× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 4b313891425f8e726363c6b76fde323d79db00c2bbe9fd0d799a0062bcb262f5
File name: DW20.exe
Detection ratio: 19 / 47
Analysis date: 2013-09-02 17:52:52 UTC ( 3 years, 7 months ago ) View latest
Antivirus Result Update
AhnLab-V3 Trojan/Win32.Pincav 20130902
Avast Win32:Malware-gen 20130902
AVG Generic34.ASWH 20130902
BitDefender Gen:Variant.Zusy.37182 20130902
DrWeb Trojan.Siggen5.32001 20130902
Emsisoft Gen:Variant.Zusy.37182 (B) 20130902
ESET-NOD32 a variant of Win32/Injector.ALHM 20130902
F-Secure Gen:Variant.Zusy.37182 20130902
Fortinet W32/Wmonder.A!tr 20130902
GData Gen:Variant.Zusy.37182 20130902
Kaspersky Trojan.Win32.Pincav.cnrt 20130902
eScan Gen:Variant.Zusy.37182 20130902
nProtect Trojan/W32.Pincav.118784.CZ 20130902
Panda Suspicious file 20130902
PCTools Backdoor.Vidgrab 20130902
Sophos Troj/Wmonder-A 20130902
Symantec Backdoor.Vidgrab!gen1 20130902
TrendMicro BKDR_EVILOGE.SM 20130902
TrendMicro-HouseCall BKDR_EVILOGE.SM 20130902
Yandex 20130902
AntiVir 20130902
Antiy-AVL 20130902
Baidu 20130816
ByteHero 20130902
CAT-QuickHeal 20130902
ClamAV 20130902
Commtouch 20130902
Comodo 20130902
F-Prot 20130902
Ikarus 20130902
Jiangmin 20130902
K7AntiVirus 20130902
K7GW 20130902
Kingsoft 20130829
Malwarebytes 20130902
McAfee 20130902
McAfee-GW-Edition 20130901
Microsoft 20130902
NANO-Antivirus 20130902
Norman 20130902
Rising 20130902
SUPERAntiSpyware 20130902
TheHacker 20130901
TotalDefense 20130830
VBA32 20130902
VIPRE 20130902
ViRobot 20130902
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
PEiD Armadillo v1.71
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-07-29 03:13:50
Entry Point 0x00002252
Number of sections 4
PE sections
PE imports
GetStartupInfoA
ResumeThread
GetVersion
GetModuleHandleA
ExpandEnvironmentStringsA
GetTickCount
CloseHandle
VirtualFreeEx
CreateFileA
Sleep
GetModuleFileNameA
GetCurrentThreadId
GetLocalTime
SetSystemTime
__p__fmode
_acmdln
memset
fclose
strcat
fopen
_except_handler3
??2@YAPAXI@Z
fwrite
__p__commode
memcpy
exit
_XcptFilter
memcmp
__setusermatherr
_controlfp
__CxxFrameHandler
_adjust_fdiv
??3@YAXPAX@Z
__getmainargs
_initterm
_exit
__set_app_type
SHSetValueA
SHDeleteValueA
GetMessageA
GetInputState
PostThreadMessageA
Number of PE resources by type
RT_ICON 1
RT_GROUP_ICON 1
Number of PE resources by language
CHINESE SIMPLIFIED 2
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2013:07:29 04:13:50+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
8192

LinkerVersion
6.0

FileAccessDate
2014:05:26 09:56:34+01:00

EntryPoint
0x2252

InitializedDataSize
106496

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

FileCreateDate
2014:05:26 09:56:34+01:00

UninitializedDataSize
0

File identification
MD5 6fd868e68037040c94215566852230ab
SHA1 dafba0673c9818723c0c488e6cc9997543e89751
SHA256 4b313891425f8e726363c6b76fde323d79db00c2bbe9fd0d799a0062bcb262f5
ssdeep
3072:cvvS6L24adL4KeLusaqEesCmtgOE2FbpvX:cxL1ULmasMesztgv2Fb

imphash dbd28b057373a447468300e91f93a5d7
File size 116.0 KB ( 118784 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe armadillo

VirusTotal metadata
First submission 2013-09-02 17:52:52 UTC ( 3 years, 7 months ago )
Last submission 2014-05-26 08:57:50 UTC ( 2 years, 11 months ago )
File names PZ (93).exe_
4b313891425f8e726363c6b76fde323d79db00c2bbe9fd0d799a0062bcb262f5.exe
DW20.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!