× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 62bde3bac3782d36f9f2e56db097a4672e70463e11971fad5de060b191efb196
File name: b6d700a58965692e92dce5dbc4323391.exe
Detection ratio: 39 / 47
Analysis date: 2013-11-09 16:12:34 UTC ( 5 months, 1 week ago )
Antivirus Result Update
AVG BackDoor.Generic15.BQMF 20131109
Agnitum Backdoor.Finfish!WTL5ZVLbFgg 20131109
AhnLab-V3 Backdoor/Win32.Finfish 20131109
AntiVir TR/Rootkit.Gen 20131109
Avast Win32:FinSpy-D [Trj] 20131109
Baidu-International Backdoor.Win32.Finfish.AX 20131109
BitDefender Trojan.Generic.KDV.692289 20131109
Bkav W32.Clod76a.Trojan.4832 20131109
Commtouch W32/Backdoor.CLPB-2084 20131109
Comodo Backdoor.Win32.Finfish.B 20131109
DrWeb Trojan.NtRootKit.14434 20131109
ESET-NOD32 Win32/Belesak.D 20131109
Emsisoft Trojan.Generic.KDV.692289 (B) 20131109
F-Secure Trojan:W32/FinSpy.B 20131109
Fortinet W32/Belesak.D 20131109
GData Trojan.Generic.KDV.692289 20131109
Ikarus Backdoor.Win32.Finfish 20131109
Jiangmin Backdoor/Finfish.a 20131109
K7AntiVirus Backdoor 20131108
K7GW Backdoor 20131108
Kaspersky Backdoor.Win32.Finfish.b 20131109
Kingsoft Win32.Hack.Finfish.b.(kcloud) 20130829
Malwarebytes Backdoor.Finfish 20131109
McAfee Artemis!0F8249A2593F 20131109
McAfee-GW-Edition Artemis!0F8249A2593F 20131109
MicroWorld-eScan Trojan.Generic.KDV.692289 20131109
Microsoft Trojan:WinNT/Spinfy.A 20131109
NANO-Antivirus Trojan.Win32.Finfish.wbhuj 20131109
Norman Troj_Generic.DJKVM 20131109
Panda Generic Trojan 20131109
Sophos Troj/FinFish-B 20131109
Symantec Backdoor.Finfish 20131109
TheHacker Backdoor/Finfish.b 20131107
TrendMicro TROJ_FINSPY.A 20131109
TrendMicro-HouseCall TROJ_FINSPY.A 20131109
VBA32 Backdoor.Finfish 20131108
VIPRE Trojan.Win32.Generic!BT 20131109
ViRobot Backdoor.Win32.A.Finfish.11008 20131109
nProtect Backdoor/W32.Finfish.11008 20131109
Antiy-AVL 20131107
ByteHero 20131105
CAT-QuickHeal 20131109
ClamAV 20131109
F-Prot 20131109
Rising 20131108
SUPERAntiSpyware 20131109
TotalDefense 20131108
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Native subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-03-07 11:37:07
Entry Point 0x00001985
Number of sections 6
PE sections
PE imports
KfRaiseIrql
ExReleaseFastMutex
ExAcquireFastMutex
KfLowerIrql
RtlInitUnicodeString
KeInitializeEvent
IoBuildSynchronousFsdRequest
memset
_wcsnicmp
_snwprintf
MmMapLockedPagesSpecifyCache
RtlUnwind
ObQueryNameString
IoCreateDevice
MmProbeAndLockPages
IoDeleteDevice
KeTickCount
_allmul
MmUnmapLockedPages
ZwQuerySymbolicLinkObject
IofCompleteRequest
IoDeleteSymbolicLink
IoFileObjectType
ProbeForWrite
ProbeForRead
ObReferenceObjectByHandle
KeWaitForSingleObject
IofCallDriver
ExFreePoolWithTag
PsGetCurrentThreadId
IoAllocateMdl
ZwOpenSymbolicLinkObject
IoGetAttachedDeviceReference
IoCreateSymbolicLink
ZwOpenFile
ZwOpenDirectoryObject
ExAllocatePoolWithTag
KeBugCheckEx
ObfDereferenceObject
ZwClose
ObfReferenceObject
IoFreeMdl
MmUnlockPages
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Native

MachineType
Intel 386 or later, and compatibles

TimeStamp
2012:03:07 12:37:07+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
8832

LinkerVersion
8.0

EntryPoint
0x1985

InitializedDataSize
1152

SubsystemVersion
5.0

ImageVersion
6.0

OSVersion
6.0

UninitializedDataSize
0

File identification
MD5 0f8249a2593f38c6bf54b6f366c0cac6
SHA1 ff96eddce7a7663677b80a93fc542db8b06ef6f8
SHA256 62bde3bac3782d36f9f2e56db097a4672e70463e11971fad5de060b191efb196
ssdeep
192:cjQ/nPVCoovDy17/Zs15fHaqIlB6pJqwSmX:c0nPz/ZIPaqIl+FSG

File size 10.8 KB ( 11008 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (native) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.3%)
Win32 Executable (generic) (26.2%)
Clipper DOS Executable (11.7%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe mz native

VirusTotal metadata
First submission 2012-05-09 09:50:16 UTC ( 1 year, 11 months ago )
Last submission 2013-11-09 16:12:34 UTC ( 5 months, 1 week ago )
File names 62bde3bac3782d36f9f2e56db097a4672e70463e11971fad5de060b191efb196
28B.exe
0f8249a2593f38c6bf54b6f366c0cac6.virus
b6d700a58965692e92dce5dbc4323391.exe
0f8249a2593f38c6bf54b6f366c0cac6
file-3918895_sys
vti-rescan
0F8249A2593F38C6BF54B6F366C0CAC6.exe
file-3918895.sys_
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!