× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 40f416ac68735c6a7df17fa2fbe7a80a55d2b87e84b33708e55e1be390c16fab
File name: 6492a71d9561175830b009151f0c56be
Detection ratio: 39 / 42
Analysis date: 2011-05-23 14:42:35 UTC ( 2 years, 11 months ago )
Antivirus Result Update
AVG BackDoor.Generic13.DCG 20110523
AhnLab-V3 Win-Trojan/Ripinip.249856.ET 20110523
AntiVir TR/Spy.Gen 20110523
Antiy-AVL AdWare/Win32.BHO.gen 20110523
Avast Win32:BHO-ADU 20110523
Avast5 Win32:BHO-ADU 20110523
BitDefender Gen:Variant.Ripinip.1 20110523
CAT-QuickHeal Backdoor.Ripinip.C4 20110522
ClamAV Trojan.Ripnip-2 20110523
Commtouch W32/Autorun.XG 20110522
Comodo TrojWare.Win32.TrojanDropper.BHO.GHT 20110523
DrWeb Trojan.MulDrop1.48008 20110523
F-Prot W32/Autorun.XG 20110522
Fortinet W32/Ripinip.K!tr.bdr 20110522
GData Gen:Variant.Ripinip.1 20110523
Ikarus Backdoor.Win32.Ripinip 20110523
Jiangmin Trojan/Generic.beqn 20110523
K7AntiVirus Riskware 20110520
Kaspersky Backdoor.Win32.Ripinip.lpx 20110523
McAfee BackDoor-EVC 20110523
McAfee-GW-Edition Heuristic.BehavesLike.Win32.Downloader.J 20110522
Microsoft Backdoor:Win32/Ripinip.N 20110523
NOD32 a variant of Win32/Ripinip.AD 20110523
Norman W32/Suspicious_Gen2.FYBSR 20110522
PCTools Backdoor.Ripinip 20110519
Panda Bck/Ripinip.E 20110522
Prevx High Risk System Back Door 20110523
Rising Backdoor.Win32.Autorun.p 20110523
SUPERAntiSpyware Trojan.Agent/Gen-FakeAlert 20110523
Sophos Troj/Kirjat-A 20110523
Symantec Backdoor.Ripinip 20110523
TheHacker Trojan/Dropper.Agent.oxz 20110523
TrendMicro BKDR_RIPINIP.SMA 20110523
TrendMicro-HouseCall BKDR_RIPINIP.SMA 20110523
VBA32 Backdoor.Ripinip.bbt 20110523
VIPRE Trojan.Win32.Generic.pak!cobra 20110523
VirusBuster Trojan.Ripnip.Gen.1 20110522
eTrust-Vet Win32/SillyAutorun.EEG 20110523
nProtect Backdoor/W32.Ripinip.249856.Q 20110523
F-Secure 20110523
ViRobot 20110523
eSafe 20110522
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file.
Packers identified
PEiD Armadillo v1.71
PE header basic information
Number of sections 4
PE sections
PE imports
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegOpenKeyExA
RegSetValueExA
RegQueryValueExA
RegCloseKey
OpenSCManagerA
OpenServiceA
CloseServiceHandle
QueryServiceStatus
RegCreateKeyA
SetFileTime
OpenProcess
VirtualAllocEx
WriteProcessMemory
ReadProcessMemory
VirtualFreeEx
WriteFile
GetVersionExA
GetLastError
GetCurrentProcess
GetModuleHandleA
GetStartupInfoA
SetFilePointer
CreateFileA
GetTickCount
Sleep
DeleteFileA
GetSystemDirectoryA
CreateProcessA
GetWindowsDirectoryA
GetTempPathA
ReadFile
GetFileSize
CloseHandle
GetCommandLineA
GetModuleFileNameA
65 more function(s) imported by ordinal)
_controlfp
_except_handler3
__set_app_type
__p__fmode
atol
_setmbcp
__CxxFrameHandler
free
malloc
__dllonexit
_onexit
_exit
_XcptFilter
exit
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
_acmdln
PostMessageA
ScreenToClient
ExitWindowsEx
GetSystemMetrics
mouse_event
GetWindowRect
WindowFromPoint
GetWindowTextA
GetParent
SetCursorPos
InflateRect
PeekMessageA
PtInRect
GetWindowThreadProcessId
SendMessageA
ClientToScreen
FindWindowA
FindWindowExA
GetCursorPos
File identification
MD5 6492a71d9561175830b009151f0c56be
SHA1 f01f3dd4a4bf27f713a76fb555006599901c560e
SHA256 40f416ac68735c6a7df17fa2fbe7a80a55d2b87e84b33708e55e1be390c16fab
ssdeep
6144:5LTZDo9qIpY/Im7AMDvxBj3N4JVoUiJVMG+a9vRrrY83C0Zf:ncoxt9wq1+CnS0

File size 244.0 KB ( 249856 bytes )
File type Win32 EXE
Magic literal

TrID Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
VirusTotal metadata
First submission 2011-05-23 14:42:35 UTC ( 2 years, 11 months ago )
Last submission 2011-05-23 14:42:35 UTC ( 2 years, 11 months ago )
File names 6492a71d9561175830b009151f0c56be
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!