× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 4ca375c6db3d32dde7b981b0981079d8e13bd121a81c835d58d02a046d98277f
File name: 4CA375C6DB3D32DDE7B981B0981079D8E13BD121A81C835D58D02A046D98277F
Detection ratio: 38 / 56
Analysis date: 2015-03-04 00:46:31 UTC ( 2 years ago )
Antivirus Result Update
Ad-Aware Gen:Trojan.Heur.DP.bGW@aWj9cDn 20150303
AhnLab-V3 Trojan/Win32.Xema 20150303
Antiy-AVL Trojan[:HEUR]/Win32.Unknown 20150303
Avast Win32:Dipverdle-A [Trj] 20150304
AVG Delf.AMNP 20150303
Avira (no cloud) TR/ATRAPS.Gen 20150303
AVware Trojan.Win32.Generic!SB.0 20150304
Baidu-International Trojan.Win32.Delf.BONC 20150303
BitDefender Gen:Trojan.Heur.DP.bGW@aWj9cDn 20150303
CAT-QuickHeal Trojan.ZAgent.r8 20150303
Comodo TrojWare.Win32.Trojan.Agent.Gen 20150303
DrWeb Trojan.DnsChange.5011 20150304
Emsisoft Gen:Trojan.Heur.DP.bGW@aWj9cDn (B) 20150304
ESET-NOD32 Win32/Delf.ONC 20150303
F-Secure Gen:Trojan.Heur.DP.bGW@aWj9cDn 20150304
Fortinet W32/Delf.ONC 20150303
GData Gen:Trojan.Heur.DP.bGW@aWj9cDn 20150303
Ikarus Trojan-Dropper.Delf 20150303
K7AntiVirus Riskware ( 0040eff71 ) 20150303
K7GW Riskware ( 0040eff71 ) 20150304
Kaspersky HEUR:Trojan.Win32.Generic 20150303
Kingsoft Win32.Troj.Generic.a.(kcloud) 20150304
McAfee Artemis!CEF012FB4FA7 20150303
McAfee-GW-Edition BehavesLike.Win32.Trojan.mh 20150304
Microsoft Trojan:Win32/Dipverdle.A 20150303
eScan Gen:Trojan.Heur.DP.bGW@aWj9cDn 20150303
NANO-Antivirus Trojan.Win32.ATRAPS.cesdub 20150303
Norman Dipverdle.A 20150303
Panda Generic Malware 20150303
Qihoo-360 HEUR/Malware.QVM05.Gen 20150304
Rising PE:Trojan.Win32.Generic.15B7DCB7!364371127 20150303
Sophos Mal/Generic-S 20150303
Symantec Trojan.Gen 20150304
Tencent Win32.Trojan.Generic.Teiy 20150304
TrendMicro TROJ_DIPVER.AL 20150304
TrendMicro-HouseCall TROJ_DIPVER.AL 20150304
VIPRE Trojan.Win32.Generic!SB.0 20150304
Zillya Trojan.Delf.Win32.62665 20150303
AegisLab 20150304
Yandex 20150228
Alibaba 20150304
ALYac 20150303
Bkav 20150303
ByteHero 20150304
ClamAV 20150304
CMC 20150301
Cyren 20150304
F-Prot 20150304
Malwarebytes 20150303
nProtect 20150303
SUPERAntiSpyware 20150303
TheHacker 20150303
TotalDefense 20150303
VBA32 20150303
ViRobot 20150303
Zoner 20150303
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1992-06-19 22:22:17
Entry Point 0x000061FC
Number of sections 8
PE sections
PE imports
RegCreateKeyExW
RegCloseKey
RegSetValueExW
RegQueryValueExA
RegOpenKeyExW
RegSetValueExA
RegEnumValueA
RegCreateKeyExA
RegOpenKeyExA
RegEnumKeyExA
RegQueryValueExW
GetSystemTime
HeapFree
CopyFileW
FreeLibrary
HeapAlloc
GetModuleFileNameA
RtlUnwind
LoadLibraryA
WinExec
LocalAlloc
OpenProcess
GetCommandLineW
CreateThread
MultiByteToWideChar
GetCommandLineA
GetProcAddress
GetProcessHeap
OpenMutexA
CreateMutexA
RaiseException
WideCharToMultiByte
GetModuleHandleA
WriteFile
CloseHandle
DeleteFileW
HeapReAlloc
TerminateProcess
CreateFileW
TlsGetValue
Sleep
GetTickCount
TlsSetValue
ExitProcess
GetCurrentThreadId
GetEnvironmentVariableW
SysReAllocStringLen
SysFreeString
SysAllocStringLen
CharNextA
recvfrom
socket
bind
WSACleanup
WSAStartup
sendto
htons
closesocket
select
Number of PE resources by type
RT_RCDATA 3
Number of PE resources by language
NEUTRAL 3
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
1992:06:19 23:22:17+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
21504

LinkerVersion
2.25

EntryPoint
0x61fc

InitializedDataSize
4608

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 cef012fb4fa7cd55f04558ecee04cd4e
SHA1 c5c93bfceb6fc7816d33bbb48d303c21c0980982
SHA256 4ca375c6db3d32dde7b981b0981079d8e13bd121a81c835d58d02a046d98277f
ssdeep
384:kPjAzKfVVAr65cBOltPM13tWHOTSsQgxpcVWtciC0tHNY402rzgw11h0raoaX+ww:kgrEtPA1ETWtciC0ttPrzbB0uoaX+fC

authentihash 0a9e1125535be1a46405e2771e9ab6e5837dac8647b3a0a07b26773f76039b34
imphash 2e7afba01e68c1cfc49d6548bf2011ee
File size 26.5 KB ( 27136 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Borland Delphi 6 (93.8%)
Win32 Dynamic Link Library (generic) (2.3%)
Win32 Executable (generic) (1.6%)
Win16/32 Executable Delphi generic (0.7%)
Generic Win/DOS Executable (0.7%)
Tags
peexe

VirusTotal metadata
First submission 2013-09-04 05:27:40 UTC ( 3 years, 6 months ago )
Last submission 2015-03-04 00:46:31 UTC ( 2 years ago )
File names output.14837087.txt
4CA375C6DB3D32DDE7B981B0981079D8E13BD121A81C835D58D02A046D98277F
file-5934021_exe
vti-rescan
tnds.exe
4ca375c6db3d32dde7b981b0981079d8e13bd121a81c835d58d02a046d98277f
cef012fb4fa7cd55f04558ecee04cd4e
14837087
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!