× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 3d63185e1191bfef0e3f04d19dc6ab83b42b12693f1a3d64e424f1990a07c0aa
File name: vt-upload-yv7En
Detection ratio: 37 / 46
Analysis date: 2013-08-29 04:29:59 UTC ( 7 months, 3 weeks ago )
Antivirus Result Update
AVG BackDoor.Generic17.AHKU 20130829
AhnLab-V3 Win-Trojan/Malpacked3.Gen 20130828
AntiVir BDS/Androm.afhx 20130828
Antiy-AVL Backdoor/Win32.Androm.gen 20130828
Avast Win32:Agent-ARLM [Trj] 20130829
BitDefender Trojan.GenericKD.1130434 20130829
CAT-QuickHeal Trojan.CeeInject 20130829
Commtouch W32/Backdoor.JEOW-2651 20130829
Comodo TrojWare.Win32.Kryptik.BGAH 20130829
DrWeb BackDoor.Tishop.55 20130829
ESET-NOD32 Win32/TrojanDownloader.Zurgop.AW 20130828
Emsisoft Trojan-Backdoor.Win32.Androm (A) 20130829
F-Prot W32/Backdoor2.HSIR 20130829
F-Secure Trojan.GenericKD.1130434 20130829
Fortinet W32/Injector.AKER!tr 20130829
GData Trojan.GenericKD.1130434 20130829
Ikarus Virus.Win32.CeeInject 20130829
Jiangmin Backdoor/Androm.ayi 20130827
K7AntiVirus Backdoor 20130828
K7GW Backdoor 20130828
Kaspersky Backdoor.Win32.Androm.afhx 20130829
Malwarebytes Trojan.Agent.BH 20130829
McAfee Trojan-FCSC!6AEACB54D57C 20130829
McAfee-GW-Edition Trojan-FCSC!6AEACB54D57C 20130828
MicroWorld-eScan Trojan.GenericKD.1130434 20130829
Microsoft VirTool:Win32/CeeInject.gen!JX 20130829
NANO-Antivirus Trojan.Win32.Androm.bxzbqe 20130828
Norman Inject.BBYH 20130828
PCTools Malware.Spyrat!rem 20130828
Panda Trj/Zbot.M 20130828
Sophos Troj/Bredo-AIK 20130829
Symantec W32.Spyrat 20130829
TheHacker Trojan/Injector.ajwf 20130829
TrendMicro TROJ_SPNR.09GS13 20130829
TrendMicro-HouseCall TROJ_SPNR.09GS13 20130826
VBA32 Backdoor.Androm 20130828
VIPRE Trojan.Win32.Generic!BT 20130829
Agnitum 20130828
ByteHero 20130828
ClamAV 20130829
Kingsoft 20130723
Rising 20130829
SUPERAntiSpyware 20130829
TotalDefense 20130828
ViRobot 20130829
nProtect 20130828
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2005-01-18 08:39:46
Entry Point 0x00001240
Number of sections 6
PE sections
PE imports
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
CancelDC
CreateColorSpaceA
CreateFontA
EndPath
CloseFigure
GetLastError
GetConsoleMode
GetModuleHandleA
GetConsoleCursorInfo
WaitForSingleObject
SetUnhandledExceptionFilter
ClearCommBreak
ExitProcess
CallNamedPipeA
BackupWrite
VirtualProtectEx
SetLastError
__p__fmode
malloc
__p__environ
atexit
_setmode
_fmode
_cexit
_onexit
abs
_pctype
atoi
_fstati64
atol
__getmainargs
memcpy
_lseeki64
signal
atan2
_filelengthi64
__mb_cur_max
__set_app_type
localeconv
_iob
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2005:01:18 09:39:46+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
34304

LinkerVersion
2.56

EntryPoint
0x1240

InitializedDataSize
61440

SubsystemVersion
4.0

ImageVersion
1.0

OSVersion
4.0

UninitializedDataSize
512

File identification
MD5 6aeacb54d57cddff1b1b39d2d3b32140
SHA1 0a9c19f34f480009e861817d08e9362ac0bd6840
SHA256 3d63185e1191bfef0e3f04d19dc6ab83b42b12693f1a3d64e424f1990a07c0aa
ssdeep
768:75xw0YqOpqWjNF75WCGgLa1be6oMmaD+kkkY4AvOU22:S7bjLaA6BD+kkkpAL

File size 72.0 KB ( 73731 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (61.6%)
Win32 Dynamic Link Library (generic) (14.6%)
Win32 Executable (generic) (10.0%)
Win16/32 Executable Delphi generic (4.6%)
Generic Win/DOS Executable (4.4%)
Tags
peexe

VirusTotal metadata
First submission 2013-07-22 10:09:20 UTC ( 9 months ago )
Last submission 2013-07-27 05:41:23 UTC ( 8 months, 3 weeks ago )
File names vt-upload-yv7En
vt-upload-wDq0u
mms_data.exe
Document.exe
Document.pdf.exe
Document.8759367498.pdf.exe
Electronic Reservation ID_H6Y55IF4.PDF.exe
file-5754156_exe
mms_data_21-07-2013_911106338.gif.exe
mms_data.gif.exe
malekal_6aeacb54d57cddff1b1b39d2d3b32140
Advanced heuristic and reputation engines
ClamAV PUA
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: http://www.clamav.net/index.php?s=pua&lang=en .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Created processes
Opened mutexes
Runtime DLLs