× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 38b234ccb8dc52a927c70fb90d04f58db9800accd3d522f5843c6f2b23d44028
File name: ad25b225bfe416fbdcf648d62a49c09d.exe
Detection ratio: 15 / 45
Analysis date: 2013-03-12 01:35:18 UTC ( 1 year, 1 month ago ) View latest
Antivirus Result Update
AVG ScreenLocker.KA 20130312
BitDefender Gen:Variant.Kazy.152498 20130312
Comodo UnclassifiedMalware 20130312
ESET-NOD32 a variant of Win32/Kryptik.AWNA 20130312
Emsisoft Trojan.Win32.Agent.AMN (A) 20130312
F-Secure Gen:Variant.Kazy.152498 20130312
Fortinet W32/Foreign.AMFN!tr 20130311
GData Gen:Variant.Kazy.152498 20130312
Ikarus Trojan-Ransom.Win32.Foreign 20130311
Kaspersky Trojan-Ransom.Win32.Foreign.amfn 20130311
Malwarebytes Trojan.Ransom.Foreign 20130312
MicroWorld-eScan Gen:Variant.Kazy.152498 20130312
Norman Kryptik.QHN 20130311
Panda Trj/Dtcontx.C 20130311
TrendMicro-HouseCall TROJ_GEN.F47V0307 20130312
Agnitum 20130311
AhnLab-V3 20130311
AntiVir 20130312
Antiy-AVL 20130311
Avast 20130312
ByteHero 20130310
CAT-QuickHeal 20130311
ClamAV 20130311
Commtouch 20130311
DrWeb 20130312
F-Prot 20130311
Jiangmin 20130311
K7AntiVirus 20130311
Kingsoft 20130311
McAfee 20130312
McAfee-GW-Edition 20130312
Microsoft 20130312
NANO-Antivirus 20130312
PCTools 20130311
SUPERAntiSpyware 20130312
Sophos 20130312
Symantec 20130312
TheHacker 20130311
TotalDefense 20130311
TrendMicro 20130312
VBA32 20130311
VIPRE 20130312
ViRobot 20130311
eSafe 20130307
nProtect 20130311
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-03-06 07:24:59
Entry Point 0x00001000
Number of sections 4
PE sections
PE imports
VirtualAlloc
GetLastError
GetModuleHandleA
ExitProcess
GetMessageA
CreateWindowExA
LoadCursorA
LoadIconA
DispatchMessageA
TranslateMessage
MoveWindow
SendMessageA
SetTimer
PostQuitMessage
DefWindowProcA
ShowWindow
RegisterClassA
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2013:03:06 07:24:59+00:00

FileType
Win32 EXE

PEType
PE32

CodeSize
1024

LinkerVersion
1.71

EntryPoint
0x1000

InitializedDataSize
41984

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
1.0

UninitializedDataSize
0

File identification
MD5 ad25b225bfe416fbdcf648d62a49c09d
SHA1 c9fd73fc34b9cda07c2cc202b4c51a81418b6882
SHA256 38b234ccb8dc52a927c70fb90d04f58db9800accd3d522f5843c6f2b23d44028
ssdeep
768:jcbmkeZScihDdssA88soFTFCaHvPNXBsjj:IqkeZwJtoF5HNKX

File size 43.0 KB ( 44032 bytes )
File type Win32 EXE
Magic literal
MS-DOS executable PE for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Generic (58.2%)
Win16/32 Executable Delphi generic (14.1%)
Generic Win/DOS Executable (13.6%)
DOS Executable Generic (13.6%)
VXD Driver (0.2%)
Tags
peexe

VirusTotal metadata
First submission 2013-03-07 04:34:59 UTC ( 1 year, 1 month ago )
Last submission 2013-03-16 03:18:13 UTC ( 1 year, 1 month ago )
File names ad25b225bfe416fbdcf648d62a49c09d.exe
ad25b225bfe416fbdcf648d62a49c09d
Advanced heuristic and reputation engines
ClamAV PUA
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: http://www.clamav.net/index.php?s=pua&lang=en .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.