× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 5b37a662d744a535228df0586a433e446e489d4fb2de297c56646722b544c48f
File name: index.html@getexe=gr.05.exe
Detection ratio: 46 / 52
Analysis date: 2014-06-03 21:08:00 UTC ( 4 years, 9 months ago )
Antivirus Result Update
Ad-Aware Worm.Generic.223714 20140603
Yandex Worm.Koobface!LqhyKiaon8M 20140602
AhnLab-V3 Win-Spyware/Agent.36864.AN 20140603
AntiVir TR/ATRAPS.Gen2 20140603
Avast Win32:Malware-gen 20140603
AVG Worm/Koobface.P 20140603
Baidu-International Worm.Win32.Koobface.Ah 20140603
BitDefender Worm.Generic.223714 20140603
Bkav W32.KoobFaceLC.Trojan 20140603
Commtouch W32/Worm.PJBQ-0303 20140603
Comodo NetWorm.Win32.Koobface.FI 20140603
DrWeb Win32.HLLW.Facebook.527 20140603
Emsisoft Worm.Generic.223714 (B) 20140603
ESET-NOD32 a variant of Win32/Koobface.NCN 20140603
F-Prot W32/Worm.BKSI 20140603
F-Secure Worm.Generic.223714 20140603
Fortinet W32/Koobface.CX!worm 20140603
GData Worm.Generic.223714 20140603
Ikarus Net-Worm.Win32.Koobface 20140603
Jiangmin Worm/Koobface.ajq 20140531
K7AntiVirus NetWorm ( 001086011 ) 20140603
K7GW NetWorm ( 001086011 ) 20140603
Kaspersky Net-Worm.Win32.Koobface.cup 20140603
Kingsoft Worm.Koobface.(kcloud) 20140603
Malwarebytes Worm.Koobface 20140603
McAfee Artemis!C1641A126247 20140603
McAfee-GW-Edition Artemis!C1641A126247 20140603
Microsoft Trojan:Win32/Koobface.gen!K 20140603
eScan Worm.Generic.223714 20140603
NANO-Antivirus Trojan.Win32.Koobface.bavpq 20140603
Norman Koobface.GXQ 20140603
nProtect Worm/W32.Koobface.36864.AA 20140603
Panda Trj/CI.A 20140603
Qihoo-360 Script/Backdoor.073 20140603
Rising PE:Trojan.Win32.Generic.11E3C1B7!300138935 20140603
Sophos AV Mal/Dial-V 20140603
SUPERAntiSpyware Trojan.Agent/Gen-Koobface 20140603
Symantec W32.Koobface.D 20140603
Tencent Win32.Worm-Net.Koobface.cvge 20140603
TheHacker W32/Koobface.cup 20140602
TotalDefense Win32/Koobface.JW 20140603
TrendMicro Mal_Koob-7 20140603
TrendMicro-HouseCall Mal_Koob-7 20140603
VBA32 Worm.Koobface 20140603
VIPRE Trojan.Win32.Generic!BT 20140603
ViRobot Worm.Win32.Net-Koobface.36078 20140603
AegisLab 20140603
Antiy-AVL 20140603
ByteHero 20140603
CAT-QuickHeal 20140603
ClamAV 20140603
CMC 20140530
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
PEiD UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2009-12-28 14:13:43
Entry Point 0x0001E5C0
Number of sections 3
PE sections
PE imports
RegCloseKey
VirtualFree
ExitProcess
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
??0_Lockit@std@@QAE@XZ
SysAllocStringLen
SHGetSpecialFolderPathA
StrTrimA
GetWindow
FindCloseUrlCache
CoInitialize
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2009:12:28 15:13:43+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
36864

LinkerVersion
6.0

FileAccessDate
2014:06:03 22:03:26+01:00

EntryPoint
0x1e5c0

InitializedDataSize
4096

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

FileCreateDate
2014:06:03 22:03:26+01:00

UninitializedDataSize
86016

File identification
MD5 c1641a1262475f2d9e85855dde700972
SHA1 d8f54595dbf6dd0493220225d42f6e2d235ea4fb
SHA256 5b37a662d744a535228df0586a433e446e489d4fb2de297c56646722b544c48f
ssdeep
768:pkBM45J7CY2DgkRYn4pp4hpq9NtpGM4lb9SznNKxIWhn/RZaUD:aBM4PGJDgkRM4mMjEll4U6IJZaUD

imphash f59ae797be476c1c3b94ae61d2d6c1bd
File size 36.0 KB ( 36864 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID UPX compressed Win32 Executable (42.3%)
Win32 EXE Yoda's Crypter (36.7%)
Win32 Dynamic Link Library (generic) (9.1%)
Win32 Executable (generic) (6.2%)
Generic Win/DOS Executable (2.7%)
Tags
peexe upx

VirusTotal metadata
First submission 2009-12-31 12:45:48 UTC ( 9 years, 2 months ago )
Last submission 2014-06-03 21:08:00 UTC ( 4 years, 9 months ago )
File names index.html@getexe=gr.05.exe
d8f54595dbf6dd0493220225d42f6e2d235ea4fb_index.ex
Bibu.bin
aa
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Behaviour characterization
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!