× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 5544d34fdbd63775969e08945b89baa47c68112fdd3ba17ad8b446e45e7f2101
File name: vt-upload-IjLgi
Detection ratio: 24 / 49
Analysis date: 2014-08-02 08:02:55 UTC ( 2 years, 7 months ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKD.1785086 20140802
AntiVir TR/Spy.Banker.1284 20140802
Avast Win32:Dropper-gen [Drp] 20140802
AVG Generic11_c.NNI 20140802
AVware Trojan.Win32.Generic!BT 20140802
BitDefender Trojan.GenericKD.1785086 20140802
CAT-QuickHeal TrojanPWS.AutoIt.Zbot.A 20140801
ClamAV Win.Trojan.Autoit-1372 20140802
CMC Trojan.Win32.Generic!O 20140731
Commtouch W32/GenBl.B606C713!Olympus 20140802
Emsisoft Trojan.GenericKD.1785086 (B) 20140802
ESET-NOD32 Win32/Spy.Zbot.AAO 20140801
Fortinet W32/Zbot.AAO!tr 20140802
GData Trojan.GenericKD.1785086 20140802
Kaspersky Trojan-Spy.Win32.Zbot.tqxj 20140802
McAfee Artemis!B606C713AFAA 20140802
McAfee-GW-Edition Artemis!B606C713AFAA 20140801
eScan Trojan.GenericKD.1785086 20140802
nProtect Trojan.GenericKD.1785086 20140801
Qihoo-360 HEUR/Malware.QVM10.Gen 20140802
SUPERAntiSpyware Trojan.Agent/Gen-Undef 20140802
Tencent Win32.Trojan-spy.Zbot.Pcsc 20140802
TrendMicro-HouseCall TROJ_GEN.R011H08GT14 20140802
VIPRE Trojan.Win32.Generic!BT 20140802
AegisLab 20140802
Yandex 20140801
AhnLab-V3 20140801
Antiy-AVL 20140802
Baidu-International 20140802
Bkav 20140801
ByteHero 20140802
Comodo 20140802
DrWeb 20140802
F-Prot 20140802
F-Secure 20140802
Ikarus 20140802
Jiangmin 20140802
K7AntiVirus 20140801
K7GW 20140801
Kingsoft 20130829
Malwarebytes 20140802
Microsoft 20140802
NANO-Antivirus 20140802
Norman 20140802
Panda 20140801
Rising 20140801
Sophos 20140802
Symantec 20140802
TheHacker 20140801
TotalDefense 20140801
TrendMicro 20140802
VBA32 20140801
ViRobot 20140802
Zoner 20140729
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file.
FileVersionInfo properties
File version 3, 3, 8, 1
Packers identified
F-PROT AutoIt, UTF-8
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-01-29 21:32:28
Entry Point 0x000165C1
Number of sections 4
PE sections
Number of PE resources by type
RT_ICON 12
RT_STRING 7
RT_GROUP_ICON 4
RT_DIALOG 1
RT_MANIFEST 1
RT_MENU 1
RT_VERSION 1
Number of PE resources by language
ENGLISH UK 25
ENGLISH US 2
PE resources
File identification
MD5 b606c713afaa5c4c2de26ccf4943ec4d
SHA1 a8687e90cf13fc95949126364cfa5ba8bfc10d22
SHA256 5544d34fdbd63775969e08945b89baa47c68112fdd3ba17ad8b446e45e7f2101
ssdeep
24576:MRmJkcoQricOIQxiZY1iaOorRKidA6TB8ljmfcj:ZJZoQrbTFZY1iaOorRxdTTB8lj9

imphash d3bf8a7746a8d1ee8f6e5960c3f69378
File size 1.2 MB ( 1231675 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2014-08-02 08:02:55 UTC ( 2 years, 7 months ago )
Last submission 2014-08-02 08:02:55 UTC ( 2 years, 7 months ago )
File names vt-upload-IjLgi
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
DNS requests