× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 3a081b4bd6a492c8ae809e9f7a4a3760075cb2f7bf24a7be497f2b2cb65e4d69
File name: b2fe6cb790be3f895c821df6a033fabd
Detection ratio: 41 / 43
Analysis date: 2011-06-01 15:35:56 UTC ( 2 years, 10 months ago ) View latest
Antivirus Result Update
AVG Generic20.CEPF 20110601
AhnLab-V3 Win-Trojan/Injector.45056.DR 20110601
AntiVir TR/Agent.IG.122 20110601
Antiy-AVL Worm/Win32.Palevo.gen 20110601
Avast Win32:Malware-gen 20110601
Avast5 Win32:Malware-gen 20110601
BitDefender Trojan.Generic.5882783 20110601
CAT-QuickHeal TrojanProxy.Ranky.A4 20110601
ClamAV Trojan.Pincav-85 20110601
Commtouch W32/Backdoor2.HIET 20110601
Comodo TrojWare.Win32.PkdKrap.IG 20110601
DrWeb Trojan.MulDrop1.62901 20110601
Emsisoft P2P-Worm.Win32.Palevo!IK 20110601
F-Prot W32/Backdoor2.HIET 20110531
F-Secure Trojan.Generic.5882783 20110601
Fortinet W32/Palevo.BJD!worm.p2p 20110601
GData Trojan.Generic.5882783 20110601
Ikarus P2P-Worm.Win32.Palevo 20110601
Jiangmin Worm/Kolab.dxt 20110601
K7AntiVirus Backdoor 20110531
Kaspersky Packed.Win32.Krap.ig 20110601
McAfee W32/Rimecud.gen.an 20110601
McAfee-GW-Edition W32/Rimecud.gen.an 20110601
Microsoft Trojan:Win32/Ircbrute 20110601
NOD32 a variant of Win32/Injector.EMF 20110601
Norman W32/Kolab.KN 20110531
PCTools Trojan.Gen 20110519
Panda W32/P2PWorm.HO 20110601
Rising Trojan.Win32.Generic.12754CF5 20110601
SUPERAntiSpyware Trojan.Agent/Gen-Hamwek 20110601
Sophos Mal/Palevo-A 20110601
Symantec Trojan.Gen 20110601
TheHacker Trojan/Injector.emf 20110601
TrendMicro TROJ_DROPR.SMIK 20110601
TrendMicro-HouseCall TROJ_DROPR.SMIK 20110601
VBA32 Trojan.Pincav.axmc 20110601
VIPRE Trojan.Win32.Pincav.autp (v) 20110601
ViRobot Trojan.Win32.Pincav.90112.X 20110601
VirusBuster Trojan.Injector!FJ/6KjLQ1xQ 20110601
eTrust-Vet Win32/Rimecud.CHI 20110601
nProtect Trojan/W32.Pincav.45056.V 20110601
Prevx 20110601
eSafe 20110531
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
PEiD Armadillo v1.71
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2011-01-28 07:20:04
Entry Point 0x0000210D
Number of sections 4
PE sections
PE imports
GetLastError
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
SetHandleCount
GetOEMCP
LCMapStringA
HeapDestroy
ExitProcess
TlsAlloc
GetEnvironmentStringsW
GetModuleFileNameA
RtlUnwind
LoadLibraryA
FreeEnvironmentStringsA
GetStartupInfoA
UnlockFile
GetEnvironmentStrings
GetCPInfo
UnhandledExceptionFilter
MultiByteToWideChar
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
WideCharToMultiByte
GetStringTypeA
GetModuleHandleA
WriteFile
GetCurrentProcess
GetACP
HeapReAlloc
GetStringTypeW
GetVersion
TerminateProcess
InitializeCriticalSection
HeapCreate
VirtualFree
TlsGetValue
GetFileType
TlsSetValue
HeapAlloc
GetCurrentThreadId
VirtualAlloc
SetLastError
LeaveCriticalSection
IsIconic
Number of PE resources by type
RT_ANIICON 3
RT_VXD 1
Number of PE resources by language
ESTONIAN NEUTRAL 4
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2011:01:28 07:20:04+00:00

FileType
Win32 EXE

PEType
PE32

CodeSize
16384

LinkerVersion
6.0

EntryPoint
0x210d

InitializedDataSize
24576

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 b2fe6cb790be3f895c821df6a033fabd
SHA1 e0a99ffa9d88f2f8470ed39cc01875cf6e244de4
SHA256 3a081b4bd6a492c8ae809e9f7a4a3760075cb2f7bf24a7be497f2b2cb65e4d69
ssdeep
384:5zuzgtRYNlnTEw8zsMsH3izMbmlvarysCrSyUTEgldbecebAGY6gArkQCKF4meIu:sEtRYxTEwub0yzeuemglZtgVLo7

File size 44.0 KB ( 45056 bytes )
File type Win32 EXE
Magic literal
MS-DOS executable PE for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
Tags
peexe armadillo

VirusTotal metadata
First submission 2011-01-28 19:26:15 UTC ( 3 years, 2 months ago )
Last submission 2012-12-07 02:30:25 UTC ( 1 year, 4 months ago )
File names b2fe6cb790be3f895c821df6a033fabd
b2fe6cb790be3f895c821df6a033fabd
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!