× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 4dacd43423020ac9b63539289870097a1c7ce3dc31b3fbefe5f3dae963c82a77
File name: -epT8ho
Detection ratio: 41 / 44
Analysis date: 2012-12-11 01:02:43 UTC ( 5 years, 6 months ago )
Antivirus Result Update
Yandex Trojan.PWS.Delf!m9Z0T74U8Iw 20121210
AntiVir TR/Dropper.Gen 20121210
Avast Win32:Inject-ABT [Trj] 20121211
AVG Dropper.Generic.CLUM 20121211
BitDefender Worm.Generic.233685 20121211
CAT-QuickHeal Win32.Worm.VBNA.b.3.nop.b 20121210
ClamAV WIN.Trojan.Memscan 20121210
Commtouch W32/MalwareS.ALNK 20121211
Comodo Heur.Suspicious 20121211
DrWeb Win32.HLLW.Facebook.634 20121211
Emsisoft Trojan.PSW.Win32.VB.AMN (A) 20121211
eSafe Win32.TRDropper 20121210
ESET-NOD32 Win32/PSW.Delf.NSE 20121210
F-Prot W32/MalwareS.ALNK 20121211
F-Secure Worm.Generic.233685 20121210
Fortinet W32/VBInjector.AGB!tr 20121211
GData Worm.Generic.233685 20121211
Ikarus Virus.Win32.VBInject 20121211
Jiangmin Worm/Winko.z 20121210
K7AntiVirus Riskware 20121210
Kaspersky Trojan-PSW.Win32.VB.bql 20121211
Kingsoft Win32.Troj.Undef.(kcloud) 20121210
Malwarebytes Trojan.Agent 20121211
McAfee Artemis!D888DCAE3D6C 20121211
McAfee-GW-Edition Heuristic.BehavesLike.Win32.Downloader.D 20121211
Microsoft VirTool:Win32/VBInject.EZ 20121211
eScan Worm.Generic.233685 20121211
NANO-Antivirus Trojan.Win32.VB.rskr 20121211
Norman W32/Oficla.A.gen 20121210
nProtect Worm/W32.Agent.110592.BF 20121210
Panda Trj/Genetic.gen 20121210
Rising Trojan.Win32.Generic.11E5A35E 20121210
Sophos AV Mal/Koobface-B 20121211
Symantec Packed.Generic.296 20121211
TheHacker Trojan/PSW.VB.bql 20121210
TotalDefense malicious 20121210
TrendMicro WORM_KOOBFACE.GM 20121211
TrendMicro-HouseCall WORM_KOOBFACE.GM 20121211
VBA32 SScope.Trojan.VBRA.3878 20121210
VIPRE FraudTool.Win32.FakeVimes!VB (v) 20121211
ViRobot Trojan.Win32.A.PSW-VB.110592.A 20121210
Antiy-AVL 20121204
ByteHero 20121207
SUPERAntiSpyware 20121211
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
aGPh

Publisher AyJz
Product cBKj
Original name GKZcZf.exe
Internal name GKZcZf
File version 2.02.0002
Description gSDm
Comments TeFQ
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2010-04-06 21:25:44
Entry Point 0x000010B8
Number of sections 3
PE sections
PE imports
Ord(631)
ProcCallEngine
__vbaExceptHandler
EVENT_SINK_QueryInterface
Ord(100)
MethCallEngine
DllFunctionCall
Ord(644)
Ord(697)
EVENT_SINK_Release
EVENT_SINK_AddRef
Ord(516)
Ord(537)
RtlMoveMemory
GetProcAddress
LoadLibraryA
CallWindowProcA
Number of PE resources by type
RT_ICON 3
8 1
RT_GROUP_ICON 1
RT_VERSION 1
Number of PE resources by language
NEUTRAL 4
ENGLISH US 1
ARABIC NEUTRAL 1
ExifTool file metadata
LegalTrademarks
Uupu

SubsystemVersion
4.0

Comments
TeFQ

LinkerVersion
6.0

ImageVersion
2.2

FileSubtype
0

FileVersionNumber
2.2.0.2

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

FileDescription
gSDm

CharacterSet
Unicode

InitializedDataSize
94208

FileOS
Win32

MIMEType
application/octet-stream

LegalCopyright
aGPh

FileVersion
2.02.0002

TimeStamp
2010:04:06 22:25:44+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
GKZcZf

ProductVersion
2.02.0002

UninitializedDataSize
0

OSVersion
4.0

OriginalFilename
GKZcZf.exe

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
AyJz

CodeSize
12288

ProductName
cBKj

ProductVersionNumber
2.2.0.2

EntryPoint
0x10b8

ObjectFileType
Executable application

File identification
MD5 d888dcae3d6c22256c7470c1f1cb1844
SHA1 4b44db1b26985eb87e92415dc50d1837d7b1c56a
SHA256 4dacd43423020ac9b63539289870097a1c7ce3dc31b3fbefe5f3dae963c82a77
ssdeep
1536:JrDILHlveYV2vGnXsyX1edX07JlMlJGSCSkXNGJ8pGNC9kGin/b9szy4mWsRb:JrDyHpeG1sNdsCoSmI8FFin/C3TEb

File size 108.0 KB ( 110592 bytes )
File type Win32 EXE
Magic literal
MS-DOS executable PE for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Generic (68.0%)
Generic Win/DOS Executable (15.9%)
DOS Executable Generic (15.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe

VirusTotal metadata
First submission 2010-04-07 11:22:13 UTC ( 8 years, 2 months ago )
Last submission 2012-12-11 01:02:43 UTC ( 5 years, 6 months ago )
File names D888DCAE3D6C22256C7470C1F1CB1844
GKZcZf
-epT8ho
GKZcZf.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!