× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 4f8fb018e91e7d21e8fa07c580b9d285852db648d60b346f45feb4da7df58d7f
File name: cb7c4bd8258c64fea1d59dd5991f58e3
Detection ratio: 52 / 56
Analysis date: 2016-01-10 13:34:02 UTC ( 3 years, 1 month ago ) View latest
Antivirus Result Update
Yandex Worm.VB!f6CqtJjUHXo 20160116
AhnLab-V3 HEUR/Fakon.mwf 20160116
ALYac Generic.Malware.DHVQ.BBEBC736 20160117
Antiy-AVL Worm/Win32.VB 20160117
Arcabit Generic.Malware.DHVQ.BBEBC736 20160117
Avast Win32:GenMalicious-HFA [Trj] 20160116
AVG Win32/DH{TA?} 20160117
Avira (no cloud) TR/Crypt.CFI.Gen 20160116
AVware Trojan.Win32.Generic!BT 20160111
Baidu-International Worm.Win32.VB.aty 20160116
BitDefender Generic.Malware.DHVQ.BBEBC736 20160117
Bkav W32.NusdengoLTK.Trojan 20160116
CAT-QuickHeal Worm.Autorun.AH3 20160116
ClamAV Win.Adware.Softpulse-215 20160116
CMC Worm.Win32.VB!O 20160111
Comodo TrojWare.Win32.Agent.~JH1 20160117
Cyren W32/Trojan.AODN-6022 20160117
DrWeb Trojan.KillFiles.8725 20160117
Emsisoft Generic.Malware.DHVQ.BBEBC736 (B) 20160117
ESET-NOD32 Win32/AutoRun.VB.AAO 20160117
F-Prot W32/Trojan2.OOJI 20160117
F-Secure Generic.Malware.DHVQ.BBEBC736 20160116
Fortinet W32/Keylogger.G!tr 20160117
GData Generic.Malware.DHVQ.BBEBC736 20160117
Ikarus Worm.Win32.AutoRun 20160116
Jiangmin Trojan/Qhost.flk 20160117
K7AntiVirus P2PWorm ( 00337af51 ) 20160117
K7GW P2PWorm ( 00337af51 ) 20160117
Kaspersky Trojan.Win32.Crypt.ddc 20160117
Malwarebytes Worm.AutoRun 20160117
McAfee W32/YahLover.worm.gen 20160117
McAfee-GW-Edition BehavesLike.Win32.YahLover.ch 20160117
Microsoft Trojan:Win32/Peals.B!gfc 20160117
eScan Generic.Malware.DHVQ.BBEBC736 20160117
NANO-Antivirus Trojan.Win32.KillFiles.cvpiiw 20160117
nProtect Worm/W32.Agent.131584.I 20160115
Panda Trj/CI.A 20160116
Qihoo-360 Malware.Radar01.Gen 20160117
Rising PE:Worm.VobfusEx!1.99DF [F] 20160117
Sophos AV Mal/Autorun-BF 20160116
SUPERAntiSpyware Trojan.Agent/Gen-Malagent 20160116
Symantec W32.SillyFDC 20160116
Tencent Trojan.Win32.Qhost.c 20160117
TheHacker Posible_Worm32 20160116
TotalDefense Win32/FakeFLDR_i 20160117
TrendMicro WORM_YAHLOVER.SM 20160117
TrendMicro-HouseCall WORM_YAHLOVER.SM 20160117
VBA32 Worm.VB 20160115
VIPRE Trojan.Win32.Generic!BT 20160117
ViRobot Worm.Win32.A.VB.132608[h] 20160117
Zillya Worm.AutoRun.Win32.35490 20160116
Zoner I-Worm.AutoRun.VB.AAO 20160117
AegisLab 20160116
Alibaba 20160115
ByteHero 20160117
Kingsoft 20160117
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Product z 3 r 0 _ x
Original name Dosya Klasörü.exe
Internal name Dosya Klasörü
File version 8.01.0008
Packers identified
F-PROT UPX_LZMA
PEiD UPX 2.93 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2011-01-04 13:49:16
Entry Point 0x00076580
Number of sections 3
PE sections
PE imports
VirtualFree
ExitProcess
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
Ord(581)
Number of PE resources by type
RT_ICON 13
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 14
ENGLISH US 1
PE resources
ExifTool file metadata
UninitializedDataSize
434176

LinkerVersion
6.0

ImageVersion
8.1

FileSubtype
0

FileVersionNumber
8.1.0.8

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

CharacterSet
Unicode

InitializedDataSize
81920

EntryPoint
0x76580

OriginalFileName
Dosya Klas r .exe

MIMEType
application/octet-stream

FileVersion
8.01.0008

TimeStamp
2011:01:04 14:49:16+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Dosya Klas r

ProductVersion
8.01.0008

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
53248

ProductName
z 3 r 0 _ x

ProductVersionNumber
8.1.0.8

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 cb7c4bd8258c64fea1d59dd5991f58e3
SHA1 ef292663bda31458d15fd6b5c544685c003bee1d
SHA256 4f8fb018e91e7d21e8fa07c580b9d285852db648d60b346f45feb4da7df58d7f
ssdeep
1536:3Zx8gcK8ossZDulaPnPuhkvJJth5SLnouy8uQkgB54vm:3Zx8gJscuAnU+JYoutueXl

authentihash a83f74733d603391487fc3e44a995dbabea67e42747744bfb9d09aafea522e3b
imphash 3243b13e562279ab7fbe2f31e45d3a95
File size 128.5 KB ( 131584 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID UPX compressed Win32 Executable (39.3%)
Win32 EXE Yoda's Crypter (38.6%)
Win32 Dynamic Link Library (generic) (9.5%)
Win32 Executable (generic) (6.5%)
Generic Win/DOS Executable (2.9%)
Tags
peexe upx

VirusTotal metadata
First submission 2015-01-26 00:30:29 UTC ( 4 years ago )
Last submission 2018-01-31 17:19:02 UTC ( 1 year ago )
File names Dosya Klasörü.exe
Dosya Klasörü
cb7c4bd8258c64fea1d59dd5991f58e3
LOCAL.EXE
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Created processes
Hooking activity
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.