× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 4a7c028c9d1e5a0a1d953840373500a309c5c1fd5a97ad50c310037375f4cdc1
File name: vt-upload-kv6rj
Detection ratio: 25 / 55
Analysis date: 2014-09-28 01:26:53 UTC ( 4 years, 7 months ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Zusy.91888 20140928
Yandex Trojan.Farfli!+X9Sfn67ipg 20140927
AhnLab-V3 Backdoor/Win32.Farfli 20140927
Antiy-AVL Trojan[:HEUR]/Win32.AGeneric 20140927
Avast Win32:Farfli-BO [Trj] 20140928
AVG BackDoor.Generic_r.GSO.dropper 20140928
Avira (no cloud) TR/Graftor.1080321 20140927
AVware Backdoor.Win32.PcClient 20140927
BitDefender Gen:Variant.Zusy.91888 20140928
DrWeb Trojan.KeyLogger.24848 20140928
Emsisoft Gen:Variant.Zusy.91888 (B) 20140928
ESET-NOD32 a variant of Win32/Farfli.BBM 20140927
F-Secure Gen:Variant.Zusy.91888 20140928
GData Gen:Variant.Zusy.91888 20140928
Ikarus Backdoor.Win32.Inject 20140927
Kaspersky HEUR:Trojan.Win32.Generic 20140928
McAfee RDN/Generic BackDoor!zz 20140928
McAfee-GW-Edition BehavesLike.Win32.Jeefo.gm 20140927
Microsoft Backdoor:Win32/PcClient.ZR 20140928
eScan Gen:Variant.Zusy.91888 20140928
Norman Swisyn.CB 20140927
Panda Trj/Genetic.gen 20140928
TrendMicro TROJ_GEN.R0C2C0DIQ14 20140928
TrendMicro-HouseCall TROJ_GEN.R0C2C0DIQ14 20140928
VIPRE Backdoor.Win32.PcClient 20140928
AegisLab 20140928
Baidu-International 20140927
Bkav 20140925
ByteHero 20140928
CAT-QuickHeal 20140927
ClamAV 20140927
CMC 20140925
Comodo 20140927
Cyren 20140928
F-Prot 20140927
Fortinet 20140928
Jiangmin 20140927
K7AntiVirus 20140926
K7GW 20140926
Kingsoft 20140928
Malwarebytes 20140928
NANO-Antivirus 20140928
nProtect 20140926
Qihoo-360 20140928
Rising 20140927
Sophos AV 20140928
SUPERAntiSpyware 20140927
Symantec 20140928
Tencent 20140928
TheHacker 20140924
TotalDefense 20140927
VBA32 20140926
ViRobot 20140927
Zillya 20140927
Zoner 20140925
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-05-17 22:44:24
Entry Point 0x00003ADB
Number of sections 5
PE sections
Number of PE resources by type
WRITE 1
B 1
NATIVE 1
Number of PE resources by language
KOREAN 3
PE resources
File identification
MD5 b25b94edf769ead4a28b59fda1346b8e
SHA1 92a18daeeedcd8f1be5a2b2574fc3f26918d3519
SHA256 4a7c028c9d1e5a0a1d953840373500a309c5c1fd5a97ad50c310037375f4cdc1
ssdeep
6144:lYVadHFEhLSTQBTXbxcZN0qbp5XL1XzFJRIgztWmDCbU6uCaJhQCNBU8J3:FtFqmT2vxyeKp5XLVzjj/JhtJ3

authentihash 4f7f80d4bce237bb4e8e175314cd8886203e8292fb507ed29e5ad1c28e7d9b1d
imphash 851c541714e7cc69ffb6206e1a0f1ef0
File size 463.5 KB ( 474624 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386

TrID Win32 Executable MS Visual C++ (generic) (42.1%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2014-09-28 01:26:53 UTC ( 4 years, 7 months ago )
Last submission 2014-09-28 01:26:53 UTC ( 4 years, 7 months ago )
File names vt-upload-kv6rj
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Deleted files
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
DNS requests
TCP connections