× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 3d63185e1191bfef0e3f04d19dc6ab83b42b12693f1a3d64e424f1990a07c0aa
File name: 006088369
Detection ratio: 51 / 57
Analysis date: 2015-08-11 07:22:08 UTC ( 3 weeks, 2 days ago )
Antivirus Result Update
ALYac Trojan.GenericKD.1130434 20150811
AVG Cryptic.EQF 20150810
AVware Trojan.Win32.Generic!BT 20150811
Ad-Aware Trojan.GenericKD.1130434 20150811
Agnitum Trojan.DL.Zurgop!PVVlQ3FdbW8 20150810
AhnLab-V3 Win-Trojan/Malpacked3.Gen 20150811
Antiy-AVL Trojan[Backdoor]/Win32.Androm 20150811
Arcabit Trojan.Generic.D113FC2 20150811
Avast Win32:Agent-ARLM [Trj] 20150811
Avira BDS/Androm.afhx 20150811
Baidu-International Backdoor.Win32.Androm.afhx 20150810
BitDefender Trojan.GenericKD.1130434 20150811
Bkav W32.WintagmoLTK.Trojan 20150810
CAT-QuickHeal Trojan.CeeInject.cw6 20150810
CMC Backdoor.Win32.Androm!O 20150710
ClamAV Win.Trojan.Androm-87 20150811
Comodo TrojWare.Win32.Injector.AMDV 20150811
Cyren W32/Backdoor.JEOW-2651 20150811
DrWeb BackDoor.Tishop.55 20150811
ESET-NOD32 Win32/TrojanDownloader.Zurgop.AW 20150811
Emsisoft Trojan.GenericKD.1130434 (B) 20150811
F-Prot W32/Backdoor2.HSIR 20150811
F-Secure Trojan.GenericKD.1130434 20150811
Fortinet W32/Androm.AFHX!tr.bdr 20150811
GData Trojan.GenericKD.1130434 20150811
Ikarus Trojan.Infector 20150811
Jiangmin Backdoor/Androm.ayi 20150810
K7AntiVirus Trojan-Downloader ( 003ddca31 ) 20150811
K7GW Trojan-Downloader ( 003ddca31 ) 20150811
Kaspersky Backdoor.Win32.Androm.afhx 20150811
Kingsoft Win32.Hack.Androm.af.(kcloud) 20150811
Malwarebytes Trojan.Agent.BH 20150811
McAfee Generic.pw 20150811
McAfee-GW-Edition BehavesLike.Win32.Sality.lt 20150810
MicroWorld-eScan Trojan.GenericKD.1130434 20150811
Microsoft VirTool:Win32/CeeInject.gen!JX 20150811
NANO-Antivirus Trojan.Win32.Androm.bzxapv 20150811
Panda Trj/Agent.IVN 20150810
Qihoo-360 Win32/Backdoor.201 20150811
Rising PE:Trojan.Win32.Generic.1580F0EC!360771820 20150810
Sophos Troj/Bredo-AIK 20150811
Symantec W32.Spyrat 20150811
TheHacker Trojan/Injector.ajwf 20150811
TotalDefense Win32/CInject.UW 20150811
TrendMicro BKDR_ANDROM.IZ 20150811
TrendMicro-HouseCall BKDR_ANDROM.IZ 20150811
VBA32 Trojan.EA.01671 20150809
VIPRE Trojan.Win32.Generic!BT 20150811
Zillya Backdoor.Androm.Win32.2004 20150810
Zoner Trojan.Zurgop.AW 20150810
nProtect Trojan.GenericKD.1130434 20150811
AegisLab 20150810
Alibaba 20150803
ByteHero 20150811
SUPERAntiSpyware 20150811
Tencent 20150811
ViRobot 20150811
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2005-01-18 08:39:46
Link date 9:39 AM 1/18/2005
Entry Point 0x00001240
Number of sections 6
PE sections
Overlays
MD5 693e9af84d3dfcc71e640e005bdc5e2e
File type ASCII text
Offset 73728
Size 3
Entropy 0.00
PE imports
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
CancelDC
CreateColorSpaceA
CreateFontA
EndPath
CloseFigure
GetLastError
GetConsoleMode
GetModuleHandleA
GetConsoleCursorInfo
WaitForSingleObject
SetUnhandledExceptionFilter
ClearCommBreak
ExitProcess
CallNamedPipeA
BackupWrite
VirtualProtectEx
SetLastError
__p__fmode
malloc
__p__environ
atexit
_setmode
_fmode
_cexit
_onexit
abs
_pctype
atoi
_fstati64
atol
__getmainargs
memcpy
_lseeki64
signal
atan2
_filelengthi64
__mb_cur_max
__set_app_type
localeconv
_iob
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2005:01:18 09:39:46+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
34304

LinkerVersion
2.56

EntryPoint
0x1240

InitializedDataSize
61440

SubsystemVersion
4.0

ImageVersion
1.0

OSVersion
4.0

UninitializedDataSize
512

File identification
MD5 6aeacb54d57cddff1b1b39d2d3b32140
SHA1 0a9c19f34f480009e861817d08e9362ac0bd6840
SHA256 3d63185e1191bfef0e3f04d19dc6ab83b42b12693f1a3d64e424f1990a07c0aa
ssdeep
768:75xw0YqOpqWjNF75WCGgLa1be6oMmaD+kkkY4AvOU22:S7bjLaA6BD+kkkpAL

authentihash 0abb61b4a9545e745bccb7f338702b0870cb5c375a489bf9ed903407a5792ba8
imphash 2e4656403c3284baa08854006f206c32
File size 72.0 KB ( 73731 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (61.6%)
Win32 Dynamic Link Library (generic) (14.6%)
Win32 Executable (generic) (10.0%)
Win16/32 Executable Delphi generic (4.6%)
Generic Win/DOS Executable (4.4%)
Tags
peexe overlay

VirusTotal metadata
First submission 2013-07-22 10:09:20 UTC ( 2 years, 1 month ago )
Last submission 2015-06-12 11:11:33 UTC ( 2 months, 3 weeks ago )
File names vt-upload-yv7En
mms_data_21-07-2013_911106338.gif.exe
mms_data.exe
Document.exe
Document.pdf.exe
vt-upload-wDq0u
Document.8759367498.pdf.exe
Electronic Reservation ID_H6Y55IF4.PDF.exe
file-5754156_exe
006088369
mms_data.gif.exe
malekal_6aeacb54d57cddff1b1b39d2d3b32140
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: http://www.clamav.net/doc/pua.html .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Created processes
Opened mutexes
Runtime DLLs