× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 618050a9b98ecdb50c8230fb042d1a1b63db3b2765f1856f68056dbeac54b96a
File name: 0642174fc75d1247876b5a6af81123515bc1f910_yihahago.ex
Detection ratio: 46 / 57
Analysis date: 2015-03-16 19:45:15 UTC ( 2 years, 8 months ago )
Antivirus Result Update
Ad-Aware Generic.Malware.SFYBdC.D6A45DF7 20150316
Yandex Trojan.DL.Delf!my3vhpa6ExA 20150316
AhnLab-V3 Win-Trojan/Genome.296960.D 20150316
ALYac Generic.Malware.SFYBdC.D6A45DF7 20150316
Avast Win32:Malware-gen 20150316
AVG Downloader.Generic9.BPXY 20150316
Avira (no cloud) ADSPY/AdSpy.Gen2 20150316
AVware Trojan.Win32.Generic!BT 20150316
Baidu-International Trojan.Win32.Genome.AxxJ 20150316
BitDefender Generic.Malware.SFYBdC.D6A45DF7 20150316
ByteHero Virus.Win32.Heur.l 20150316
Comodo UnclassifiedMalware 20150316
Cyren W32/D_Downloader!GSA 20150316
DrWeb Trojan.DownLoad1.58980 20150316
Emsisoft Generic.Malware.SFYBdC.D6A45DF7 (B) 20150316
ESET-NOD32 Win32/TrojanDownloader.Delf.PFY 20150316
F-Prot W32/D_Downloader!GSA 20150316
F-Secure Generic.Malware.SFYBdC.D6A45DF7 20150316
GData Generic.Malware.SFYBdC.D6A45DF7 20150316
Ikarus not-a-virus:RiskTool.Win32.Agent 20150316
Jiangmin TrojanClicker.Delf.cgy 20150316
K7AntiVirus Trojan ( 7000000f1 ) 20150316
K7GW Trojan ( 7000000f1 ) 20150316
Kaspersky Trojan-Clicker.Win32.Delf.doz 20150316
Kingsoft Win32.TrojDownloader.Genome.(kcloud) 20150316
Malwarebytes Virus.Induc 20150316
McAfee Artemis!9A2DCA73CD9B 20150316
McAfee-GW-Edition BehavesLike.Win32.Ipamor.dc 20150316
Microsoft TrojanDownloader:Win32/Tearspear.L 20150316
eScan Generic.Malware.SFYBdC.D6A45DF7 20150316
NANO-Antivirus Trojan.Win32.Genome.tjzn 20150316
Norman Delf.A!genr 20150316
nProtect Trojan/W32.Agent.296960.AV 20150316
Panda Trj/CI.A 20150316
Qihoo-360 Win32/Trojan.Clicker.4b6 20150316
Rising PE:Trojan.Win32.Generic.11ED1633!300750387 20150316
Sophos AV Mal/Behav-141 20150316
SUPERAntiSpyware Trojan.Agent/Gen 20150315
Symantec SecurityRisk.Downldr 20150316
Tencent Win32.Trojan.Delf.Htcf 20150316
TotalDefense Win32/ASuspect.HDBCP 20150316
TrendMicro BKDR_AGENT.ZA 20150316
TrendMicro-HouseCall BKDR_AGENT.ZA 20150316
VIPRE Trojan.Win32.Generic!BT 20150316
ViRobot Trojan.Win32.S.Genome.296960.C[h] 20150316
Zillya Downloader.Genome.Win32.17863 20150316
AegisLab 20150316
Alibaba 20150316
Antiy-AVL 20150316
Bkav 20150314
CAT-QuickHeal 20150316
ClamAV 20150315
CMC 20150316
Fortinet 20150316
TheHacker 20150316
VBA32 20150315
Zoner 20150316
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
Command Aspack
F-PROT Aspack
PEiD ASPack v2.12
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1992-06-19 22:22:17
Entry Point 0x000D3001
Number of sections 10
PE sections
PE imports
RegSetValueExA
RegQueryValueExA
ImageList_SetIconSize
UnrealizeObject
GetProcAddress
GetModuleHandleA
LoadLibraryA
CreateStreamOnHGlobal
GetErrorInfo
SysFreeString
SafeArrayPtrOfIndex
RasGetProjectionInfoA
Shell_NotifyIconA
URLDownloadToFileA
CreateWindowExA
GetKeyboardType
VerQueryValueA
InternetCheckConnectionA
WSACleanup
Number of PE resources by type
RT_BITMAP 29
RT_STRING 26
RT_GROUP_CURSOR 7
RT_CURSOR 7
RT_RCDATA 4
RT_ICON 2
RT_DIALOG 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 73
CHINESE SIMPLIFIED 3
ENGLISH US 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
1992:06:19 23:22:17+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
702976

LinkerVersion
2.25

EntryPoint
0xd3001

InitializedDataSize
130560

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 9a2dca73cd9b82c483833ac8ff37fc8d
SHA1 0642174fc75d1247876b5a6af81123515bc1f910
SHA256 618050a9b98ecdb50c8230fb042d1a1b63db3b2765f1856f68056dbeac54b96a
ssdeep
6144:kb+PCNiDDaW5d3yS8h8llpbEo4fWM+8wIjDG5u38+d6WTsxRN:kZYDaW5lyS8h81oN+l8wIj/hdNTsr

authentihash ee14170717941d9a993ed4a3be6eb809986abfa049a6d0f860f24cc924532377
imphash 84ca82cdf30e9a2163b0f7aa9f792bf4
File size 290.0 KB ( 296960 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.3%)
Win32 Executable (generic) (26.2%)
Win16/32 Executable Delphi generic (12.0%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe aspack

VirusTotal metadata
First submission 2010-04-15 10:46:39 UTC ( 7 years, 7 months ago )
Last submission 2015-03-16 19:45:15 UTC ( 2 years, 8 months ago )
File names j12eOqSHL.zip
9A2DCA73CD9B82C483833AC8FF37FC8D
aa
0642174fc75d1247876b5a6af81123515bc1f910_yihahago.ex
9a2dca73cd9b82c483833ac8ff37fc8d
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!