× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 5c56cae369d64c0738b0e421a51a40eebf9935bacb9ce73c0db38c3b7ff878fd
File name: 69 (150)
Detection ratio: 35 / 43
Analysis date: 2012-03-24 18:18:06 UTC ( 7 years ago )
Antivirus Result Update
AhnLab-V3 Dropper/Malware.1529856 20120324
AntiVir TR/Crypt.XPACK.Gen 20120323
Avast Win32:Malware-gen 20120324
AVG Win32/Heri 20120324
BitDefender Gen:Variant.Oficla.12 20120324
Comodo Heur.Suspicious 20120324
DrWeb Trojan.MulDrop.54863 20120324
Emsisoft Trojan.Win32.FakeAV!IK 20120324
eSafe Win32.BDSTDSS 20120322
eTrust-Vet Win32/Zbot.R!generic 20120323
F-Secure Gen:Variant.Oficla.12 20120324
Fortinet W32/Zbot.RP!tr 20120324
GData Gen:Variant.Oficla.12 20120324
Ikarus Trojan.Win32.FakeAV 20120324
Jiangmin Trojan/FraudPack.icw 20120324
K7AntiVirus Trojan 20120323
Kaspersky Trojan.Win32.FraudPack.cfxx 20120324
McAfee Artemis!5C1F20B7958C 20120324
McAfee-GW-Edition Artemis!5C1F20B7958C 20120323
Microsoft TrojanDropper:Win32/Microjoin.gen!B 20120324
NOD32 a variant of Win32/Kryptik.HIM 20120324
Norman W32/Microjoin.EUY 20120324
nProtect Trojan/W32.FraudPack.1529856 20120324
Panda Suspicious file 20120324
PCTools Trojan.Gen 20120323
Rising Trojan.Win32.Generic.1250D34D 20120323
Sophos AV Mal/EncPk-RP 20120324
Symantec Trojan.Gen 20120324
TheHacker Trojan/FraudPack.cfxx 20120324
TrendMicro TROJ_MICROJOI.DR 20120324
TrendMicro-HouseCall TROJ_MICROJOI.DR 20120324
VBA32 Trojan.ExpProc.014 20120323
VIPRE Trojan.Win32.Kryptik.agfl (v) 20120324
ViRobot Trojan.Win32.S.FraudPack.1529856 20120324
VirusBuster Trojan.FraudPack!00Of2e6rBTg 20120323
Antiy-AVL 20120324
ByteHero 20120319
CAT-QuickHeal 20120324
ClamAV 20120324
Commtouch 20120323
F-Prot 20120323
Prevx 20120324
SUPERAntiSpyware 20120323
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Number of sections 4
PE sections
PE imports
CreateSecurityPage
RegDeleteValueW, EqualSid, RegCreateKeyW, RegOpenKeyExA, RegQueryInfoKeyW, GetLengthSid
lstrlenW, SetFileTime, GetModuleFileNameA, GetACP, ExpandEnvironmentStringsW, LoadLibraryA, GetFileType, GetSystemInfo, FreeEnvironmentStringsA, GetVersion, GetCurrentDirectoryW, IsDebuggerPresent, SetUnhandledExceptionFilter, GetSystemTimeAsFileTime, LockResource, GetVersionExW, LCMapStringA, SearchPathW, GetCurrentThread, GetCurrentProcess, ExpandEnvironmentStringsA, UnhandledExceptionFilter, TlsFree, VirtualAlloc, GetLocaleInfoA, ExitProcess, FormatMessageA, GlobalFree, SetHandleCount, LocalFileTimeToFileTime, lstrlenA, VirtualFree, InterlockedDecrement, DeleteCriticalSection, RtlUnwind, GetProcAddress
__2@YAPAXI@Z, _onexit, __dllonexit, wcstoul, wcschr
ShowWindow, SetWindowsHookExW, LoadCursorA, PostQuitMessage, DispatchMessageW, RegisterClassExW, GetClientRect, UnhookWindowsHookEx
VerQueryValueW
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2006:05:03 00:54:08+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
688128

LinkerVersion
7.0

Warning
Possibly corrupt Version resource

EntryPoint
0xa84bc

InitializedDataSize
843264

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 5c1f20b7958cbe1f9856355703a0f930
SHA1 9b951b36b17727c00ffb7f8750b0ebc7e597b514
SHA256 5c56cae369d64c0738b0e421a51a40eebf9935bacb9ce73c0db38c3b7ff878fd
ssdeep
24576:tXHzX1V88eE+VJsBOvCSxBs+xsLjeS9todT+Z5+Aeb8ril6gU2wEBqg:tXZbbq6OvxxnxEeS9tmEf3fEBq

File size 1.5 MB ( 1529856 bytes )
File type Win32 EXE
Magic literal
MS-DOS executable PE for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
VirusTotal metadata
First submission 2010-10-18 16:23:46 UTC ( 8 years, 6 months ago )
Last submission 2012-03-24 18:18:06 UTC ( 7 years ago )
File names 45 (2)
_Qr9enNB.fon
69 (150)
aa
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!