× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 38085a75424bffe11cd8b81d0ab0147caed1bc962abb4d76a0def7a8e74a1133
File name: load.php-SWpJmE
Detection ratio: 42 / 46
Analysis date: 2012-12-09 00:24:04 UTC ( 5 years, 11 months ago )
Antivirus Result Update
Yandex Trojan.Oficla!8BoenXJRLCo 20121208
AhnLab-V3 Win-Trojan/Sasfis.23552.E 20121208
AntiVir TR/Crypt.ZPACK.Gen 20121208
Avast Win32:Trojan-gen 20121209
AVG Generic16.CNLU 20121208
BitDefender Trojan.Generic.5647455 20121208
ClamAV Win.Trojan.Sasfis-29 20121208
Commtouch W32/MalwareS.BWR 20121209
Comodo TrojWare.Win32.Trojan.Agent.~KMM 20121208
DrWeb Trojan.Proxy.13462 20121209
Emsisoft Trojan.Win32.Sasfis.ahwx.AMN (A) 20121209
eSafe Win32.Oficla.Ef 20121205
ESET-NOD32 a variant of Win32/Kryptik.DBO 20121208
F-Prot W32/MalwareS.BWR 20121208
F-Secure Trojan.Generic.5647455 20121208
Fortinet W32/Oficla.LR!tr 20121209
GData Trojan.Generic.5647455 20121208
Ikarus Trojan.Win32.Oficla 20121208
Jiangmin Trojan/Sasfis.hmq 20121208
K7AntiVirus Riskware 20121208
Kaspersky Trojan.Win32.Sasfis.ahwx 20121208
Kingsoft Win32.Troj.Sasfis.(kcloud) 20121206
McAfee Artemis!F11E5213D5D2 20121209
McAfee-GW-Edition Artemis!F11E5213D5D2 20121209
Microsoft Trojan:Win32/Oficla.L 20121209
eScan Trojan.Generic.5647455 20121209
NANO-Antivirus Trojan.Win32.Sasfis.rpgg 20121208
Norman W32/Troj_Generic.AAXCX 20121208
nProtect Trojan/W32.Sasfis.23552.C 20121208
Panda Adware/NaviPromo 20121208
PCTools Trojan.Sasfis 20121209
Rising Trojan.Win32.Generic.12477A12 20121207
Sophos AV Mal/Generic-L 20121208
SUPERAntiSpyware Trojan.Agent/Gen 20121208
Symantec Trojan.Sasfis 20121209
TheHacker Trojan/Oficla.ef 20121207
TotalDefense Win32/Oficla.CU 20121207
TrendMicro Mal_Sasfis-1 20121209
TrendMicro-HouseCall Mal_Sasfis-1 20121208
VBA32 Trojan.Sasfis.ahwx 20121207
VIPRE Trojan.Win32.Sasfis.a (v) 20121208
ViRobot Trojan.Win32.S.Sasfis.23552 20121208
Antiy-AVL 20121204
ByteHero 20121130
CAT-QuickHeal 20121208
Malwarebytes 20121208
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2010-03-03 23:09:51
Entry Point 0x00001090
Number of sections 6
PE sections
PE imports
SetUnhandledExceptionFilter
GetModuleHandleA
ExitProcess
_cexit
signal
__set_app_type
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2010:03:03 23:09:51+00:00

FileType
Win32 EXE

PEType
PE32

CodeSize
4608

LinkerVersion
2.56

EntryPoint
0x1090

InitializedDataSize
17920

SubsystemVersion
4.0

ImageVersion
1.0

OSVersion
4.0

UninitializedDataSize
512

File identification
MD5 f11e5213d5d23ce32b765094a67fe901
SHA1 ec116ee00f9363dfaa686f1b76b4343bab9f527f
SHA256 38085a75424bffe11cd8b81d0ab0147caed1bc962abb4d76a0def7a8e74a1133
ssdeep
384:pPDJP77OWube/xjEYoH9DVPReuav8GEdm78JstgZVUOJE7K4SW4:ptPXlio+Yo1V0/UGGm78YiV3JE7K4E

File size 23.0 KB ( 23552 bytes )
File type Win32 EXE
Magic literal
MS-DOS executable PE for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Generic (58.2%)
Win16/32 Executable Delphi generic (14.1%)
Generic Win/DOS Executable (13.6%)
DOS Executable Generic (13.6%)
VXD Driver (0.2%)
Tags
peexe

VirusTotal metadata
First submission 2010-03-04 18:57:47 UTC ( 8 years, 8 months ago )
Last submission 2012-12-09 00:24:04 UTC ( 5 years, 11 months ago )
File names bp9I.dll
aa
load.php-SWpJmE
sample_f11e5213d5d23ce32b765094a67fe901
mZvS07N.zip
F11E5213D5D23CE32B765094A67FE901
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!