× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 618d1eaf7f183aa48c07050b7364d5b66e91a9b9e4d41ffd66497b7f5db761d7
File name: dropper.exe
Detection ratio: 5 / 42
Analysis date: 2012-04-05 12:18:25 UTC ( 6 years, 10 months ago ) View latest
Antivirus Result Update
AhnLab-V3 Trojan/Win32.Zbot 20120404
BitDefender Trojan.Generic.KD.589531 20120405
Fortinet W32/Zbot.RO!tr 20120405
GData Trojan.Generic.KD.589531 20120405
SUPERAntiSpyware Trojan.Agent/Gen-FakeAlert 20120402
AntiVir 20120405
Antiy-AVL 20120403
Avast 20120405
AVG 20120405
ByteHero 20120404
CAT-QuickHeal 20120405
ClamAV 20120405
Commtouch 20120405
Comodo 20120405
DrWeb 20120405
Emsisoft 20120405
eSafe 20120404
eTrust-Vet 20120405
F-Prot 20120405
F-Secure 20120405
Ikarus 20120405
Jiangmin 20120331
K7AntiVirus 20120404
Kaspersky 20120405
McAfee 20120405
McAfee-GW-Edition 20120404
Microsoft 20120405
NOD32 20120405
Norman 20120405
nProtect 20120405
Panda 20120405
PCTools 20120405
Rising 20120405
Sophos AV 20120405
Symantec 20120405
TheHacker 20120405
TrendMicro 20120405
TrendMicro-HouseCall 20120405
VBA32 20120405
VIPRE 20120405
ViRobot 20120405
VirusBuster 20120404
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1992-06-19 22:22:17
Entry Point 0x0002C43C
Number of sections 6
PE sections
Overlays
MD5 517e5d8fadc61dc77f3b9ebeb366d3f4
File type data
Offset 197120
Size 512
Entropy 7.64
PE imports
RestoreLastError
OpenFile
SetProcessWorkingSetSize
GetTempPathA
SetFileShortNameW
FlushConsoleInputBuffer
CompareFileTime
LocalAlloc
CancelDeviceWakeupRequest
LoadLibraryW
GetSystemWow64DirectoryW
GetConsoleTitleW
WriteConsoleOutputW
ReplaceFile
SetInformationJobObject
SystemTimeToTzSpecificLocalTime
CreateDialogParamW
SetWindowWord
GetMenuStringW
SetWindowTextA
EmptyClipboard
SetParent
SetMenuItemBitmaps
SendMessageCallbackA
LoadKeyboardLayoutW
BroadcastSystemMessageA
SetDlgItemInt
CallWindowProcA
SetWindowLongA
SetMenuContextHelpId
ShowWindow
PrivateExtractIconsA
ActivateKeyboardLayout
DeleteMenu
WindowFromDC
VerFindFileW
WTSVirtualChannelOpen
Number of PE resources by type
RT_DIALOG 4
RT_RCDATA 1
Number of PE resources by language
ENGLISH US 4
NEUTRAL 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
1992:06:19 23:22:17+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
178176

LinkerVersion
8.0

ImageFileCharacteristics
Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi

EntryPoint
0x2c43c

InitializedDataSize
17920

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 42ddf04f7c2e0b9d7f76b332a549ebe6
SHA1 b93fef9341ecfb955b368d8cfc39ddce2870b166
SHA256 618d1eaf7f183aa48c07050b7364d5b66e91a9b9e4d41ffd66497b7f5db761d7
ssdeep
3072:aNWx3B4qIMgmvPc1Ve9FH/AbPswbIm2f8xrSNlPwYi+utLnb2RTM4:aNWxasgycveHHQvY8ETPVeLnb2S4

authentihash 7f1aea62df26bb1f9a38fbc47f9c079d58adb7781bd0ff01edc772eb48fa78cf
imphash 809db670a41fb5df8d6de5503227a9c7
File size 193.0 KB ( 197632 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (34.2%)
Win32 Executable (generic) (23.4%)
Win16/32 Executable Delphi generic (10.7%)
OS/2 Executable (generic) (10.5%)
Generic Win/DOS Executable (10.4%)
Tags
peexe overlay

VirusTotal metadata
First submission 2012-04-05 07:18:18 UTC ( 6 years, 10 months ago )
Last submission 2019-01-28 07:53:21 UTC ( 3 weeks, 4 days ago )
File names UBsgl8fwa.dll
42ddf04f7c2e0b9d7f76b332a549ebe6_musiconlineshop24h.com_c5826
42DDF04F7C2E0B9D7F76B332A549EBE6
aa
004303638
1333626566.tax-report-24898.pdf.exe
42ddf04f7c2e0b9d7f76b332a549ebe6
DL_jdpx.fon
tax-report-24898.pdf.exe
618d1eaf7f183aa48c07050b7364d5b66e91a9b9e4d41ffd66497b7f5db761d7.bin
dropper.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!