× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 38b0b2ca96f6bc24c3618f2a95deb86755f0946ddd632dd9e6261ebeed7c2050
File name: download_pdf.html
Detection ratio: 31 / 41
Analysis date: 2010-07-10 08:18:29 UTC ( 5 years ago ) View latest
Antivirus Result Update
AVG Downloader.Agent2.YTH 20100709
AhnLab-V3 Downloader/Win32.Agent 20100709
AntiVir TR/Dldr.Delphi.Gen 20100709
Authentium W32/Delf.D.gen!Eldorado 20100710
Avast Win32:Malware-gen 20100710
Avast5 Win32:Malware-gen 20100710
BitDefender Gen:Trojan.FirewallBypass.cSWbaKtU6Yn 20100710
CAT-QuickHeal Win32.Trojan.Klone.d.h 20100710
ClamAV PUA.Packed.ASPack 20100710
Comodo Heur.Packed.Unknown 20100709
F-Prot W32/Delf.D.gen!Eldorado 20100709
F-Secure Gen:Trojan.FirewallBypass.cSWbaKtU6Yn 20100709
GData Gen:Trojan.FirewallBypass.cSWbaKtU6Yn 20100710
Ikarus Trojan-Dropper.Agent 20100709
Kaspersky Trojan-Downloader.Win32.Agent.dzke 20100710
McAfee Artemis!32E4BEDF5A19 20100710
McAfee-GW-Edition Heuristic.BehavesLike.Win32.Keylogger.C 20100705
Microsoft TrojanDownloader:Win32/Small.gen!AO 20100710
NOD32 probably a variant of Win32/TrojanDownloader.Banload.BJY 20100709
Norman W32/Downloader 20100709
PCTools HeurEngine.ZeroDayThreat 20100710
Panda Trj/CI.A 20100709
Rising Trojan.DL.Win32.Downloader.GEN 20100709
Sophos Mal/TinyDL-T 20100710
Sunbelt Trojan-Downloader.Win32.Small 20100710
Symantec Suspicious.DLoader 20100710
TrendMicro PAK_Generic.001 20100710
TrendMicro-HouseCall TSPY_AFMD.A 20100710
VBA32 Trojan-Downloader.Win32.Agent.dzjj 20100709
a-squared Trojan-Dropper.Agent!IK 20100709
nProtect Gen:Trojan.FirewallBypass.cSWbaKtU6Yn 20100709
Antiy-AVL 20100709
DrWeb 20100710
Fortinet 20100709
Jiangmin 20100710
Prevx 20100710
TheHacker 20100708
ViRobot 20100710
VirusBuster 20100709
eSafe 20100708
eTrust-Vet 20100710
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
Command Aspack
F-PROT Aspack
PEiD ASPack v2.12
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1992-06-19 22:22:17
Link date 11:22 PM 6/19/1992
Entry Point 0x0001E001
Number of sections 11
PE sections
PE imports
RegSetValueExA
RegQueryValueExA
GetProcAddress
GetModuleHandleA
LoadLibraryA
SysFreeString
SafeArrayPtrOfIndex
URLDownloadToFileA
MessageBoxA
GetKeyboardType
Number of PE resources by type
RT_STRING 6
RT_RCDATA 2
RT_MANIFEST 1
Number of PE resources by language
NEUTRAL 9
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
1992:06:19 23:22:17+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
66048

LinkerVersion
2.25

FileAccessDate
2014:08:05 09:34:49+01:00

EntryPoint
0x1e001

InitializedDataSize
17920

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

FileCreateDate
2014:08:05 09:34:49+01:00

UninitializedDataSize
0

Execution parents
File identification
MD5 32e4bedf5a196d3bbd707737b58eafd0
SHA1 5660adb2720c3dfa64a184ec9ccc01767780abff
SHA256 38b0b2ca96f6bc24c3618f2a95deb86755f0946ddd632dd9e6261ebeed7c2050
ssdeep
768:/4BeEgUjlZJmSwhcII+Zsy8DYg+BWTT8ifboDQ0/JU/RLMX0QWQzqkMq3CROvBW5:aeEgUzyQcj4bos0/JUpa0QlByROvrdFC

authentihash c9e3c5ccdbcd172e74bc3270fe02dbd05038294ddac0a073dda872c185e5a9e4
imphash 8063a2a9d361fba8fa5c8f1abb15e1a3
File size 43.5 KB ( 44544 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.3%)
Win32 Executable (generic) (26.2%)
Win16/32 Executable Delphi generic (12.0%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe aspack

VirusTotal metadata
First submission 2010-07-09 15:43:13 UTC ( 5 years ago )
Last submission 2014-09-17 08:25:29 UTC ( 10 months, 2 weeks ago )
File names 32e4bedf5a196d3bbd707737b58eafd0
32E4BEDF5A196D3BBD707737B58EAFD0
microsoft.exe
malware.exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: http://www.clamav.net/doc/pua.html .

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.