| SHA256: | 618d1eaf7f183aa48c07050b7364d5b66e91a9b9e4d41ffd66497b7f5db761d7 |
| File name: | dropper.exe |
| Detection ratio: | 5 / 42 |
| Analysis date: | 2012-04-05 12:18:25 UTC ( 6 years, 10 months ago ) View latest |
| Antivirus | Result | Update |
|---|---|---|
| AhnLab-V3 | Trojan/Win32.Zbot | 20120404 |
| BitDefender | Trojan.Generic.KD.589531 | 20120405 |
| Fortinet | W32/Zbot.RO!tr | 20120405 |
| GData | Trojan.Generic.KD.589531 | 20120405 |
| SUPERAntiSpyware | Trojan.Agent/Gen-FakeAlert | 20120402 |
| AntiVir | 20120405 | |
| Antiy-AVL | 20120403 | |
| Avast | 20120405 | |
| AVG | 20120405 | |
| ByteHero | 20120404 | |
| CAT-QuickHeal | 20120405 | |
| ClamAV | 20120405 | |
| Commtouch | 20120405 | |
| Comodo | 20120405 | |
| DrWeb | 20120405 | |
| Emsisoft | 20120405 | |
| eSafe | 20120404 | |
| eTrust-Vet | 20120405 | |
| F-Prot | 20120405 | |
| F-Secure | 20120405 | |
| Ikarus | 20120405 | |
| Jiangmin | 20120331 | |
| K7AntiVirus | 20120404 | |
| Kaspersky | 20120405 | |
| McAfee | 20120405 | |
| McAfee-GW-Edition | 20120404 | |
| Microsoft | 20120405 | |
| NOD32 | 20120405 | |
| Norman | 20120405 | |
| nProtect | 20120405 | |
| Panda | 20120405 | |
| PCTools | 20120405 | |
| Rising | 20120405 | |
| Sophos AV | 20120405 | |
| Symantec | 20120405 | |
| TheHacker | 20120405 | |
| TrendMicro | 20120405 | |
| TrendMicro-HouseCall | 20120405 | |
| VBA32 | 20120405 | |
| VIPRE | 20120405 | |
| ViRobot | 20120405 | |
| VirusBuster | 20120404 |
The file being studied is a Portable Executable file!
More specifically, it is a Win32 EXE
file
for the Windows GUI subsystem.
FileVersionInfo properties
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1992-06-19 22:22:17
Entry Point 0x0002C43C
Number of sections 6
PE sections
Overlays
MD5 517e5d8fadc61dc77f3b9ebeb366d3f4
File type data
Offset 197120
Size 512
Entropy 7.64
PE imports
Number of PE resources by type
RT_DIALOG 4
RT_RCDATA 1
Number of PE resources by language
ENGLISH US 4
NEUTRAL 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream
Subsystem
Windows GUI
MachineType
Intel 386 or later, and compatibles
FileTypeExtension
exe
TimeStamp
1992:06:19 23:22:17+01:00
FileType
Win32 EXE
PEType
PE32
CodeSize
178176
LinkerVersion
8.0
ImageFileCharacteristics
Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi
EntryPoint
0x2c43c
InitializedDataSize
17920
SubsystemVersion
4.0
ImageVersion
0.0
OSVersion
4.0
UninitializedDataSize
0
File identification
MD5 42ddf04f7c2e0b9d7f76b332a549ebe6
SHA1 b93fef9341ecfb955b368d8cfc39ddce2870b166
SHA256 618d1eaf7f183aa48c07050b7364d5b66e91a9b9e4d41ffd66497b7f5db761d7
ssdeep
3072:aNWx3B4qIMgmvPc1Ve9FH/AbPswbIm2f8xrSNlPwYi+utLnb2RTM4:aNWxasgycveHHQvY8ETPVeLnb2S4
File size
193.0 KB ( 197632 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit
| TrID |
Win32 Dynamic Link Library (generic) (34.2%) Win32 Executable (generic) (23.4%) Win16/32 Executable Delphi generic (10.7%) OS/2 Executable (generic) (10.5%) Generic Win/DOS Executable (10.4%) |
Tags
peexe
overlay
VirusTotal metadata
First submission
2012-04-05 07:18:18 UTC ( 6 years, 10 months ago )
Last submission
2019-01-28 07:53:21 UTC ( 3 weeks, 4 days ago )
| File names |
UBsgl8fwa.dll 42ddf04f7c2e0b9d7f76b332a549ebe6_musiconlineshop24h.com_c5826 42DDF04F7C2E0B9D7F76B332A549EBE6 aa 004303638 1333626566.tax-report-24898.pdf.exe 42ddf04f7c2e0b9d7f76b332a549ebe6 DL_jdpx.fon tax-report-24898.pdf.exe 618d1eaf7f183aa48c07050b7364d5b66e91a9b9e4d41ffd66497b7f5db761d7.bin dropper.exe |
Advanced heuristic and reputation engines
Symantec reputation
Suspicious.Insight
No comments.
No VirusTotal Community member has commented on this item yet, be the first one to do so!
You have not signed in. Only registered users can leave comments, sign in and have a voice!
No votes.
No one has voted on this item yet, be the first one to do so!