× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 5ac94cf9b7c220ce7eb2a82102f9e30b2e433e8d13dcd7f3767a4fce9ea83606
File name: 5ac94cf9b7c220ce7eb2a82102f9e30b2e433e8d13dcd7f3767a4fce9ea83606
Detection ratio: 42 / 47
Analysis date: 2013-11-08 18:36:20 UTC ( 5 years ago ) View latest
Antivirus Result Update
Yandex Trojan.DR.Dapato!4N4eQI3xIIU 20131108
AhnLab-V3 Trojan/Win32.Menti 20131108
AntiVir TR/Crypt.ULPM.Gen 20131108
Avast Win32:SmokeLdr-E [Trj] 20131108
AVG Dropper.Generic5.AVFL 20131108
Baidu-International Worm.Win32.IRCBot.NG.40 20131108
BitDefender Trojan.Generic.7267688 20131108
Bkav W32.IsabakusI.Trojan 20131108
CAT-QuickHeal TrojanPWS.Zbot.Y 20131108
Commtouch W32/Trojan.NKPZ-2889 20131108
Comodo TrojWare.Win32.Trojan.Agent.Gen 20131108
DrWeb BackDoor.IRC.Bot.896 20131108
Emsisoft Trojan.Generic.7267688 (B) 20131108
ESET-NOD32 Win32/Dorkbot.A 20131108
F-Secure Trojan.Generic.7267688 20131108
Fortinet W32/Kryptik.AY!tr 20131108
GData Trojan.Generic.7267688 20131108
Ikarus Trojan.Win32.Ransom 20131108
Jiangmin Trojan/JboxGeneric.fen 20131108
K7AntiVirus Password-Stealer 20131108
K7GW Password-Stealer 20131108
Kaspersky Trojan-Dropper.Win32.Dapato.ahbs 20131108
Kingsoft Win32.Troj.Dapato.(kcloud) 20130829
Malwarebytes Spyware.Zbot.ES 20131108
McAfee PWS-FABE!C61999DA05FE 20131108
McAfee-GW-Edition Heuristic.BehavesLike.Win32.ModifiedUPX.C 20131108
Microsoft Worm:Win32/Dorkbot.I 20131108
eScan Trojan.Generic.7267688 20131108
NANO-Antivirus Trojan.Win32.Dapato.msnyt 20131108
Norman Suspicious_Gen4.SXZP 20131108
nProtect Trojan/W32.Agent.100352.QI 20131108
Panda Generic Trojan 20131108
Rising Trojan.Win32.Generic.12BDDECC 20131108
Sophos AV Mal/Zbot-EZ 20131108
SUPERAntiSpyware Trojan.Agent/Gen-Kryptik 20131108
Symantec Trojan.Gen 20131108
TheHacker Trojan/Kryptik.abzx 20131107
TotalDefense Win32/Dorkbot.H!generic 20131108
TrendMicro TSPY_DORKBOT_CA08032E.TOMC 20131108
TrendMicro-HouseCall TSPY_DORKBOT_CA08032E.TOMC 20131108
VBA32 TrojanDropper.Dapato 20131108
VIPRE Trojan.Win32.Bredo.pb (v) 20131108
Antiy-AVL 20131107
ByteHero 20131105
ClamAV 20131108
F-Prot 20131108
ViRobot 20131108
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Product Rand
Original name 7lc42v.exe
Internal name Loch Crater Stove
File version 8.6
Description Sacred Walsh Azure
Packers identified
F-PROT UPX_LZMA
PEiD UPX 2.93 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2011-01-12 01:26:12
Entry Point 0x0003DF50
Number of sections 3
PE sections
PE imports
VirtualFree
ExitProcess
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
ClusterNodeOpenEnum
OleUIUpdateLinksA
ResUtilGetProperty
SamConnect
MenuItemFromPoint
GetAllUsersProfileDirectoryA
FtpOpenFileA
Number of PE resources by type
RT_BITMAP 2
RT_STRING 1
RT_MENU 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 5
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
8.0

ImageVersion
9.3

FileSubtype
0

FileVersionNumber
8.6.0.0

UninitializedDataSize
155648

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
4096

EntryPoint
0x3df50

OriginalFileName
7lc42v.exe

MIMEType
application/octet-stream

FileVersion
8.6

TimeStamp
2011:01:12 02:26:12+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Loch Crater Stove

ProductVersion
8.6

FileDescription
Sacred Walsh Azure

OSVersion
7.1

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
bigLasagne

CodeSize
98304

ProductName
Rand

ProductVersionNumber
8.6.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 c61999da05fe1d824ac2f565d2251a16
SHA1 7e4dc6ca98c0b42945a5ca21598e7c4224b0b112
SHA256 5ac94cf9b7c220ce7eb2a82102f9e30b2e433e8d13dcd7f3767a4fce9ea83606
ssdeep
3072:JgwWrXAMaD2/RYGIcGr7oaTjZk2vn2Qk8Eg2sou5g:CwwaDbdc45TjZkO2vfkoy

authentihash 39be316657edfdcd8e73e23e577650f96de81e36e56b6951eedada3d1e596f74
imphash 4f6c028f1894b5a1636f0a38d0560add
File size 98.0 KB ( 100352 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID UPX compressed Win32 Executable (40.0%)
Win32 EXE Yoda's Crypter (34.8%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
Win16/32 Executable Delphi generic (2.7%)
Tags
peexe usb-autorun upx

VirusTotal metadata
First submission 2012-03-05 11:51:26 UTC ( 6 years, 8 months ago )
Last submission 2016-01-13 00:10:12 UTC ( 2 years, 10 months ago )
File names 2012030
aa
00CC3B0F002AEEAB88EA0150956C740043583210.exe
5ac94cf9b7c220ce7eb2a82102f9e30b2e433e8d13dcd7f3767a4fce9ea83606.vir
DPYGRAPAES-940.pms.exe.SVD
40109cb.exe
Loch Crater Stove
Arpepe.exe
5ac94cf9b7c220ce7eb2a82102f9e30b2e433e8d13dcd7f3767a4fce9ea83606
c61999da05fe1d824ac2f565d2251a16
file
7lc42v.exe
ng4.exe
USPUnM8.vcf
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!