× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 3f32a9c80dc0c015a097df2c295eb4ced791f1de001bf1dd13e9f4ee88dd7af2
Detection ratio: 3 / 34
Analysis date: 2008-08-10 17:15:32 UTC ( 5 years, 11 months ago ) View latest
Antivirus Result Update
F-Secure Trojan-PSW.Win32.LdPinch.spe -
Kaspersky Trojan-PSW.Win32.LdPinch.spe -
Prevx1 Heuristic: Suspicious File With Covert Attributes -
AVG -
AhnLab-V3 -
AntiVir -
Authentium -
Avast -
BitDefender -
CAT-QuickHeal -
ClamAV -
DrWeb -
Ewido -
F-Prot -
FileAdvisor -
Fortinet -
Ikarus -
McAfee -
Microsoft -
NOD32v2 -
Norman -
Panda -
PandaBeta -
Rising -
SAVMail -
Sophos -
Sunbelt -
Symantec -
TheHacker -
VBA32 -
VirusBuster -
Webwasher-Gateway -
eSafe -
eTrust-Vet -
The file being studied is a Portable Executable file! More specifically, it is a unknown file.
Packers identified
PEiD Armadillo v1.xx - v2.xx
PE header basic information
Number of sections 9
PE sections
PE imports
DeleteDC
CreateCompatibleDC
SelectObject
BitBlt
DeleteObject
CreatePalette
CreateDCA
SelectPalette
RealizePalette
CreateDIBitmap
GlobalUnlock
GlobalLock
GlobalAlloc
GetTickCount
WideCharToMultiByte
IsBadReadPtr
GlobalAddAtomA
GlobalAddAtomW
GetModuleHandleA
GlobalFree
GlobalGetAtomNameA
GlobalDeleteAtom
GlobalGetAtomNameW
SetEnvironmentVariableA
GetEnvironmentVariableA
FreeConsole
VirtualProtect
VirtualAlloc
GetProcAddress
GetLastError
LoadLibraryA
SetLastError
SetThreadPriority
GetCurrentThread
CreateProcessA
GetCommandLineA
GetStartupInfoA
ReleaseMutex
WaitForSingleObject
CreateThread
OpenMutexA
GetCurrentThreadId
CloseHandle
ReadFile
GetFileSize
CreateFileA
FindClose
FindFirstFileA
FindFirstFileW
VirtualQueryEx
GetExitCodeProcess
ReadProcessMemory
ContinueDebugEvent
SetThreadContext
GetThreadContext
WaitForDebugEvent
SuspendThread
DebugActiveProcess
ResumeThread
CreateProcessW
GetCommandLineW
GetStartupInfoW
MapViewOfFile
DuplicateHandle
GetCurrentProcess
CreateFileMappingA
VirtualProtectEx
WriteProcessMemory
ExitProcess
Sleep
EnterCriticalSection
LeaveCriticalSection
GetVersionExA
InitializeCriticalSection
GetCurrentProcessId
GetModuleFileNameW
GetShortPathNameW
GetModuleFileNameA
CreateMutexA
GetShortPathNameA
time
strcat
__set_new_handler@@YAP6AHI@ZP6AHI@Z@Z
exit
_except_handler3
atoi
sprintf
wcsncpy
wcslen
strncpy
strlen
wcsrchr
wcscpy
wcschr
strrchr
strcpy
strchr
memset
memcmp
memmove
memcpy
__2@YAPAXI@Z
__3@YAXPAX@Z
_wcsicmp
calloc
free
_initterm
malloc
_adjust_fdiv
_stricmp
vsprintf
PR_AtomicIncrement
SHGetSpecialFolderPathA
PathFileExistsA
GetDesktopWindow
MoveWindow
SetPropA
EnumThreadWindows
GetPropA
GetMessageA
BeginPaint
EndPaint
KillTimer
GetAsyncKeyState
GetSystemMetrics
SetTimer
SetWindowTextA
GetDlgItem
CreateDialogIndirectParamA
ShowWindow
UpdateWindow
LoadStringA
LoadStringW
FindWindowA
WaitForInputIdle
DestroyWindow
MessageBoxA
InSendMessage
UnpackDDElParam
FreeDDElParam
DefWindowProcA
LoadCursorA
RegisterClassW
CreateWindowExW
RegisterClassA
CreateWindowExA
GetWindowThreadProcessId
SendMessageW
PeekMessageA
TranslateMessage
DispatchMessageA
EnumWindows
IsWindowUnicode
PackDDElParam
PostMessageW
PostMessageA
IsWindow
SendMessageA
NS_GetServiceManager
File identification
MD5 d4f57ce7d0429d46d761c1eea4181ad0
SHA1 bb2cd30f47d219c52f12201edc5a638c589e7c30
SHA256 3f32a9c80dc0c015a097df2c295eb4ced791f1de001bf1dd13e9f4ee88dd7af2
ssdeep
6144:+wC9LeRm0pR2wYCjTKXt0rYR3EF2BqYhA6H1EiHxz82bYjkf:+HtimKR2wYCjTKQ2Bq6C5eYwf

File size 620.0 KB ( 634880 bytes )
File type unknown
Magic literal

TrID 48.4% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13)
20.3% (.SCR) Windows Screen Saver (13105/51/3)
13.2% (.EXE) Win32 Executable Generic (8527/13/3)
11.7% (.DLL) Win32 Dynamic Link Library (generic) (7583/30/2)
3.1% (.EXE) Generic Win/DOS Executable (2002/3)
VirusTotal metadata
First submission 2008-04-16 00:46:50 UTC ( 6 years, 2 months ago )
Last submission 2010-09-03 00:24:10 UTC ( 3 years, 10 months ago )
File names
Behaviour characterization
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!