× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 3dd8c61346c76c14f5523c894087149301110e1db4a54cac1786673e644ec674
File name: 2d36da6fd4427086352fbcf327f5b628
Detection ratio: 48 / 51
Analysis date: 2014-04-29 04:43:29 UTC ( 4 years, 8 months ago )
Antivirus Result Update
Ad-Aware Worm.Generic.231365 20140429
Yandex Worm.Koobface!a289M8S/LAM 20140428
AhnLab-V3 Worm/Win32.Koobface 20140428
AntiVir TR/Dropper.Gen 20140429
Antiy-AVL Worm[Net]/Win32.Koobface 20140429
Avast Win32:Koobface-AT [Wrm] 20140429
AVG Worm/Koobface.X 20140428
Baidu-International Worm.Win32.Koobface.AUw 20140428
BitDefender Worm.Generic.231365 20140429
Bkav W32.KoobFaceXA.Trojan 20140428
CAT-QuickHeal (Suspicious) - DNAScan 20140428
ClamAV Win.Worm.Koobface-118 20140429
CMC Net-Worm.Win32.Koobface!O 20140424
Commtouch W32/Koobface.N.gen!Eldorado 20140429
Comodo NetWorm.Win32.Koobface.FE 20140429
DrWeb Win32.HLLW.Facebook.595 20140429
Emsisoft Worm.Generic.231365 (B) 20140429
ESET-NOD32 Win32/Koobface.NCT 20140429
F-Prot W32/Koobface.GL 20140429
F-Secure Packed:W32/Vbcrypt.K 20140429
Fortinet W32/VBObfus.C!tr 20140428
GData Worm.Generic.231365 20140429
Ikarus Net-Worm.Win32.Koobface 20140429
Jiangmin Worm/Koobface.cjl 20140429
K7AntiVirus Backdoor ( 04c4da301 ) 20140429
K7GW Backdoor ( 04c4da301 ) 20140428
Kaspersky Net-Worm.Win32.Koobface.fth 20140429
Kingsoft Worm.Koobface.(kcloud) 20140429
McAfee Generic.dx!2D36DA6FD442 20140429
McAfee-GW-Edition Heuristic.BehavesLike.Win32.Suspicious-BAY.G 20140429
Microsoft Trojan:Win32/VB.WS 20140429
eScan Worm.Generic.231365 20140429
NANO-Antivirus Trojan.Win32.Koobface.ruzr 20140429
Norman Koobface.HTM 20140428
nProtect Worm/W32.Koobface.67072 20140428
Panda Trj/Genetic.gen 20140429
Qihoo-360 HEUR/Malware.QVM03.Gen 20140429
Rising PE:Trojan.Win32.Generic.11EE97A5!300849061 20140428
Sophos AV Mal/Koobface-B 20140429
SUPERAntiSpyware Trojan.Agent/Gen-KoobFace 20140429
Symantec Packed.Generic.296 20140429
TheHacker W32/Koobface.fth 20140426
TotalDefense Win32/Koobface.LD 20140428
TrendMicro WORM_KOOBFACE.WA 20140429
TrendMicro-HouseCall WORM_KOOBFACE.WA 20140429
VBA32 Trojan.VBRA.0110 20140428
VIPRE LooksLike.Win32.Beebone.gen.7 (v) 20140429
ViRobot Dropper.Agent.67072.G 20140429
AegisLab 20140429
ByteHero 20140429
Malwarebytes 20140429
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2010-03-03 19:41:27
Entry Point 0x000010AC
Number of sections 4
PE sections
PE imports
ProcCallEngine
__vbaExceptHandler
Ord(598)
DllFunctionCall
Ord(644)
Ord(631)
Ord(100)
Ord(713)
Ord(608)
CreateProcessW
RtlMoveMemory
GetProcAddress
LoadLibraryA
VirtualAllocEx
CallWindowProcA
Number of PE resources by type
RT_ICON 2
3 1
RT_GROUP_ICON 1
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
RUSSIAN 4
ENGLISH US 1
ARABIC NEUTRAL 1
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
9.0

ImageVersion
1.0

FileVersionNumber
0.1.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

CharacterSet
Unicode

InitializedDataSize
55296

MIMEType
application/octet-stream

TimeStamp
2010:03:03 20:41:27+01:00

FileType
Win32 EXE

PEType
PE32

FileAccessDate
2014:04:29 05:43:11+01:00

SubsystemVersion
5.0

OSVersion
5.0

FileCreateDate
2014:04:29 05:43:11+01:00

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
10240

FileSubtype
0

ProductVersionNumber
0.1.0.0

EntryPoint
0x10ac

ObjectFileType
Executable application

File identification
MD5 2d36da6fd4427086352fbcf327f5b628
SHA1 44a28652593e0f40b6207c8ad45874e9a2b24cdd
SHA256 3dd8c61346c76c14f5523c894087149301110e1db4a54cac1786673e644ec674
ssdeep
1536:ZMpfNPNwhA5Xj9PP3Y2GDsx/6QTUo55RvigURsx:y7PG+5z9n3YJ4QEUUARs

imphash 23b5c6c4437df1c7f76ec675dfe46ff1
File size 65.5 KB ( 67072 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (84.4%)
Win32 Dynamic Link Library (generic) (6.7%)
Win32 Executable (generic) (4.6%)
Generic Win/DOS Executable (2.0%)
DOS Executable Generic (2.0%)
Tags
peexe

VirusTotal metadata
First submission 2010-03-03 22:13:03 UTC ( 8 years, 10 months ago )
Last submission 2014-02-11 07:22:51 UTC ( 4 years, 11 months ago )
File names aa
bill103.exe
2D36DA6FD4427086352FBCF327F5B628
tz1VGZ.7z
_bqPeXi.dll
1267708011.setup.exe
2d36da6fd4427086352fbcf327f5b628
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Behaviour characterization
Zemana
dll-injection

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!