× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 476980252fcf3a9357ea05dcb81108fd4e396976eb3689bba7f51e57ba3c6963
File name: test.txt
Detection ratio: 33 / 46
Analysis date: 2013-04-13 21:47:59 UTC ( 4 years, 10 months ago )
Antivirus Result Update
Yandex Trojan.PWS.Banbra.OMH 20130413
AhnLab-V3 Trojan/Win32.Banbra 20130413
AntiVir TR/Spy.Banker.Gen 20130413
Antiy-AVL Trojan/win32.agent.gen 20130413
Avast Win32:Downloader-MFH [Trj] 20130413
AVG PSW.Banker5.BIWB 20130413
BitDefender Trojan.Generic.4785335 20130413
CAT-QuickHeal TrojanBanker.Banbra.zss 20130413
Commtouch W32/SysVenFak.B.gen!Eldorado 20130413
Comodo TrojWare.Win32.Spy.Banker.Gen 20130413
DrWeb Trojan.PWS.Banker.52145 20130413
Emsisoft Trojan.Generic.4785335 (B) 20130413
eSafe Win32.TRSpy.Banker 20130407
ESET-NOD32 a variant of Win32/Spy.Banker.VHZ 20130413
F-Prot W32/SysVenFak.A.gen!Eldorado 20130413
F-Secure Trojan.Generic.4785335 20130413
GData Trojan.Generic.4785335 20130413
Ikarus Trojan-Banker.Win32.Banbra 20130413
K7AntiVirus Trojan 20130412
Kaspersky Trojan-Banker.Win32.Banbra.zss 20130413
Malwarebytes Malware.Packer.Gen 20130413
McAfee Artemis!CD22FCA2F910 20130413
McAfee-GW-Edition Artemis!CD22FCA2F910 20130413
Microsoft TrojanSpy:Win32/Bancos.ACH 20130413
eScan Trojan.Generic.4785335 20130413
NANO-Antivirus Trojan.Win32.Banload.cwaic 20130413
Norman Suspicious.C4!genr 20130413
nProtect Trojan.Generic.4785335 20130413
Panda Trj/CI.A 20130413
PCTools Spyware.Keylogger!rem 20130413
Sophos AV Mal/Banker-U 20130413
Symantec Spyware.Keylogger 20130413
VIPRE Trojan.Win32.Generic!BT 20130413
ByteHero 20130412
ClamAV 20130413
Fortinet 20130413
Jiangmin 20130413
Kingsoft 20130408
Rising 20130412
SUPERAntiSpyware 20130413
TheHacker 20130413
TotalDefense 20130412
TrendMicro 20130413
TrendMicro-HouseCall 20130413
VBA32 20130412
ViRobot 20130413
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Publisher Microsoft Corporation
Product Microsoft_ Windows_ Operating System
File version 1.0.0.0
Packers identified
Command PecBundle, PECompact
PEiD PECompact 2.xx --> BitSum Technologies
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1992-06-19 22:22:17
Entry Point 0x00130FC8
Number of sections 2
PE sections
PE imports
CoInternetCreateZoneManager
RegQueryValueExA
_TrackMouseEvent
GetOpenFileNameA
UnrealizeObject
VirtualFree
LoadLibraryA
VirtualAlloc
GetProcAddress
GradientFill
CreateStreamOnHGlobal
SysFreeString
ExtractIconA
GetKeyboardType
VerQueryValueA
InternetSetOptionA
Number of PE resources by type
RT_STRING 27
RT_ICON 12
RT_BITMAP 11
RT_RCDATA 11
RT_GROUP_CURSOR 8
RT_CURSOR 8
RT_DIALOG 2
RT_MANIFEST 1
DLLS 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 40
ENGLISH US 27
PORTUGUESE BRAZILIAN 16
PE resources
ExifTool file metadata
SubsystemVersion
4.0

InitializedDataSize
8320512

ImageVersion
0.0

ProductName
Microsoft Windows Operating System

FileVersionNumber
1.0.0.0

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Windows, Latin1

LinkerVersion
2.25

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
1.0.0.0

TimeStamp
1992:06:19 23:22:17+01:00

FileType
Win32 EXE

PEType
PE32

FileAccessDate
2013:04:13 22:50:33+01:00

ProductVersion
1.0.0.0 (XPClient.010817-1148)

OSVersion
4.0

FileCreateDate
2013:04:13 22:50:33+01:00

FileOS
Win32

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
1245184

FileSubtype
0

ProductVersionNumber
1.0.0.0

EntryPoint
0x130fc8

ObjectFileType
Executable application

File identification
MD5 cd22fca2f9109d69b7c7f4fba1e61781
SHA1 cb8c59c4128678a1007474c2dfb311fdfaed3833
SHA256 476980252fcf3a9357ea05dcb81108fd4e396976eb3689bba7f51e57ba3c6963
ssdeep
24576:8mWegi2xg146p/3+giNnmm9UWjJn1TgwJNg4+uo1NxG3u2O1jZeQkMJvgX:6ZiF46QxNndfjt1Tgk9Ijp1932

File size 1.5 MB ( 1625088 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 EXE PECompact compressed (v2.x) (49.3%)
Win32 EXE PECompact compressed (generic) (34.6%)
Win32 Dynamic Link Library (generic) (5.4%)
Win32 Executable (generic) (5.4%)
Win16/32 Executable Delphi generic (1.7%)
Tags
pecompact peexe

VirusTotal metadata
First submission 2010-08-23 09:46:10 UTC ( 7 years, 6 months ago )
Last submission 2013-04-13 21:47:59 UTC ( 4 years, 10 months ago )
File names 6D6KallWF.scr
aa
test.txt
QHNAb.dll
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!