× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 3d63185e1191bfef0e3f04d19dc6ab83b42b12693f1a3d64e424f1990a07c0aa
File name: vt-upload-yv7En
Detection ratio: 45 / 53
Analysis date: 2014-08-19 19:04:08 UTC ( 6 months, 2 weeks ago )
Antivirus Result Update
AVG BackDoor.Generic17.AHKU 20140819
AVware Trojan.Win32.Generic!BT 20140819
Ad-Aware Trojan.GenericKD.1130434 20140819
Agnitum Trojan.DL.Zurgop!PVVlQ3FdbW8 20140819
AhnLab-V3 Win-Trojan/Malpacked3.Gen 20140819
AntiVir BDS/Androm.afhx 20140819
Antiy-AVL Trojan[Backdoor]/Win32.Androm 20140819
Avast Win32:Agent-ARLM [Trj] 20140819
Baidu-International Backdoor.Win32.Androm.ar 20140819
BitDefender Trojan.GenericKD.1130434 20140819
Bkav W32.WintagmoLTK.Trojan 20140818
CAT-QuickHeal Trojan.CeeInject.cw6 20140819
Commtouch W32/Backdoor.JEOW-2651 20140819
Comodo TrojWare.Win32.Injector.AMDV 20140819
DrWeb BackDoor.Tishop.55 20140819
ESET-NOD32 Win32/TrojanDownloader.Zurgop.AW 20140819
Emsisoft Backdoor.Win32.Androm (A) 20140819
F-Prot W32/Backdoor2.HSIR 20140819
F-Secure Trojan.GenericKD.1130434 20140819
Fortinet W32/Androm.AFHX!tr.bdr 20140819
GData Trojan.GenericKD.1130434 20140819
Ikarus Trojan.Infector 20140819
Jiangmin Backdoor/Androm.ayi 20140815
K7AntiVirus Trojan-Downloader ( 003ddca31 ) 20140819
K7GW Trojan-Downloader ( 003ddca31 ) 20140819
Kaspersky Backdoor.Win32.Androm.afhx 20140819
Kingsoft Win32.Hack.Androm.af.(kcloud) 20140819
Malwarebytes Trojan.Agent.BH 20140819
McAfee Generic.pw 20140819
MicroWorld-eScan Trojan.GenericKD.1130434 20140819
Microsoft VirTool:Win32/CeeInject.gen!JX 20140819
NANO-Antivirus Trojan.Win32.Androm.bzxapv 20140819
Panda Trj/Agent.IVN 20140819
Qihoo-360 Win32/Backdoor.201 20140819
Rising PE:Trojan.Win32.Generic.1580F0EC!360771820 20140819
Sophos Troj/Bredo-AIK 20140819
Symantec W32.Spyrat 20140819
Tencent Win32.Backdoor.Androm.Wsuk 20140819
TheHacker Trojan/Injector.ajwf 20140817
TotalDefense Win32/CInject.UW 20140819
TrendMicro BKDR_ANDROM.IZ 20140819
TrendMicro-HouseCall BKDR_ANDROM.IZ 20140819
VBA32 Trojan.EA.01671 20140819
VIPRE Trojan.Win32.Generic!BT 20140819
nProtect Trojan.GenericKD.1130434 20140819
AegisLab 20140819
ByteHero 20140819
CMC 20140818
ClamAV 20140819
McAfee-GW-Edition 20140818
Norman 20140819
SUPERAntiSpyware 20140819
ViRobot 20140819
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2005-01-18 08:39:46
Link date 9:39 AM 1/18/2005
Entry Point 0x00001240
Number of sections 6
PE sections
PE imports
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
CancelDC
CreateColorSpaceA
CreateFontA
EndPath
CloseFigure
GetLastError
GetConsoleMode
GetModuleHandleA
GetConsoleCursorInfo
WaitForSingleObject
SetUnhandledExceptionFilter
ClearCommBreak
ExitProcess
CallNamedPipeA
BackupWrite
VirtualProtectEx
SetLastError
__p__fmode
malloc
__p__environ
atexit
_setmode
_fmode
_cexit
_onexit
abs
_pctype
atoi
_fstati64
atol
__getmainargs
memcpy
_lseeki64
signal
atan2
_filelengthi64
__mb_cur_max
__set_app_type
localeconv
_iob
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2005:01:18 09:39:46+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
34304

LinkerVersion
2.56

EntryPoint
0x1240

InitializedDataSize
61440

SubsystemVersion
4.0

ImageVersion
1.0

OSVersion
4.0

UninitializedDataSize
512

File identification
MD5 6aeacb54d57cddff1b1b39d2d3b32140
SHA1 0a9c19f34f480009e861817d08e9362ac0bd6840
SHA256 3d63185e1191bfef0e3f04d19dc6ab83b42b12693f1a3d64e424f1990a07c0aa
ssdeep
768:75xw0YqOpqWjNF75WCGgLa1be6oMmaD+kkkY4AvOU22:S7bjLaA6BD+kkkpAL

imphash 2e4656403c3284baa08854006f206c32
File size 72.0 KB ( 73731 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (61.6%)
Win32 Dynamic Link Library (generic) (14.6%)
Win32 Executable (generic) (10.0%)
Win16/32 Executable Delphi generic (4.6%)
Generic Win/DOS Executable (4.4%)
Tags
peexe

VirusTotal metadata
First submission 2013-07-22 10:09:20 UTC ( 1 year, 7 months ago )
Last submission 2013-07-27 05:41:23 UTC ( 1 year, 7 months ago )
File names vt-upload-yv7En
vt-upload-wDq0u
mms_data.exe
Document.exe
Document.pdf.exe
Document.8759367498.pdf.exe
Electronic Reservation ID_H6Y55IF4.PDF.exe
file-5754156_exe
mms_data_21-07-2013_911106338.gif.exe
mms_data.gif.exe
malekal_6aeacb54d57cddff1b1b39d2d3b32140
Advanced heuristic and reputation engines
ClamAV PUA
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: http://www.clamav.net/doc/pua.html .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Created processes
Opened mutexes
Runtime DLLs