× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 4c3c04c6f2265a8155b9e0df212bb1c2f698b7c0e88e5953fad5ba62ce5b600e
File name: 9399808bacd12ce0f02bc53e36df2fb1
Detection ratio: 8 / 54
Analysis date: 2014-08-22 20:59:11 UTC ( 4 years, 9 months ago ) View latest
Antivirus Result Update
AhnLab-V3 Trojan/Win32.Agent 20140822
Avast Win32:Dropper-gen [Drp] 20140822
Baidu-International Trojan.Win32.Injector.BBKMG 20140822
Kingsoft Win32.Heur.KVMH008.a.(kcloud) 20140822
Malwarebytes Trojan.Agent.ED 20140822
McAfee Generic-FAUZ!8926E16C8A7E 20140822
Qihoo-360 HEUR/Malware.QVM19.Gen 20140822
SUPERAntiSpyware Trojan.Agent/Gen-Zbot 20140822
Ad-Aware 20140822
AegisLab 20140822
Yandex 20140822
AntiVir 20140822
Antiy-AVL 20140822
AVG 20140822
AVware 20140822
BitDefender 20140822
Bkav 20140821
ByteHero 20140822
CAT-QuickHeal 20140822
ClamAV 20140822
CMC 20140822
Commtouch 20140822
Comodo 20140822
DrWeb 20140822
Emsisoft 20140822
F-Prot 20140822
F-Secure 20140822
Fortinet 20140822
GData 20140822
Ikarus 20140822
Jiangmin 20140822
K7AntiVirus 20140822
K7GW 20140822
Kaspersky 20140822
McAfee-GW-Edition 20140822
Microsoft 20140822
eScan 20140822
NANO-Antivirus 20140822
Norman 20140822
nProtect 20140822
Panda 20140822
Rising 20140822
Sophos AV 20140822
Symantec 20140822
Tencent 20140822
TheHacker 20140822
TotalDefense 20140822
TrendMicro 20140822
TrendMicro-HouseCall 20140822
VBA32 20140822
VIPRE 20140822
ViRobot 20140822
Zillya 20140822
Zoner 20140822
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file.
Packers identified
F-PROT NSIS
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2009-12-05 22:50:58
Entry Point 0x0000325E
Number of sections 5
PE sections
Number of PE resources by type
RT_DIALOG 3
RT_ICON 2
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 6
PE resources
PCAP parents
File identification
MD5 9399808bacd12ce0f02bc53e36df2fb1
SHA1 2a341520a5c6cf5115f548f98a0fad52f7b2592b
SHA256 4c3c04c6f2265a8155b9e0df212bb1c2f698b7c0e88e5953fad5ba62ce5b600e
ssdeep
1536:VSV8/DcCDCMMkG0DaXJo/rvz/TvvSj3XSmX/oH5czvRiv9mq0br5e/3n0WJ/qKUc:VS8BCfoDaXJo/rvz/TvvSj3XSmX/oczA

imphash 099c0646ea7282d232219f8807883be0
File size 75.8 KB ( 77581 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID NSIS - Nullsoft Scriptable Install System (94.8%)
Win32 Executable MS Visual C++ (generic) (3.4%)
Win32 Dynamic Link Library (generic) (0.7%)
Win32 Executable (generic) (0.5%)
Generic Win/DOS Executable (0.2%)
Tags
nsis peexe

VirusTotal metadata
First submission 2014-08-22 20:56:31 UTC ( 4 years, 9 months ago )
Last submission 2014-08-29 19:42:36 UTC ( 4 years, 8 months ago )
File names lodyoathsk.php
vti-rescan
e53f74da2a001c1408716194.exe
9399808bacd12ce0f02bc53e36df2fb1
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Moved files
Deleted files
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
UDP communications