× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 5b017461a2f2cd98c697bb57553623992f2cb8ec03d48c26c02bbadfc0197bde
File name: 195be4cd5add377ed45548e113c4ab40969dbb14
Detection ratio: 50 / 54
Analysis date: 2016-06-30 13:58:16 UTC ( 2 years, 9 months ago ) View latest
Antivirus Result Update
Ad-Aware Dropped:Worm.Generic.88044 20160701
AegisLab Troj.Dropper.W32.Flystud.yo!c 20160701
Yandex Backdoor.FlyAgent!AO9eix2g/ww 20160630
AhnLab-V3 Trojan/Win32.FlyStudio.N18548882 20160630
ALYac Dropped:Worm.Generic.88044 20160701
Antiy-AVL Trojan[Downloader]/Win32.FlyStudio 20160701
Arcabit Worm.Generic.D157EC 20160701
AVG Win32/Heur 20160701
AVware Trojan.Win32.Autorun.dm (v) 20160701
Baidu Win32.Backdoor.Flyagent.bt 20160630
BitDefender Dropped:Worm.Generic.88044 20160701
Bkav W32.FlyStudioTn.Heur 20160630
CAT-QuickHeal Backdoor.FlyAgent.F 20160630
ClamAV Win.Worm.FlyStudio-24 20160701
Comodo Worm.Win32.Autorun.ev0 20160701
Cyren W32/Nuj.A.gen!Eldorado 20160701
DrWeb Win32.HLLW.Autoruner.26035 20160701
Emsisoft Dropped:Worm.Generic.88044 (B) 20160701
ESET-NOD32 Win32/FlyStudio.NQC 20160701
F-Prot W32/Nuj.A.gen!Eldorado 20160701
F-Secure Trojan-Dropper:W32/Peed.gen!A 20160630
Fortinet W32/PckdFlyStudio.gen 20160701
GData Dropped:Worm.Generic.88044 20160701
Ikarus Trojan.Win32.FlyStudio 20160630
Jiangmin TrojanDropper.Flystud.agk 20160701
K7AntiVirus Trojan ( 001714231 ) 20160630
K7GW Trojan ( 001714231 ) 20160630
Kaspersky Trojan-Downloader.Win32.FlyStudio.kx 20160701
Kingsoft Win32.Troj.FakeFolderT.yo.1406378 20160701
McAfee W32/Autorun.worm.ev 20160701
McAfee-GW-Edition BehavesLike.Win32.Autorun.tc 20160630
Microsoft Backdoor:Win32/FlyAgent.F 20160701
eScan Dropped:Worm.Generic.88044 20160701
NANO-Antivirus Trojan.Win32.FlyStudio.dcayi 20160701
nProtect Trojan-Dropper/W32.FlyStudio.1404870 20160630
Panda Bck/Wutau.B 20160630
Qihoo-360 Win32/Trojan.229 20160701
Sophos AV Mal/EncPk-NB 20160701
SUPERAntiSpyware Trojan.Agent/Gen-Fly[Large] 20160630
Symantec W32.SillyFDC 20160630
Tencent Win32.Trojan.Fakedoc.Auto 20160701
TheHacker Trojan/Downloader.Flystudio.gen 20160630
TotalDefense Win32/Nuj.KG 20160701
TrendMicro WORM_AUTORUN.SMW 20160701
TrendMicro-HouseCall WORM_AUTORUN.SMW 20160701
VBA32 TrojanDownloader.FlyStudio 20160630
VIPRE Trojan.Win32.Autorun.dm (v) 20160701
ViRobot Trojan.Win32.A.Downloader.200704.JB[h] 20160701
Yandex Backdoor.FlyAgent!AO9eix2g/ww 20160630
Zillya Dropper.Flystud.Win32.1973 20160630
Alibaba 20160701
CMC 20160630
Malwarebytes 20160630
Zoner 20160701
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
Command PE-Crypt.CF
F-PROT PE-Crypt.CF
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1972-12-25 05:33:23
Entry Point 0x00001192
Number of sections 5
PE sections
Overlays
MD5 35011155218266717acac62c92a2e256
File type data
Offset 200704
Size 1204166
Entropy 8.00
PE imports
HeapFree
GetStdHandle
LCMapStringW
SetHandleCount
GetOEMCP
LCMapStringA
HeapDestroy
ExitProcess
GetEnvironmentStringsW
GetModuleFileNameA
RtlUnwind
LoadLibraryA
FreeEnvironmentStringsA
GetStartupInfoA
GetEnvironmentStrings
CreateDirectoryA
GetCPInfo
UnhandledExceptionFilter
MultiByteToWideChar
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
SetFilePointer
GetTempPathA
WideCharToMultiByte
GetStringTypeA
GetModuleHandleA
ReadFile
WriteFile
GetCurrentProcess
CloseHandle
GetACP
HeapReAlloc
GetStringTypeW
TerminateProcess
HeapCreate
VirtualFree
GetFileType
CreateFileA
HeapAlloc
GetVersion
VirtualAlloc
wsprintfA
MessageBoxA
Number of PE resources by type
RT_ICON 4
RT_GROUP_ICON 1
Number of PE resources by language
CHINESE SIMPLIFIED 5
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
1972:12:25 06:33:23+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
24576

LinkerVersion
4.0

EntryPoint
0x1192

InitializedDataSize
172032

SubsystemVersion
4.0

ImageVersion
1.0

OSVersion
4.0

UninitializedDataSize
0

Execution parents
File identification
MD5 903b5a7b09ba2c25643bebac75a97b7d
SHA1 195be4cd5add377ed45548e113c4ab40969dbb14
SHA256 5b017461a2f2cd98c697bb57553623992f2cb8ec03d48c26c02bbadfc0197bde
ssdeep
24576:GMEqOzh9rrgTUJPz/mlRrZ59Bawtb9TazCPuWXo7EPa3co6++P/a3sAiy2o0HHCf:GMOzh9ATUJUhZ5tNR9/3Pa3coP+PesAN

authentihash fab940c204159753ad5711d05534ad87ef7733a11ceaa17a55953ebd0b8f0abd
imphash 9165ea3e914e03bda3346f13edbd6ccd
File size 1.3 MB ( 1404870 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (64.5%)
Win32 Dynamic Link Library (generic) (13.6%)
Win32 Executable (generic) (9.3%)
Clipper DOS Executable (4.1%)
Generic Win/DOS Executable (4.1%)
Tags
peexe usb-autorun overlay

VirusTotal metadata
First submission 2009-06-15 20:28:07 UTC ( 9 years, 10 months ago )
Last submission 2017-05-22 10:36:59 UTC ( 1 year, 11 months ago )
File names .fseventsd.exe
file-4694232_exe
music.exe
Recycle.exe
Jornadas de Sevilla.exe
28_10_14.exe
MISC.exe
Waibstadt.ex
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!