× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 38b0b2ca96f6bc24c3618f2a95deb86755f0946ddd632dd9e6261ebeed7c2050
File name: download_pdf.html
Detection ratio: 31 / 41
Analysis date: 2010-07-10 08:18:29 UTC ( 3 years, 9 months ago ) View latest
Antivirus Result Update
AVG Downloader.Agent2.YTH 20100709
AhnLab-V3 Downloader/Win32.Agent 20100709
AntiVir TR/Dldr.Delphi.Gen 20100709
Authentium W32/Delf.D.gen!Eldorado 20100710
Avast Win32:Malware-gen 20100710
Avast5 Win32:Malware-gen 20100710
BitDefender Gen:Trojan.FirewallBypass.cSWbaKtU6Yn 20100710
CAT-QuickHeal Win32.Trojan.Klone.d.h 20100710
ClamAV PUA.Packed.ASPack 20100710
Comodo Heur.Packed.Unknown 20100709
F-Prot W32/Delf.D.gen!Eldorado 20100709
F-Secure Gen:Trojan.FirewallBypass.cSWbaKtU6Yn 20100709
GData Gen:Trojan.FirewallBypass.cSWbaKtU6Yn 20100710
Ikarus Trojan-Dropper.Agent 20100709
Kaspersky Trojan-Downloader.Win32.Agent.dzke 20100710
McAfee Artemis!32E4BEDF5A19 20100710
McAfee-GW-Edition Heuristic.BehavesLike.Win32.Keylogger.C 20100705
Microsoft TrojanDownloader:Win32/Small.gen!AO 20100710
NOD32 probably a variant of Win32/TrojanDownloader.Banload.BJY 20100709
Norman W32/Downloader 20100709
PCTools HeurEngine.ZeroDayThreat 20100710
Panda Trj/CI.A 20100709
Rising Trojan.DL.Win32.Downloader.GEN 20100709
Sophos Mal/TinyDL-T 20100710
Sunbelt Trojan-Downloader.Win32.Small 20100710
Symantec Suspicious.DLoader 20100710
TrendMicro PAK_Generic.001 20100710
TrendMicro-HouseCall TSPY_AFMD.A 20100710
VBA32 Trojan-Downloader.Win32.Agent.dzjj 20100709
a-squared Trojan-Dropper.Agent!IK 20100709
nProtect Gen:Trojan.FirewallBypass.cSWbaKtU6Yn 20100709
Antiy-AVL 20100709
DrWeb 20100710
Fortinet 20100709
Jiangmin 20100710
Prevx 20100710
TheHacker 20100708
ViRobot 20100710
VirusBuster 20100709
eSafe 20100708
eTrust-Vet 20100710
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
F-PROT Aspack
PEiD ASPack v2.12
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1992-06-19 22:22:17
Entry Point 0x0001E001
Number of sections 11
PE sections
PE imports
RegQueryValueExA
RegSetValueExA
GetProcAddress
GetModuleHandleA
LoadLibraryA
SysFreeString
SafeArrayPtrOfIndex
URLDownloadToFileA
GetKeyboardType
MessageBoxA
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
1992:06:20 00:22:17+02:00

FileType
Win32 EXE

PEType
PE32

CodeSize
66048

LinkerVersion
2.25

EntryPoint
0x1e001

InitializedDataSize
17920

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 32e4bedf5a196d3bbd707737b58eafd0
SHA1 5660adb2720c3dfa64a184ec9ccc01767780abff
SHA256 38b0b2ca96f6bc24c3618f2a95deb86755f0946ddd632dd9e6261ebeed7c2050
ssdeep
768:/4BeEgUjlZJmSwhcII+Zsy8DYg+BWTT8ifboDQ0/JU/RLMX0QWQzqkMq3CROvBW5:aeEgUzyQcj4bos0/JUpa0QlByROvrdFC

File size 43.5 KB ( 44544 bytes )
File type Win32 EXE
Magic literal

TrID Win32 Executable Generic (38.4%)
Win32 Dynamic Link Library (generic) (34.1%)
Win16/32 Executable Delphi generic (9.3%)
Generic Win/DOS Executable (9.0%)
DOS Executable Generic (9.0%)
Tags
aspack

VirusTotal metadata
First submission 2010-07-09 15:43:13 UTC ( 3 years, 9 months ago )
Last submission 2011-12-06 11:27:28 UTC ( 2 years, 4 months ago )
File names 32E4BEDF5A196D3BBD707737B58EAFD0
malware.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!