× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 62bde3bac3782d36f9f2e56db097a4672e70463e11971fad5de060b191efb196
File name: 62bde3bac3782d36f9f2e56db097a4672e70463e11971fad5de060b191efb196.bin
Detection ratio: 44 / 53
Analysis date: 2016-03-04 14:59:43 UTC ( 2 months, 3 weeks ago )
Antivirus Result Update
ALYac Trojan.Generic.KDV.692289 20160304
AVG BackDoor.Generic15.BQMF 20160304
AVware Trojan.Win32.Generic!BT 20160304
Ad-Aware Trojan.Generic.KDV.692289 20160304
AegisLab Backdoor.W32.Finfish.b!c 20160304
Yandex Backdoor.Finfish!WTL5ZVLbFgg 20160303
Arcabit Trojan.Generic.KDV.DA9041 20160304
Avast Win32:FinSpy-D [Trj] 20160304
Baidu-International Backdoor.Win32.Finfish.b 20160304
BitDefender Trojan.Generic.KDV.692289 20160304
CAT-QuickHeal Backdoor.Finfish.r6 20160304
CMC Backdoor.Win32.Finfish!O 20160303
Comodo Backdoor.Win32.Finfish.B 20160304
Cyren W32/Backdoor.CLPB-2084 20160304
DrWeb Trojan.NtRootKit.14434 20160304
ESET-NOD32 Win32/Belesak.D 20160304
Emsisoft Trojan.Generic.KDV.692289 (B) 20160304
F-Secure Trojan:W32/FinSpy.B 20160304
Fortinet W32/Belesak.D 20160304
GData Trojan.Generic.KDV.692289 20160304
Ikarus Backdoor.Win32.Finfish 20160304
Jiangmin Backdoor/Finfish.a 20160304
K7AntiVirus Trojan ( 003c25771 ) 20160304
K7GW Trojan ( 003c25771 ) 20160304
Kaspersky Backdoor.Win32.Finfish.b 20160304
McAfee RDN/Generic BackDoor 20160304
McAfee-GW-Edition RDN/Generic BackDoor 20160304
eScan Trojan.Generic.KDV.692289 20160304
Microsoft Trojan:WinNT/Spinfy.A 20160304
NANO-Antivirus Trojan.Win32.Finfish.wbhuj 20160304
Panda Generic Malware 20160304
Qihoo-360 Malware.Radar01.Gen 20160304
Rising PE:Malware.Generic/QRS!1.9E2D [F] 20160304
Sophos Troj/FinFish-B 20160304
Symantec Backdoor.Finfish 20160303
Tencent Win32.Backdoor.Finfish.Iso 20160304
TheHacker Backdoor/Finfish.b 20160302
TrendMicro TROJ_FINSPY.A 20160304
TrendMicro-HouseCall TROJ_FINSPY.A 20160304
VBA32 Backdoor.Finfish 20160304
VIPRE Trojan.Win32.Generic!BT 20160304
ViRobot Trojan.Win32.Z.Finfish.11008[h] 20160304
Zillya Backdoor.Finfish.Win32.1 20160303
nProtect Backdoor/W32.Finfish.11008 20160304
AhnLab-V3 20160304
Alibaba 20160304
Bkav 20160304
ByteHero 20160304
ClamAV 20160304
F-Prot 20160304
Malwarebytes 20160304
SUPERAntiSpyware 20160304
Zoner 20160304
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Native subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-03-07 11:37:07
Entry Point 0x00001985
Number of sections 6
PE sections
PE imports
KfRaiseIrql
ExReleaseFastMutex
ExAcquireFastMutex
KfLowerIrql
RtlInitUnicodeString
KeInitializeEvent
IoBuildSynchronousFsdRequest
memset
_wcsnicmp
_snwprintf
MmMapLockedPagesSpecifyCache
RtlUnwind
ObQueryNameString
IoCreateDevice
MmProbeAndLockPages
IoDeleteDevice
KeTickCount
_allmul
MmUnmapLockedPages
ZwQuerySymbolicLinkObject
IofCompleteRequest
IoDeleteSymbolicLink
IoFileObjectType
ProbeForWrite
ProbeForRead
ObReferenceObjectByHandle
KeWaitForSingleObject
IofCallDriver
ExFreePoolWithTag
PsGetCurrentThreadId
IoAllocateMdl
ZwOpenSymbolicLinkObject
IoGetAttachedDeviceReference
IoCreateSymbolicLink
ZwOpenFile
ZwOpenDirectoryObject
ExAllocatePoolWithTag
KeBugCheckEx
ObfDereferenceObject
ZwClose
ObfReferenceObject
IoFreeMdl
MmUnlockPages
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Native

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2012:03:07 12:37:07+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
8832

LinkerVersion
8.0

EntryPoint
0x1985

InitializedDataSize
1152

SubsystemVersion
5.0

ImageVersion
6.0

OSVersion
6.0

UninitializedDataSize
0

File identification
MD5 0f8249a2593f38c6bf54b6f366c0cac6
SHA1 ff96eddce7a7663677b80a93fc542db8b06ef6f8
SHA256 62bde3bac3782d36f9f2e56db097a4672e70463e11971fad5de060b191efb196
ssdeep
192:cjQ/nPVCoovDy17/Zs15fHaqIlB6pJqwSmX:c0nPz/ZIPaqIl+FSG

authentihash aff298965ee77cc414c4a19341eed28c2ae90f8fce68f077129aeaf5caa44cf4
imphash 6760ccb6fa61ffcce97ba2399a9a3a7a
File size 10.8 KB ( 11008 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (native) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.3%)
Win32 Executable (generic) (26.3%)
Clipper DOS Executable (11.7%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe native

VirusTotal metadata
First submission 2012-05-09 09:50:16 UTC ( 4 years ago )
Last submission 2016-03-04 14:59:43 UTC ( 2 months, 3 weeks ago )
File names 62bde3bac3782d36f9f2e56db097a4672e70463e11971fad5de060b191efb196
62bde3bac3782d36f9f2e56db097a4672e70463e11971fad5de060b191efb196.bin
0f8249a2593f38c6bf54b6f366c0cac6.virus
b6d700a58965692e92dce5dbc4323391.exe
0f8249a2593f38c6bf54b6f366c0cac6
file-3918895_sys
vti-rescan
0F8249A2593F38C6BF54B6F366C0CAC6.exe
file-3918895.sys_
28B.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!