× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 6016a18e47d6c3fb9b71a1203b74b13c52f394cb8cd2602c34ec26cf540e2ed4
File name: 36975d5b35fa74a40bf67faff90186f77ba124bd
Detection ratio: 26 / 55
Analysis date: 2014-09-05 21:07:16 UTC ( 2 years, 7 months ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKD.1814374 20140905
Yandex Trojan.Injector!QmWdfxUHpek 20140905
AVG Inject2.AQSB 20140905
AVware Win32.Malware!Drop 20140905
BitDefender Trojan.GenericKD.1814374 20140905
CAT-QuickHeal Trojan.Inject.r4 20140904
Comodo UnclassifiedMalware 20140905
Emsisoft Trojan.GenericKD.1814374 (B) 20140905
ESET-NOD32 NSIS/Agent.NBL 20140905
F-Secure Trojan.GenericKD.1814374 20140905
GData Trojan.GenericKD.1814374 20140905
Ikarus Trojan.Win32.Injector 20140905
Kaspersky Trojan.Win32.Inject.oyco 20140905
Malwarebytes Trojan.Dropper.ED 20140905
McAfee Artemis!31EC5A260A55 20140905
eScan Trojan.GenericKD.1814374 20140905
NANO-Antivirus Trojan.Win32.BJKN.debpii 20140905
nProtect Trojan.GenericKD.1814374 20140905
Panda Trj/CI.A 20140905
Qihoo-360 Malware.QVM20.Gen 20140905
Sophos Mal/Generic-S 20140905
SUPERAntiSpyware Trojan.Agent/Gen.Symmi 20140905
TrendMicro TSPY_ZBOT.APSS 20140905
TrendMicro-HouseCall TSPY_ZBOT.APSS 20140905
VBA32 Trojan.Inject 20140905
VIPRE Win32.Malware!Drop 20140905
AegisLab 20140905
AhnLab-V3 20140905
Antiy-AVL 20140905
Avast 20140905
Avira (no cloud) 20140905
Baidu-International 20140905
Bkav 20140904
ByteHero 20140905
ClamAV 20140905
CMC 20140904
Cyren 20140905
DrWeb 20140905
F-Prot 20140905
Fortinet 20140905
Jiangmin 20140904
K7AntiVirus 20140905
K7GW 20140905
Kingsoft 20140905
McAfee-GW-Edition 20140905
Microsoft 20140905
Norman 20140905
Rising 20140905
Symantec 20140905
Tencent 20140905
TheHacker 20140905
TotalDefense 20140905
ViRobot 20140905
Zillya 20140904
Zoner 20140905
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file.
FileVersionInfo properties
Copyright
Copyright (C) Loudspeakers 1997-2009

Publisher Loudspeakers
Product Seminarians
File version 1.2.8.8
Description The multiform decor beside the bonzes
Packers identified
F-PROT NSIS
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-05-11 20:03:36
Entry Point 0x00003217
Number of sections 5
PE sections
Number of PE resources by type
RT_ICON 3
RT_DIALOG 3
RT_GROUP_ICON 1
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 8
NEUTRAL 1
PE resources
File identification
MD5 ecd486d29ee1dd07f43ff69fba86d65a
SHA1 a5f93fa02e1029d4003f31b7d6b933ab356dbb08
SHA256 6016a18e47d6c3fb9b71a1203b74b13c52f394cb8cd2602c34ec26cf540e2ed4
ssdeep
6144:kDpoeR9LFDd0w3QEpDsnwK5+3kAN8F99M22D4T43uciagyup+1dw:C9hh0w3QEKhiWV2ETXciagy8Adw

imphash 59a4a44a250c4cf4f2d9de2b3fe5d95f
File size 303.8 KB ( 311046 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID NSIS - Nullsoft Scriptable Install System (94.8%)
Win32 Executable MS Visual C++ (generic) (3.4%)
Win32 Dynamic Link Library (generic) (0.7%)
Win32 Executable (generic) (0.5%)
Generic Win/DOS Executable (0.2%)
Tags
nsis peexe

VirusTotal metadata
First submission 2014-09-05 21:07:16 UTC ( 2 years, 7 months ago )
Last submission 2014-09-05 21:07:16 UTC ( 2 years, 7 months ago )
File names 36975d5b35fa74a40bf67faff90186f77ba124bd
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Moved files
Deleted files
Created processes
Code injections in the following processes
Opened mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.