× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 4fb9fa3eb6d89b038e67dd5bdde208614cc2c45dcb82db9a7e7f4adbfbe11e1c
File name: 4fb9fa3eb6d89b038e67dd5bdde208614cc2c45dcb82db9a7e7f4adbfbe11e1c.vir
Detection ratio: 44 / 55
Analysis date: 2016-01-26 01:00:41 UTC ( 2 years, 3 months ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Barys.6265 20160125
Yandex Trojan.Kryptik!SoD8eQ2HcuU 20160125
AhnLab-V3 Trojan/Win32.Diple 20160125
ALYac Gen:Variant.Barys.6265 20160126
Antiy-AVL Trojan[:HEUR]/Win32.Unknown 20160125
Arcabit Trojan.Barys.D1879 20160125
Avast Win32:Evo-gen [Susp] 20160126
AVG Generic28.CFYR 20160125
Avira (no cloud) TR/Crypt.ZPACK.Gen2 20160126
AVware Trojan.Win32.Generic!BT 20160111
BitDefender Gen:Variant.Barys.6265 20160125
CAT-QuickHeal Trojan.Generic.r7 20160125
ClamAV Win.Trojan.Agent-7 20160126
Comodo Packed.Win32.MNSP.Gen 20160125
Cyren W32/Zbot.FY.gen!Eldorado 20160126
DrWeb Trojan.Packed.140 20160126
Emsisoft Gen:Variant.Barys.6265 (B) 20160126
ESET-NOD32 a variant of Win32/Kryptik.AJMB 20160126
F-Prot W32/Zbot.FY.gen!Eldorado 20160125
F-Secure Gen:Variant.Barys.6265 20160125
Fortinet W32/Kryptik.AJMB!tr 20160125
GData Gen:Variant.Barys.6265 20160125
Ikarus Trojan-PWS.Win32.Zbot 20160125
Jiangmin Trojan/Generic.agicx 20160126
Kaspersky HEUR:Trojan.Win32.Generic 20160125
Malwarebytes Trojan.PasswordStealer 20160126
McAfee PWS-Zbot.gen.aie 20160126
McAfee-GW-Edition BehavesLike.Win32.Trojan.fc 20160126
Microsoft Trojan:Win32/Toga!rfn 20160125
eScan Gen:Variant.Barys.6265 20160126
NANO-Antivirus Trojan.Win32.Kryptik.vgfhq 20160126
Panda Trj/Genetic.gen 20160125
Qihoo-360 HEUR/Malware.QVM15.Gen 20160126
Rising PE:Malware.Generic(Thunder)!1.A1C4 [F] 20160125
Sophos AV Mal/Generic-S 20160126
SUPERAntiSpyware Trojan.Agent/Gen-Orsam 20160125
Symantec Trojan.Gen 20160125
Tencent Win32.Trojan.Agent.biim 20160126
TheHacker Trojan/Kryptik.aiju 20160124
TrendMicro TROJ_SPNR.30BF13 20160126
TrendMicro-HouseCall TROJ_SPNR.30BF13 20160126
VBA32 BScope.Trojan.Zbot.9812 20160125
VIPRE Trojan.Win32.Generic!BT 20160125
Zillya Trojan.Kryptik.Win32.259817 20160125
AegisLab 20160125
Alibaba 20160125
Baidu-International 20160125
ByteHero 20160126
CMC 20160111
K7AntiVirus 20160125
K7GW 20160125
nProtect 20160125
TotalDefense 20160125
ViRobot 20160126
Zoner 20160125
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
Command Aspack, Aspack
F-PROT Aspack
PEiD ASProtect v1.23 RC1
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1991-12-10 00:17:04
Entry Point 0x00151000
Number of sections 7
PE sections
PE imports
GdipFree
GetProcAddress
GetModuleHandleA
LoadLibraryA
RaiseException
VariantChangeTypeEx
IsWindowEnabled
GetForegroundWindow
Number of PE resources by type
RT_RCDATA 1
Number of PE resources by language
NEUTRAL 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
1991:12:10 01:17:04+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
6656

LinkerVersion
8.88

FileTypeExtension
exe

InitializedDataSize
11776

SubsystemVersion
4.0

EntryPoint
0x151000

OSVersion
4.0

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 5aa4ff60104a217425999f563f207d5b
SHA1 b8dedeb1f2a9c8065e3e8866e4261198aba7806a
SHA256 4fb9fa3eb6d89b038e67dd5bdde208614cc2c45dcb82db9a7e7f4adbfbe11e1c
ssdeep
6144:PuR3OTGNvkcFo1+QHQJawnH7OGUKz9Dx966MOASMJrkcn+aCyIK3ccnMxjrxceaO:PuROWFU+QHQJFUK5DL665ASM2UW1K3Do

authentihash ca408cbcf8f612637620593274926b605382f93018ac9cd4f57a98a8d8c45388
imphash 0c41b6b3ea083bd7a1d928ed00ce5fba
File size 357.0 KB ( 365568 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.3%)
Win32 Executable (generic) (26.2%)
Win16/32 Executable Delphi generic (12.0%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe asprotect aspack

VirusTotal metadata
First submission 2012-07-12 11:36:33 UTC ( 5 years, 9 months ago )
Last submission 2016-01-26 01:00:41 UTC ( 2 years, 3 months ago )
File names file-4352109_
1344689748.5AA4FF60104A217425999F563F207D5B
uTPHpW.scr
349A254500F6588D94CD0527646E7A003373A500.exe
3fbfced58b0a95896f5cab9d4fc2858a
4fb9fa3eb6d89b038e67dd5bdde208614cc2c45dcb82db9a7e7f4adbfbe11e1c.vir
29html.html
365568_5aa4ff60104a217425999f563f207d5b.exe
vti-rescan
5AA4FF60104A217425999F563F207D5B
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!