× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 469a1c206ceb4717473dca04a2a639e879ef150c618d6a77b136c4769f8a3fe9
File name: 99A637393D9C53A9084D672294264B1B
Detection ratio: 38 / 43
Analysis date: 2011-08-13 11:11:26 UTC ( 7 years, 8 months ago )
Antivirus Result Update
AhnLab-V3 Trojan/Win32.Vilsel 20110812
AntiVir TR/Agent.hoy 20110812
Avast VBS:Malware-gen 20110812
Avast5 VBS:Malware-gen 20110812
AVG PSW.OnlineGames3.AKDV 20110813
BitDefender Trojan.Generic.4165283 20110813
CAT-QuickHeal TrojanPWS.OnLineGames.hj 20110813
ClamAV Trojan.Spy-69757 20110813
Commtouch W32/Trojan2.MMVO 20110813
Comodo TrojWare.Win32.Trojan.Generic.31160300 20110813
DrWeb Trojan.MulDrop1.16808 20110813
Emsisoft Worm.Win32.Koobface!IK 20110813
eSafe Win32.Generic3.llv 20110810
eTrust-Vet Win32/MaranPWS!SFX 20110812
F-Prot W32/Trojan2.MMVO 20110813
F-Secure Trojan-PSW:W32/OnlineGames.gen!T 20110813
GData Trojan.Generic.4165283 20110813
Ikarus Worm.Win32.Koobface 20110813
Jiangmin Trojan/PSW.OnLineGames.bkcv 20110812
K7AntiVirus Trojan 20110812
Kaspersky Trojan.Win32.Vilsel.sdb 20110813
McAfee Artemis!99A637393D9C 20110813
McAfee-GW-Edition Artemis!99A637393D9C 20110813
Microsoft PWS:Win32/OnLineGames.HJ 20110813
NOD32 probably a variant of Win32/Agent.CBNJGVU 20110813
Norman W32/Suspicious_Gen2.OVID 20110812
Panda W32/Spamta.QO.worm 20110813
PCTools Trojan.Dropper 20110809
Rising Trojan.Win32.Generic.11E4A8EB 20110812
Sophos AV Mal/Generic-L 20110813
SUPERAntiSpyware Trojan.Agent/Gen-OnlineGames[Wilao] 20110813
Symantec Infostealer.Gampass 20110813
TrendMicro TSPY_ONLING.SMXO 20110813
TrendMicro-HouseCall TSPY_ONLING.SMXO 20110813
VBA32 Trojan-Downloader.Win32.Shecka 20110813
VIPRE Trojan.Win32.Generic!BT 20110812
ViRobot Trojan.Win32.PSWIGames.288974 20110813
VirusBuster Trojan.Agent!L1wJ5SUHlno 20110812
Antiy-AVL 20110813
Fortinet 20110813
nProtect 20110813
Prevx 20110813
TheHacker 20110813
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file.
PE header basic information
Number of sections 4
PE sections
PE imports
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegCloseKey
RegCreateKeyExA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
SetFileSecurityA
SetFileSecurityW
1 more function(s) imported by ordinal)
CommDlgExtendedError
GetOpenFileNameA
GetSaveFileNameA
DeleteObject
CloseHandle
CompareStringA
CreateDirectoryA
CreateDirectoryW
CreateFileA
CreateFileW
DeleteFileA
DeleteFileW
DosDateTimeToFileTime
ExitProcess
ExpandEnvironmentStringsA
FileTimeToLocalFileTime
FileTimeToSystemTime
FindClose
FindFirstFileA
FindFirstFileW
FindNextFileA
FindNextFileW
FindResourceA
FreeLibrary
GetCPInfo
GetCommandLineA
GetCurrentDirectoryA
GetCurrentProcess
GetDateFormatA
GetFileAttributesA
GetFileAttributesW
GetFileType
GetFullPathNameA
GetLastError
GetLocaleInfoA
GetModuleFileNameA
GetModuleHandleA
GetNumberFormatA
GetProcAddress
GetProcessHeap
GetStdHandle
GetTempPathA
GetTickCount
GetTimeFormatA
GetVersionExA
GlobalAlloc
HeapAlloc
HeapFree
HeapReAlloc
IsDBCSLeadByte
LoadLibraryA
LocalFileTimeToFileTime
MoveFileA
MoveFileExA
MultiByteToWideChar
ReadFile
SetCurrentDirectoryA
SetEndOfFile
SetEnvironmentVariableA
SetFileAttributesA
SetFileAttributesW
SetFilePointer
SetFileTime
SetLastError
Sleep
SystemTimeToFileTime
WaitForSingleObject
WideCharToMultiByte
WriteFile
lstrcmpiA
lstrlenA
CLSIDFromString
CoCreateInstance
CreateStreamOnHGlobal
OleInitialize
OleUninitialize
SHBrowseForFolderA
SHChangeNotify
SHFileOperationA
SHGetFileInfoA
SHGetMalloc
SHGetSpecialFolderLocation
ShellExecuteExA
SHGetPathFromIDListA
CharToOemA
CharToOemBuffA
CharUpperA
CopyRect
CreateWindowExA
DefWindowProcA
DestroyIcon
DestroyWindow
DialogBoxParamA
DispatchMessageA
EnableWindow
EndDialog
FindWindowExA
GetClassNameA
GetClientRect
GetDlgItem
GetDlgItemTextA
GetMessageA
GetParent
GetSysColor
GetSystemMetrics
GetWindow
GetWindowLongA
GetWindowRect
GetWindowTextA
IsWindow
IsWindowVisible
LoadBitmapA
LoadCursorA
LoadIconA
LoadStringA
MapWindowPoints
MessageBoxA
OemToCharA
OemToCharBuffA
PeekMessageA
PostMessageA
RegisterClassExA
SendDlgItemMessageA
SendMessageA
SetDlgItemTextA
SetFocus
SetMenu
SetWindowLongA
SetWindowPos
SetWindowTextA
ShowWindow
TranslateMessage
UpdateWindow
WaitForInputIdle
wsprintfA
wvsprintfA
File identification
MD5 99a637393d9c53a9084d672294264b1b
SHA1 f68fbef3f9a9f65a16e785e34f7738b432479aed
SHA256 469a1c206ceb4717473dca04a2a639e879ef150c618d6a77b136c4769f8a3fe9
ssdeep
6144:UZuuObR8sVImcyYjUoJEFv3xGp5vExtMhdMy2NY3x3/ZE0Cgumzi:zV+mzJ3xGzvAGoNoeVh

File size 284.2 KB ( 291064 bytes )
File type Win32 EXE
Magic literal

TrID WinRAR Self Extracting archive (96.2%)
Win32 Executable Generic (1.5%)
Win32 Dynamic Link Library (generic) (1.4%)
Generic Win/DOS Executable (0.3%)
DOS Executable Generic (0.3%)
Tags
upx

VirusTotal metadata
First submission 2010-01-23 03:14:29 UTC ( 9 years, 3 months ago )
Last submission 2011-08-13 11:11:26 UTC ( 7 years, 8 months ago )
File names VTklqb_Cp.fon
99A637393D9C53A9084D672294264B1B
aa
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!