× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 4d89364a1ee4c3d14102631d9807764dc538df4e85c91912252baca0c45ea484
File name: 005040298
Detection ratio: 52 / 57
Analysis date: 2016-05-25 03:33:18 UTC ( 10 months, 1 week ago )
Antivirus Result Update
Ad-Aware Trojan.Agent.AXMO 20160525
AegisLab Backdoor.W32.Poison.fird!c 20160525
AhnLab-V3 Win-Trojan/Agent.61435 20160524
ALYac Trojan.Agent.AXMO 20160525
Antiy-AVL Trojan[Backdoor]/Win32.Poison 20160524
Arcabit Trojan.Agent.AXMO 20160524
Avast Win32:Malware-gen 20160525
AVG Agent4.RG 20160524
Avira (no cloud) TR/Agent.AXMO 20160524
AVware Trojan.Win32.Generic!BT 20160524
Baidu-International Backdoor.Win32.Poison.fird 20160524
BitDefender Trojan.Agent.AXMO 20160525
Bkav W32.FanistolC.Trojan 20160524
CAT-QuickHeal Backdoor.Poison.rw5 20160524
ClamAV Win.Trojan.Agent-30507 20160525
Comodo UnclassifiedMalware 20160525
Cyren W32/Backdoor.DRQZ-0444 20160525
DrWeb BackDoor.Gyplit.3 20160525
Emsisoft Trojan.Agent.AXMO (B) 20160525
ESET-NOD32 Win32/Agent.PJK 20160525
F-Prot W32/Backdoor2.HNFG 20160525
F-Secure Trojan.Agent.AXMO 20160525
Fortinet W32/Agent.BA2F!tr 20160525
GData Trojan.Agent.AXMO 20160525
Ikarus Trojan-Dropper.Agent 20160524
Jiangmin Backdoor/Poison.aamv 20160525
K7AntiVirus Trojan ( 004e6a551 ) 20160524
K7GW Trojan ( 004e6a551 ) 20160525
Kaspersky Backdoor.Win32.Poison.fird 20160525
Kingsoft Win32.Malware.Generic.a.(kcloud) 20160525
McAfee Generic BackDoor.u 20160525
McAfee-GW-Edition Generic BackDoor.u 20160524
Microsoft Backdoor:Win32/Poison.BU 20160525
eScan Trojan.Agent.AXMO 20160525
NANO-Antivirus Trojan.Win32.Poison.dumeej 20160525
nProtect Trojan.Agent.AXMO 20160524
Panda Trj/WL.A 20160524
Qihoo-360 HEUR/Malware.QVM10.Gen 20160525
Rising Trjoan.Generic-L2cdZiAVcmH (Cloud) 20160525
Sophos Troj/Agent-ZCT 20160525
Symantec Trojan Horse 20160525
Tencent Win32.Backdoor.Poison.cvyp 20160525
TheHacker Trojan/Agent.pjk 20160523
TotalDefense Win32/Poison.ACB 20160525
TrendMicro BKDR_AGENT.BDXZ 20160525
TrendMicro-HouseCall BKDR_AGENT.BDXZ 20160525
VBA32 BackDoor.Poison 20160524
VIPRE Trojan.Win32.Generic!BT 20160525
ViRobot Trojan.Win32.Agent.61435.A[h] 20160525
Yandex Backdoor.Poison!4T3rLIhM6Xo 20160524
Zillya Trojan.Agent.Win32.344134 20160524
Zoner Trojan.Agent.PJK 20160525
Alibaba 20160525
Baidu 20160523
CMC 20160523
Malwarebytes 20160525
SUPERAntiSpyware 20160525
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-07-25 00:04:44
Entry Point 0x00001914
Number of sections 5
PE sections
Overlays
MD5 f7d3e7f549078f65c40be4a38fa01af5
File type data
Offset 35328
Size 26107
Entropy 6.42
PE imports
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
SetHandleCount
lstrlenA
GetModuleFileNameW
GetOEMCP
QueryPerformanceCounter
IsDebuggerPresent
ExitProcess
TlsAlloc
GetEnvironmentStringsW
GetModuleFileNameA
RtlUnwind
HeapSetInformation
GetCurrentProcess
GetStringTypeW
GetFileSize
GetCPInfo
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
GetStartupInfoW
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
HeapSize
CreateMutexA
WideCharToMultiByte
LoadLibraryW
TlsFree
SetFilePointer
GetSystemTimeAsFileTime
DeleteCriticalSection
ReadFile
SetUnhandledExceptionFilter
WriteFile
CloseHandle
IsProcessorFeaturePresent
GetACP
HeapReAlloc
DecodePointer
GetModuleHandleW
HeapAlloc
TerminateProcess
IsValidCodePage
HeapCreate
VirtualFree
TlsGetValue
Sleep
GetFileType
GetTickCount
TlsSetValue
CreateFileA
EncodePointer
GetCurrentThreadId
LeaveCriticalSection
GetCurrentProcessId
SetLastError
InterlockedIncrement
Number of PE resources by type
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2012:07:25 01:04:44+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
19456

LinkerVersion
10.0

FileTypeExtension
exe

InitializedDataSize
14848

SubsystemVersion
5.1

EntryPoint
0x1914

OSVersion
5.1

ImageVersion
0.0

UninitializedDataSize
0

Compressed bundles
File identification
MD5 c3432c1bbdf17ebaf1e10392cf630847
SHA1 8f4e836c899801b1446cd02dfcee99e8a212e150
SHA256 4d89364a1ee4c3d14102631d9807764dc538df4e85c91912252baca0c45ea484
ssdeep
768:l+HNYSWpgVdkhXo4+EDongm1hgkk2MtjsoGxymZSAFCLkbS/CXy:l+HMpgkuhZkVpM7fe/r

authentihash 91f2f60307f5087317807dc8ea4bae6e623367d9f41d78f2e533fe6f19c47bba
imphash 8366ec5e717506e61cfb0426214d3378
File size 60.0 KB ( 61435 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe overlay

VirusTotal metadata
First submission 2012-11-30 01:11:37 UTC ( 4 years, 3 months ago )
Last submission 2016-05-25 03:33:18 UTC ( 10 months, 1 week ago )
File names 005040298
53463666
file-4842410_tmp
c3432c1bbdf17ebaf1e10392cf630847.exe
winupdate.exe
file.tmp
file.tmp
winupdate.ex
c3432c1bbdf17ebaf1e10392cf630847_file.tmp
c3432c1bbdf17ebaf1e10392cf6
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!