× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 5084914da6bbbf9ac85281a55e5043af48bfbd0780fbf9d9da2ad8765643fa05
File name: Gy7tB5.xls
Detection ratio: 39 / 43
Analysis date: 2011-01-11 19:32:12 UTC ( 7 years, 1 month ago )
Antivirus Result Update
AhnLab-V3 Win-Trojan/Xema.variant 20110110
AntiVir TR/Dropper.Gen 20110111
Antiy-AVL Backdoor/Win32.VB.gen 20110111
Avast Win32:Malware-gen 20110111
Avast5 Win32:Malware-gen 20110111
AVG VB.AKAP 20110111
BitDefender Backdoor.Generic.521903 20110111
CAT-QuickHeal Backdoor.VB.mks 20110111
Command W32/MalwareF.UHTX 20110111
Comodo TrojWare.Win32.Trojan.Agent.Gen 20110111
DrWeb Trojan.Siggen2.5979 20110111
Emsisoft Backdoor.Win32.VB!IK 20110111
eTrust-Vet Win32/Veebuu.MN 20110111
F-Prot W32/MalwareF.UHTX 20110111
F-Secure Backdoor.Generic.521903 20110111
Fortinet W32/VB.CF!tr 20110110
GData Backdoor.Generic.521903 20110111
Ikarus Backdoor.Win32.VB 20110111
Jiangmin Backdoor/VB.kbf 20110111
K7AntiVirus Riskware 20110111
Kaspersky Backdoor.Win32.VB.mks 20110111
McAfee Generic.dx!umi 20110111
McAfee-GW-Edition Heuristic.BehavesLike.Win32.Downloader.A 20110111
Microsoft Trojan:Win32/Neop 20110111
NOD32 a variant of Win32/VB.PGX 20110110
Norman W32/VBTroj.CYVW 20110111
nProtect Backdoor/W32.Agent.34304.AI 20110111
Panda Bck/Buzus.IQ 20110111
PCTools Trojan.Gen 20110111
Rising Trojan.Win32.Generic.5244208F 20110111
Sophos AV Mal/VB-CF 20110111
SUPERAntiSpyware Trojan.Agent/Gen-Virut 20110111
Symantec Trojan.Gen 20110111
TheHacker Trojan/VB.pgx 20110111
TrendMicro TROJ_GEN.R4AE1K3 20110111
TrendMicro-HouseCall TROJ_GEN.R4AE1K3 20110111
VBA32 SScope.Trojan.VB.01054 20110111
VIPRE Trojan.Win32.Generic!SB.0 20110111
ViRobot Trojan.Win32.Agent.34304.CL 20110111
ClamAV 20110111
eSafe 20110110
Prevx 20110111
VirusBuster 20110111
The file being studied is a Portable Executable file! More specifically, it is a unknown file.
Packers identified
PEiD UPX 2.93 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
PE header basic information
Number of sections 3
PE sections
PE imports
LoadLibraryA
GetProcAddress
VirtualProtect
VirtualAlloc
VirtualFree
ExitProcess
1 more function(s) imported by ordinal)
File identification
MD5 8b2002c413da25cd22cd208f617747d5
SHA1 a0def720567a9f7d1e06ec0ef2a5d67d2e2b626d
SHA256 5084914da6bbbf9ac85281a55e5043af48bfbd0780fbf9d9da2ad8765643fa05
ssdeep
768:YGk+SMEMo40J8O7v4xVjG7L/aekf/yJ+H8Ia/VeXM75znbcuyD7U:YsEMoz8GQyJ+T987Znouy8

File size 33.5 KB ( 34304 bytes )
File type unknown
Magic literal

TrID UPX compressed Win32 Executable (39.5%)
Win32 EXE Yoda's Crypter (34.3%)
Win32 Executable Generic (11.0%)
Win32 Dynamic Link Library (generic) (9.8%)
Generic Win/DOS Executable (2.5%)
VirusTotal metadata
First submission 2010-10-31 15:40:45 UTC ( 7 years, 3 months ago )
Last submission 2011-01-11 19:32:12 UTC ( 7 years, 1 month ago )
File names Gy7tB5.xls
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!