× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 5009530b7f884848d4feb906179a4335b033abc9b784e777daf21be145bf0b4a
File name: allinone.ex#
Detection ratio: 37 / 44
Analysis date: 2011-09-13 20:32:20 UTC ( 5 years, 9 months ago ) View latest
Antivirus Result Update
AhnLab-V3 Win-Trojan/Downloader.368325 20110913
AntiVir TR/Nailuj.A.2 20110913
Antiy-AVL Trojan/Win32.Small.gen 20110913
Avast Win32:Agent-FKV [Trj] 20110913
Avast5 Win32:Agent-FKV [Trj] 20110913
AVG PSW.Generic2.ABPK.dropper 20110913
BitDefender Trojan.Nailuj.A 20110913
CAT-QuickHeal TrojanDownloader.Small.csr 20110913
ClamAV Trojan.Downloader-5578 20110913
Commtouch W32/Trojan.WEM 20110913
Comodo TrojWare.Win32.TrojanDownloader.Small.CSR 20110913
DrWeb Trojan.MulDrop.5968 20110913
Emsisoft Rootkit.Win32.Agent.dg!IK 20110913
eSafe Win32.Small.csr 20110913
F-Prot W32/Trojan.WEM 20110913
F-Secure Trojan.Nailuj.A 20110913
Fortinet PWS.J!tr 20110911
GData Trojan.Nailuj.A 20110913
Ikarus Rootkit.Win32.Agent.dg 20110913
Jiangmin TrojanDownloader.Small.bmpp 20110913
K7AntiVirus Trojan 20110913
Kaspersky Trojan-Downloader.Win32.Small.csr 20110913
McAfee Artemis!D380A8C045F0 20110913
McAfee-GW-Edition Artemis!D380A8C045F0 20110913
Microsoft VirTool:WinNT/Rootkitdrv.CD 20110913
NOD32 Win32/TrojanDownloader.Small.CSR 20110913
Norman W32/DLoader.CKPV 20110913
nProtect Trojan/W32.Nailuj.368325 20110913
Panda Trj/Gogo.A 20110913
PCTools Trojan.Nailuj 20110913
Rising Trojan.Win32.Generic.122E3247 20110909
Sophos Troj/Nailuj-A 20110913
Symantec Trojan Horse 20110913
TheHacker Trojan/Downloader.Small.csr 20110910
VBA32 TrojanDownloader.Small.csr 20110913
VIPRE BehavesLike.Win32.Malware.see (mx-v) 20110913
VirusBuster Trojan.Nailuj.A 20110913
ByteHero 20110913
eTrust-Vet 20110913
Prevx 20110913
SUPERAntiSpyware 20110913
TrendMicro 20110913
TrendMicro-HouseCall 20110913
ViRobot 20110913
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
Packers identified
PEiD Armadillo v1.71
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2006-05-16 08:13:30
Entry Point 0x0000333B
Number of sections 4
PE sections
Overlays
MD5 e248926dad16a47f5ed2d2e7e1cbd79b
File type data
Offset 147456
Size 220869
Entropy 5.59
PE imports
CloseServiceHandle
RegCloseKey
OpenServiceA
CreateServiceA
RegSetValueExA
StartServiceA
RegCreateKeyExA
RegOpenKeyExA
OpenSCManagerA
SetMapMode
SaveDC
TextOutA
GetClipBox
GetDeviceCaps
OffsetViewportOrgEx
DeleteDC
RestoreDC
DeleteObject
SetTextColor
GetObjectA
CreateBitmap
RectVisible
GetStockObject
SetViewportOrgEx
ScaleWindowExtEx
ExtTextOutA
PtVisible
ScaleViewportExtEx
SelectObject
SetWindowExtEx
Escape
SetBkColor
SetViewportExtEx
GetStdHandle
FileTimeToSystemTime
GetFileAttributesA
HeapDestroy
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
LocalAlloc
lstrcatA
SetErrorMode
FreeEnvironmentStringsW
SetStdHandle
GetFileTime
GetCPInfo
GetStringTypeA
GetProcessVersion
InterlockedExchange
WriteFile
HeapReAlloc
GetStringTypeW
GetFullPathNameA
GetOEMCP
LocalFree
InitializeCriticalSection
GlobalHandle
FindClose
TlsGetValue
SetLastError
GetEnvironmentVariableA
GlobalFindAtomA
ExitProcess
FlushFileBuffers
GetModuleFileNameA
GetVolumeInformationA
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
GetModuleHandleA
GlobalAddAtomA
SetUnhandledExceptionFilter
GetSystemDirectoryA
SetEnvironmentVariableA
TerminateProcess
GlobalAlloc
SetEndOfFile
GetVersion
InterlockedIncrement
HeapFree
EnterCriticalSection
SetHandleCount
lstrcmpiA
FreeLibrary
IsBadWritePtr
TlsAlloc
GetVersionExA
LoadLibraryA
RtlUnwind
GetStartupInfoA
UnlockFile
GetFileSize
GlobalDeleteAtom
GetProcAddress
CompareStringW
GlobalReAlloc
lstrcmpA
FindFirstFileA
lstrcpyA
CompareStringA
DuplicateHandle
GlobalLock
GetTimeZoneInformation
GetFileType
TlsSetValue
CreateFileA
HeapAlloc
LeaveCriticalSection
GetLastError
LocalReAlloc
LCMapStringW
lstrlenA
GlobalFree
LCMapStringA
GlobalGetAtomNameA
GetEnvironmentStringsW
GlobalUnlock
LockFile
WinExec
FileTimeToLocalFileTime
GetEnvironmentStrings
WritePrivateProfileStringA
WideCharToMultiByte
HeapSize
GetCommandLineA
GetCurrentThread
RaiseException
SetFilePointer
ReadFile
GlobalFlags
CloseHandle
lstrcpynA
GetACP
GetCurrentThreadId
CreateProcessA
HeapCreate
VirtualFree
Sleep
IsBadReadPtr
IsBadCodePtr
VirtualAlloc
MapWindowPoints
GetMessagePos
SetMenuItemBitmaps
DestroyMenu
PostQuitMessage
GetForegroundWindow
LoadBitmapA
SetWindowPos
DispatchMessageA
GrayStringA
GetMessageTime
GetMenuItemID
GetCursorPos
DrawTextA
GetDlgCtrlID
GetClassInfoA
GetMenu
SendMessageA
GetClientRect
GetNextDlgTabItem
CallNextHookEx
GetActiveWindow
GetTopWindow
GetWindowTextA
PtInRect
GetMessageA
GetParent
SetPropA
ShowWindow
GetPropA
ValidateRect
EnableWindow
PeekMessageA
TranslateMessage
IsWindowEnabled
GetWindow
CharUpperA
LoadStringA
GetWindowPlacement
EnableMenuItem
RegisterClassA
TabbedTextOutA
GetWindowLongA
CreateWindowExA
CopyRect
GetSysColorBrush
DestroyWindow
SetFocus
RegisterWindowMessageA
DefWindowProcA
GetSystemMetrics
IsIconic
GetWindowRect
PostMessageA
SetWindowLongA
RemovePropA
SetWindowTextA
CheckMenuItem
GetSubMenu
GetLastActivePopup
GetDlgItem
GetMenuCheckMarkDimensions
ClientToScreen
GetClassLongA
LoadCursorA
LoadIconA
SetWindowsHookExA
GetMenuItemCount
GetMenuState
GetDC
SetForegroundWindow
ReleaseDC
GetCapture
UnhookWindowsHookEx
MessageBoxA
AdjustWindowRectEx
GetSysColor
GetKeyState
SystemParametersInfoA
IsWindowVisible
WinHelpA
wsprintfA
CallWindowProcA
GetClassNameA
GetFocus
ModifyMenuA
SetCursor
OpenPrinterA
DocumentPropertiesA
ClosePrinter
GetFileTitleA
Number of PE resources by type
RT_STRING 1
Number of PE resources by language
CHINESE SIMPLIFIED 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

TimeStamp
2006:05:16 09:13:30+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
98304

LinkerVersion
6.0

FileTypeExtension
exe

InitializedDataSize
61440

SubsystemVersion
4.0

EntryPoint
0x333b

OSVersion
4.0

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 d380a8c045f0fdbe0d5a4657572f6e57
SHA1 f8ef36a193135b170967002a456a5dbb43aab0fb
SHA256 5009530b7f884848d4feb906179a4335b033abc9b784e777daf21be145bf0b4a
ssdeep
6144:Ro6obpQeD8Gf2njfujnkoFBo8WEUdNjwVeW3ugUQy:RMFD9koI8WDrwVeUUQ

authentihash 72678463ee8b6cc97dc195719fc7c83a2912b1cdf7072795d2e6ae89bb4ca3f4
imphash 7119f048c2de0dc60c3387d7ac333f99
File size 359.7 KB ( 368325 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (35.8%)
Win64 Executable (generic) (31.7%)
Windows screen saver (15.0%)
Win32 Dynamic Link Library (generic) (7.5%)
Win32 Executable (generic) (5.1%)
Tags
peexe armadillo overlay

VirusTotal metadata
First submission 2007-01-07 11:49:58 UTC ( 10 years, 5 months ago )
Last submission 2015-08-24 10:07:27 UTC ( 1 year, 10 months ago )
File names D380A8C045F0FDBE0D5A4657572F6E57
allinone.exe
allinone.ex#
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Code injections in the following processes
Opened mutexes
Runtime DLLs