× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 510f83af3c41f9892040a8a80b4f3a4736eebee2ec4a7d4bfee63dbe44d7ecff
File name: Virus.Win32.Trojan.DarkSeoul.9fb87.exe
Detection ratio: 49 / 55
Analysis date: 2016-01-15 05:35:50 UTC ( 4 weeks, 1 day ago )
Antivirus Result Update
ALYac Trojan.KillDisk.MBR 20160121
AVG BackDoor.Generic_r.AWZ 20160121
Ad-Aware Trojan.KillMBR.U 20160121
AegisLab Troj.W32.EraseMBR.b!c 20160121
Agnitum Trojan.Kryptik!brdTZmRCvtM 20160120
AhnLab-V3 Win-Trojan/Agent.24576.JPH 20160121
Antiy-AVL Trojan/Win32.EraseMBR 20160121
Arcabit Trojan.KillMBR.U 20160121
Avast Win32:DarkSeoul-B [Trj] 20160121
Avira TR/KillMBR.Y 20160121
Baidu-International Trojan.Win32.EraseMBR.b 20160121
BitDefender Trojan.KillMBR.U 20160121
Bkav W32.KillMbrYHPtvAB.Worm 20160121
CAT-QuickHeal Trojan.ZAgent.r3 20160121
ClamAV Win.Trojan.Agent-257543 20160121
Comodo UnclassifiedMalware 20160121
Cyren W32/Jokra.PWXZ-0300 20160121
ESET-NOD32 a variant of Win32/Kryptik.AXFE 20160121
Emsisoft Trojan.KillMBR.U (B) 20160121
F-Prot W32/Jokra.A 20160121
F-Secure Trojan.KillMBR.U 20160121
Fortinet W32/Kast.A!tr 20160121
GData Trojan.KillMBR.U 20160121
Ikarus Trojan.MBR.Killer 20160121
Jiangmin Trojan/EraseMBR.f 20160121
K7AntiVirus Trojan ( 0040f2721 ) 20160121
K7GW Trojan ( 0040f2721 ) 20160121
Kaspersky Trojan.Win32.EraseMBR.b 20160121
Malwarebytes Trojan.MBR.Killer 20160121
McAfee KillMBR-FBIA 20160121
McAfee-GW-Edition KillMBR-FBIA 20160121
MicroWorld-eScan Trojan.KillMBR.U 20160121
Microsoft Trojan:Win32/Dembr.A 20160121
NANO-Antivirus Trojan.Win32.EraseMBR.cqzdgw 20160121
Panda Trj/Jokra.A 20160121
Qihoo-360 Win32/Trojan.478 20160121
Rising PE:Trojan.Hastati!1.6750 [F] 20160121
Sophos Troj/MBRKill-A 20160121
Symantec Trojan.Jokra 20160121
Tencent Win32.Trojan.Erasembr.Gvg 20160121
TheHacker Trojan/Kryptik.axfe 20160119
TotalDefense Win32/Tnega.dOMdLV 20160121
TrendMicro TROJ_KILLMBR.SM 20160121
TrendMicro-HouseCall TROJ_KILLMBR.SM 20160121
VBA32 OScope.Trojan.KillMBR.2113 20160121
VIPRE Trojan.Win32.Generic!BT 20160121
ViRobot Trojan.Win32.S.KillMBR.24576.A[h] 20160121
Zillya Trojan.EraseMBR.Win32.5 20160121
nProtect Trojan/W32.KillMBR.Gen 20160121
Alibaba 20160121
ByteHero 20160121
CMC 20160111
DrWeb 20160121
SUPERAntiSpyware 20160121
Zoner 20160121
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-01-31 10:27:18
Link date 11:27 AM 1/31/2013
Entry Point 0x00001000
Number of sections 3
PE sections
PE imports
HeapFree
GetStdHandle
LCMapStringW
SetHandleCount
GetOEMCP
LCMapStringA
HeapDestroy
ExitProcess
GetEnvironmentStringsW
GetModuleFileNameA
RtlUnwind
LoadLibraryA
FreeEnvironmentStringsA
GetCurrentProcess
GetEnvironmentStrings
GetCPInfo
UnhandledExceptionFilter
MultiByteToWideChar
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
WideCharToMultiByte
GetStringTypeA
WriteFile
GetStartupInfoA
GetACP
HeapReAlloc
GetStringTypeW
TerminateProcess
HeapCreate
VirtualFree
GetFileType
HeapAlloc
GetVersion
VirtualAlloc
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2013:01:31 11:27:18+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
12288

LinkerVersion
6.0

EntryPoint
0x1000

InitializedDataSize
8192

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 0a8032cd6b4a710b1771a080fa09fb87
SHA1 70e0adfa9d867c3b950c0be5b83894d99020bdff
SHA256 510f83af3c41f9892040a8a80b4f3a4736eebee2ec4a7d4bfee63dbe44d7ecff
ssdeep
192:0Us5GwnEGjGlCdB0ttzRlQIwbzkBTkVYe/m2noM1qtT57MkJRVtyycpc7numoZ9:fs5GwfClCcCk1jeODMEN5yycpcrumoZ

authentihash 6c2146fb43f7f2a8545753e74772d408b836d5841f842cbaf7d612c0f07b9122
imphash 8cf2375491e257d65da71e5d263d7df7
File size 24.0 KB ( 24576 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.4%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2013-03-20 12:10:58 UTC ( 2 years, 11 months ago )
Last submission 2015-07-21 18:49:07 UTC ( 6 months, 3 weeks ago )
File names Virus.Win32.Trojan.DarkSeoul.9fb87.exe
DarkSeoul_0A8032CD6B4A710B1771A080FA09FB87
0 (6).exe
0a8032cd6b4a710b1771a080fa09fb87
DarkSeoul_0A8032CD6B4A710B1771A080FA09FB87 - 복사본.exe
file-5282513_exe
1.exe
0a8032cd6b4a710b1771a080fa09fb87
0A8032CD6B4A710B1771A080FA09FB87
1
510f83af3c41f9892040a8a80b4f3a4736eebee2ec4a7d4bfee63dbe44d7ecff
vti-rescan
Immobilienangebot.pdf.exe
510f83af3c41f9892040a8a80b4f3a4736eebee2ec4a7d4bfee63dbe44d7ecff.bin
FILE_59(하드디스크파괴 변종)
mb_join.gif
web_infect
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!