× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 541fb83d28b05f55e310047d019727344c8cc694e5320506451bbb52fd40d3ea
File name: gridinsoft.trojan.killer.2.x-patch.exe
Detection ratio: 27 / 45
Analysis date: 2013-01-29 07:45:34 UTC ( 1 year, 2 months ago ) View latest
Antivirus Result Update
Agnitum Riskware.HackTool!LT2poWNG63M 20130128
Antiy-AVL Trojan/Win32.Genome.gen 20130128
Avast Win32:Patcher-AK [PUP] 20130129
BitDefender Gen:Trojan.Heur.FU.euW@a0Q59To 20130129
Comodo UnclassifiedMalware 20130129
DrWeb Tool.ProcPatch.405 20130129
ESET-NOD32 a variant of Win32/HackTool.Patcher.AD 20130129
Emsisoft Riskware.RiskTool.Win32.Patcher.AMN (A) 20130129
F-Secure Gen:Trojan.Heur.FU.euW@a0Q59To 20130129
Fortinet W32/Agent.WFN!tr 20130129
GData Gen:Trojan.Heur.FU.euW@a0Q59To 20130129
Ikarus Trojan.Win32.Spy 20130129
K7AntiVirus Riskware 20130128
Kaspersky not-a-virus:RiskTool.Win32.Patcher.dk 20130129
Kingsoft Win32.Troj.Undef.(kcloud) 20130121
McAfee Generic PUP.z!pp 20130129
McAfee-GW-Edition Generic PUP.z!pp 20130129
MicroWorld-eScan Gen:Trojan.Heur.FU.euW@a0Q59To 20130129
NANO-Antivirus Trojan.Win32.Patcher.qbyys 20130129
Norman Patcher.IQ 20130128
Panda Trj/OCJ.B 20130128
Rising Malware.UDM!4998 20130129
Sophos Troj/Agent-WFN 20130129
Symantec WS.Reputation.1 20130129
TrendMicro TROJ_GEN.RCBZ4LK 20130129
TrendMicro-HouseCall TROJ_GEN.RCBZ4LK 20130129
VIPRE Trojan.Win32.Agent.wfn (v) 20130129
AVG 20130129
AntiVir 20130129
ByteHero 20130128
CAT-QuickHeal 20130129
ClamAV 20130129
Commtouch 20130129
F-Prot 20130129
Jiangmin 20121221
Malwarebytes 20130129
Microsoft 20130129
PCTools 20130129
SUPERAntiSpyware 20130129
TheHacker 20130128
TotalDefense 20130128
VBA32 20130129
ViRobot 20130129
eSafe 20130127
nProtect 20130128
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
F-PROT embedded
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-05-02 17:50:41
Link date 6:50 PM 5/2/2012
Entry Point 0x0000102B
Number of sections 5
PE sections
PE imports
GetTempPathA
SizeofResource
lstrcatA
GetModuleHandleA
LoadResource
DeleteFileA
FreeLibrary
RtlMoveMemory
WriteFile
ExitProcess
CloseHandle
CreateFileA
FlushFileBuffers
GetProcAddress
FindResourceA
VirtualAlloc
LoadLibraryA
Number of PE resources by type
RT_ICON 3
RT_MANIFEST 1
RT_RCDATA 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 6
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2012:05:02 18:50:41+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
512

LinkerVersion
10.0

FileAccessDate
2014:04:13 10:30:13+01:00

EntryPoint
0x102b

InitializedDataSize
75264

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

FileCreateDate
2014:04:13 10:30:13+01:00

UninitializedDataSize
0

File identification
MD5 bf9a59762359d5d9de1b0ffb548b0db0
SHA1 9862198dad4b1f5847abb307e6b8a4aaf8551393
SHA256 541fb83d28b05f55e310047d019727344c8cc694e5320506451bbb52fd40d3ea
ssdeep
1536:hp8O5TkUP6WQt6UPPI5LAy7tC40EbGAlZErN+t35S0tW9wSQzIt:hhrP6WQgMwhg40ohZ3ttW9y

imphash dc73a9bd8de0fd640549c85ac4089b87
File size 75.0 KB ( 76800 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe

VirusTotal metadata
First submission 2012-12-18 07:40:47 UTC ( 1 year, 4 months ago )
Last submission 2014-04-13 09:29:46 UTC ( 6 days, 2 hours ago )
File names file-5042432_exe
GrindinSoftTrojanKillerPatch.exe
gridinsoft.trojan.killer.2.x-patch.exe
Trojan Killer v2.1.5.0 Patch.exe
Patch 1.exe
Patch.2.x.exe
Patch.exe
trojan.killer.2.x-patch.exe
Advanced heuristic and reputation engines
ClamAV PUA
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: http://www.clamav.net/index.php?s=pua&lang=en .

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!