DOS Executable (2.7%)
Tags
peexe upx

VirusTotal metadata
First submission 2010-08-25 12:52:17 UTC ( 7 years, 11 months ago )
Last submission 2014-02-15 13:53:48 UTC ( 4 years, 6 months ago )
File names aa
3c70a942f1a58ae8830b077e6baf977e.exe
ff2ie[1].exe
IxauXJXZ.tar
smona130674190172675156472
AMM5Ofg.vbs
ff2ie.exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Behaviour characterization
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!