× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 544285a5c4b90c951c31e9978210d9086d929a61787482faee6f7d023dc4eaf8
File name: 3368e248a76a7b7d090d0ce7cb7335be
Detection ratio: 31 / 51
Analysis date: 2014-04-03 23:37:47 UTC ( 3 years, 1 month ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.1629690 20140403
AntiVir TR/Crypt.Xpack.33268 20140403
Antiy-AVL Worm/Win32.AutoRun 20140403
Avast Win32:Malware-gen 20140403
AVG Luhe.Fiha.A 20140403
BitDefender Trojan.GenericKD.1629690 20140403
Commtouch W32/Trojan.HGRA-1747 20140404
Comodo UnclassifiedMalware 20140403
Emsisoft Trojan.GenericKD.1629690 (B) 20140403
F-Prot W32/Trojan3.HYU 20140403
F-Secure Trojan.GenericKD.1629690 20140404
Fortinet W32/Lockscreen.LOA!tr 20140403
GData Trojan.GenericKD.1629690 20140403
Ikarus Trojan-Dropper.Agent 20140403
K7AntiVirus Riskware ( 0040eff71 ) 20140403
Kaspersky Backdoor.Win32.Androm.drij 20140403
Malwarebytes Trojan.Ransom.ED 20140403
McAfee PWS-Zbot-FANV!3368E248A76A 20140403
McAfee-GW-Edition PWS-Zbot-FANV!3368E248A76A 20140403
Microsoft TrojanDownloader:Win32/Kuluoz 20140404
eScan Trojan.GenericKD.1629690 20140404
Norman Suspicious_Gen4.GCGPE 20140403
nProtect Trojan.Agent.BCMJ 20140403
Panda Trj/CI.A 20140403
Qihoo-360 HEUR/Malware.QVM19.Gen 20140404
Rising PE:Malware.FakeDOC@CV!1.9C3C 20140403
Sophos Mal/Zbot-PA 20140403
Symantec Trojan.Fakeavlock 20140403
TrendMicro BKDR_KULUOZ.IFA 20140404
TrendMicro-HouseCall BKDR_KULUOZ.IFA 20140403
VIPRE Trojan.Win32.Generic!BT 20140404
AegisLab 20140403
Yandex 20140403
AhnLab-V3 20140403
Baidu-International 20140403
Bkav 20140403
ByteHero 20140404
CAT-QuickHeal 20140403
ClamAV 20140403
CMC 20140331
DrWeb 20140403
ESET-NOD32 20140403
Jiangmin 20140403
K7GW 20140403
Kingsoft 20140404
NANO-Antivirus 20140403
SUPERAntiSpyware 20140403
TheHacker 20140402
TotalDefense 20140403
VBA32 20140403
ViRobot 20140403
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Comments This installation was built with.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-04-02 13:31:03
Entry Point 0x0000A7B0
Number of sections 5
PE sections
PE imports
RegOpenKeyExA
RegQueryValueExW
LocalFree
GetCurrentProcess
SetUnhandledExceptionFilter
CreateThread
LocalAlloc
GetCurrentProcessId
GetCommandLineW
FreeLibrary
QueryPerformanceCounter
UnhandledExceptionFilter
ExitProcess
GetStartupInfoW
GetSystemTimeAsFileTime
GetTickCount
lstrcmpiW
VirtualAlloc
GetCurrentThreadId
GetSystemMetrics
LoadIconW
LoadCursorA
LoadIconA
Number of PE resources by type
RT_STRING 6
RT_ICON 3
RT_MANIFEST 1
RT_RCDATA 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 7
ENGLISH US 6
PE resources
ExifTool file metadata
UninitializedDataSize
0

Comments
This installation was built with.

InitializedDataSize
40448

ImageVersion
0.0

FileVersionNumber
1.6.0.166

LanguageCode
Neutral

FileFlagsMask
0x003f

CharacterSet
Unicode

LinkerVersion
2.5

FileTypeExtension
exe

MIMEType
application/octet-stream

TimeStamp
2014:04:02 14:31:03+01:00

FileType
Win32 EXE

PEType
PE32

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
103936

FileSubtype
0

ProductVersionNumber
1.6.0.166

EntryPoint
0xa7b0

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 3368e248a76a7b7d090d0ce7cb7335be
SHA1 f541c2f92d2257a0e0c8150fb21c2249ad3a6b01
SHA256 544285a5c4b90c951c31e9978210d9086d929a61787482faee6f7d023dc4eaf8
ssdeep
3072:oDvRkwFhc2Qom1LQRCI9l+MWLuT3uTKx:0Zrvm1L2Cq+MLT+T

authentihash 979d36e96c1927dc78d15704f1520a0f5430847fac7bf4f5303cfb397ba0f9d7
imphash 063c38c8b9fa8fe8587bc6fd930907d3
File size 141.5 KB ( 144896 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (61.6%)
Win32 Dynamic Link Library (generic) (14.6%)
Win32 Executable (generic) (10.0%)
Win16/32 Executable Delphi generic (4.6%)
Generic Win/DOS Executable (4.4%)
Tags
peexe

VirusTotal metadata
First submission 2014-04-02 15:22:41 UTC ( 3 years, 1 month ago )
Last submission 2015-04-17 21:31:23 UTC ( 2 years, 1 month ago )
File names 3368e248a76a7b7d090d0ce7cb7335be
srdelayed.exe
Court_Notice_Copy.exe
Court_Notice_Copy.exe.BAD
court_notice_copy.exe
c-0754e-2857-1396538222
3368e248a76a7b7d090d0ce7cb7335be.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
Behaviour characterization
Zemana
dll-injection

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Created processes
Created mutexes
Opened mutexes
Runtime DLLs