× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 3e38328978fd309f2f974e1165eb183a8b907c1a3073663402a56638b542ca5c
File name: vortex1772_second.exe
Detection ratio: 28 / 47
Analysis date: 2013-11-21 11:52:55 UTC ( 5 years, 4 months ago ) View latest
Antivirus Result Update
AhnLab-V3 Packed/Win32.Suspicious 20131121
AntiVir TR/Crypt.XPACK.Gen2 20131121
Avast Win32:Malware-gen 20131121
AVG PSW.Generic10.AUCD 20131121
BitDefender Trojan.Generic.8478261 20131121
Commtouch W32/Trojan.LJXG-0944 20131121
Comodo UnclassifiedMalware 20131121
Emsisoft Trojan.Generic.8478261 (B) 20131121
ESET-NOD32 a variant of Win32/Spy.Zbot 20131121
F-Secure Trojan.Generic.8478261 20131121
Fortinet W32/Zbot!tr.spy 20131121
GData Trojan.Generic.8478261 20131121
Ikarus Trojan.Win32.Lebag 20131121
K7AntiVirus Riskware ( 0040eff71 ) 20131120
K7GW Riskware ( 0040eff71 ) 20131120
Kaspersky UDS:DangerousObject.Multi.Generic 20131121
Malwarebytes Hacktool.Citadel.Builder 20131121
McAfee RDN/Generic PWS.y!uy 20131121
McAfee-GW-Edition Heuristic.BehavesLike.Win32.ModifiedUPX.F 20131120
eScan Trojan.Generic.8478261 20131121
Norman Troj_Generic.QAQUA 20131120
Panda Trj/CI.A 20131120
Sophos AV Mal/Generic-S 20131121
Symantec WS.Reputation.1 20131121
TheHacker Trojan/Spy.zbot 20131120
TrendMicro Cryp_Xin1 20131121
TrendMicro-HouseCall Cryp_Xin1 20131121
VIPRE Trojan.Win32.Generic!BT 20131121
Yandex 20131120
Antiy-AVL 20131121
Baidu-International 20131121
Bkav 20131121
ByteHero 20131118
CAT-QuickHeal 20131121
ClamAV 20131121
DrWeb 20131121
F-Prot 20131121
Jiangmin 20131121
Kingsoft 20130829
Microsoft 20131121
NANO-Antivirus 20131121
nProtect 20131120
Rising 20131121
SUPERAntiSpyware 20131120
TotalDefense 20131121
VBA32 20131120
ViRobot 20131121
The file being studied is a Portable Executable file! More specifically, it is a DOS EXE file.
Packers identified
F-PROT UPX_LZMA
PEiD UPX 2.93 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-10-09 22:02:41
Entry Point 0x000B6500
Number of sections 3
PE sections
PE imports
GetLengthSid
InitCommonControlsEx
GetOpenFileNameW
BitBlt
VirtualFree
ExitProcess
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
VariantClear
ShellExecuteW
StrCmpNIA
EndPaint
GdipFree
CoInitialize
Number of PE resources by type
RT_ICON 3
RT_DIALOG 2
RT_MANIFEST 1
JPG 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 8
PE resources
Compressed bundles
File identification
MD5 8b73caa8edf37f85bc3ee7366fbc476f
SHA1 e5a5e04e6fe12a47be4f390555fa12e6d925f054
SHA256 3e38328978fd309f2f974e1165eb183a8b907c1a3073663402a56638b542ca5c
ssdeep
12288:5shTEuWfnnkuXV5XMClS4KjwzPB9EVKoL8sWOogg5TKUUgCIoS:5ZfkuXjSRjwz59EV3Ld2+UUg

authentihash abe080336d35985c7b3dfc2233237933ab51f596d4cf257760318b5ebf90e5f5
imphash 6171636b0c7bc1a9a8263eb76e0e3d19
File size 669.0 KB ( 685056 bytes )
File type DOS EXE
Magic literal
MS-DOS executable

TrID Win32 Executable (generic) (42.5%)
DOS Executable Borland Pascal 7.0x (19.2%)
Generic Win/DOS Executable (18.8%)
DOS Executable Generic (18.8%)
VXD Driver (0.2%)
Tags
upx mz

VirusTotal metadata
First submission 2013-09-29 20:28:35 UTC ( 5 years, 6 months ago )
Last submission 2017-06-24 18:30:34 UTC ( 1 year, 9 months ago )
File names 1.3.5.1 - vortex1772_second.exe
vortex1772_second.exe
1.3.5.1 - vortex1772_second.exe.ubqu
1.3.5.1 - vortex1772_second.exe
citadel.exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!