× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 62bde3bac3782d36f9f2e56db097a4672e70463e11971fad5de060b191efb196
File name: b6d700a58965692e92dce5dbc4323391.exe
Detection ratio: 44 / 57
Analysis date: 2015-08-26 06:20:27 UTC ( 1 week ago )
Antivirus Result Update
ALYac Trojan.Generic.KDV.692289 20150826
AVG BackDoor.Generic15.BQMF 20150826
AVware Trojan.Win32.Generic!BT 20150826
Ad-Aware Trojan.Generic.KDV.692289 20150826
Agnitum Backdoor.Finfish!WTL5ZVLbFgg 20150826
Antiy-AVL Trojan[Backdoor]/Win32.Finfish 20150826
Arcabit Trojan.Generic.KDV.DA9041 20150826
Avast Win32:FinSpy-D [Trj] 20150826
Avira TR/Rootkit.Gen 20150826
Baidu-International Backdoor.Win32.Finfish.b 20150826
BitDefender Trojan.Generic.KDV.692289 20150826
CAT-QuickHeal Backdoor.Finfish.r6 20150826
CMC Backdoor.Win32.Finfish!O 20150826
Comodo Backdoor.Win32.Finfish.B 20150826
Cyren W32/Backdoor.CLPB-2084 20150826
DrWeb Trojan.NtRootKit.14434 20150826
ESET-NOD32 Win32/Belesak.D 20150826
Emsisoft Trojan.Generic.KDV.692289 (B) 20150826
F-Secure Trojan:W32/FinSpy.B 20150826
Fortinet W32/Belesak.D 20150826
GData Trojan.Generic.KDV.692289 20150826
Ikarus Backdoor.Win32.Finfish 20150826
Jiangmin Backdoor/Finfish.a 20150823
K7AntiVirus Trojan ( 003c25771 ) 20150826
K7GW Trojan ( 003c25771 ) 20150826
Kaspersky Backdoor.Win32.Finfish.b 20150826
Kingsoft Win32.Hack.Finfish.b.(kcloud) 20150826
McAfee RDN/Generic BackDoor 20150826
McAfee-GW-Edition RDN/Generic BackDoor 20150826
MicroWorld-eScan Trojan.Generic.KDV.692289 20150826
Microsoft Trojan:WinNT/Spinfy.A 20150825
NANO-Antivirus Trojan.Win32.Finfish.wbhuj 20150826
Panda Generic Malware 20150826
Qihoo-360 Malware.Radar01.Gen 20150826
Sophos Troj/FinFish-B 20150826
Symantec Backdoor.Finfish 20150826
TheHacker Backdoor/Finfish.b 20150824
TrendMicro TROJ_FINSPY.A 20150826
TrendMicro-HouseCall TROJ_FINSPY.A 20150826
VBA32 Backdoor.Finfish 20150826
VIPRE Trojan.Win32.Generic!BT 20150826
ViRobot Backdoor.Win32.A.Finfish.11008[h] 20150826
Zillya Backdoor.Finfish.Win32.1 20150826
nProtect Backdoor/W32.Finfish.11008 20150826
AegisLab 20150826
AhnLab-V3 20150826
Alibaba 20150826
Bkav 20150826
ByteHero 20150826
ClamAV 20150826
F-Prot 20150826
Malwarebytes 20150826
Rising 20150826
SUPERAntiSpyware 20150826
Tencent 20150826
TotalDefense 20150826
Zoner 20150826
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Native subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-03-07 11:37:07
Link date 12:37 PM 3/7/2012
Entry Point 0x00001985
Number of sections 6
PE sections
PE imports
KfRaiseIrql
ExReleaseFastMutex
ExAcquireFastMutex
KfLowerIrql
RtlInitUnicodeString
KeInitializeEvent
IoBuildSynchronousFsdRequest
memset
_wcsnicmp
_snwprintf
MmMapLockedPagesSpecifyCache
RtlUnwind
ObQueryNameString
IoCreateDevice
MmProbeAndLockPages
IoDeleteDevice
KeTickCount
_allmul
MmUnmapLockedPages
ZwQuerySymbolicLinkObject
IofCompleteRequest
IoDeleteSymbolicLink
IoFileObjectType
ProbeForWrite
ProbeForRead
ObReferenceObjectByHandle
KeWaitForSingleObject
IofCallDriver
ExFreePoolWithTag
PsGetCurrentThreadId
IoAllocateMdl
ZwOpenSymbolicLinkObject
IoGetAttachedDeviceReference
IoCreateSymbolicLink
ZwOpenFile
ZwOpenDirectoryObject
ExAllocatePoolWithTag
KeBugCheckEx
ObfDereferenceObject
ZwClose
ObfReferenceObject
IoFreeMdl
MmUnlockPages
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Native

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2012:03:07 12:37:07+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
8832

LinkerVersion
8.0

EntryPoint
0x1985

InitializedDataSize
1152

SubsystemVersion
5.0

ImageVersion
6.0

OSVersion
6.0

UninitializedDataSize
0

File identification
MD5 0f8249a2593f38c6bf54b6f366c0cac6
SHA1 ff96eddce7a7663677b80a93fc542db8b06ef6f8
SHA256 62bde3bac3782d36f9f2e56db097a4672e70463e11971fad5de060b191efb196
ssdeep
192:cjQ/nPVCoovDy17/Zs15fHaqIlB6pJqwSmX:c0nPz/ZIPaqIl+FSG

authentihash aff298965ee77cc414c4a19341eed28c2ae90f8fce68f077129aeaf5caa44cf4
imphash 6760ccb6fa61ffcce97ba2399a9a3a7a
File size 10.8 KB ( 11008 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (native) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.3%)
Win32 Executable (generic) (26.2%)
Clipper DOS Executable (11.7%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe native

VirusTotal metadata
First submission 2012-05-09 09:50:16 UTC ( 3 years, 3 months ago )
Last submission 2013-11-09 16:12:34 UTC ( 1 year, 9 months ago )
File names 62bde3bac3782d36f9f2e56db097a4672e70463e11971fad5de060b191efb196
28B.exe
0f8249a2593f38c6bf54b6f366c0cac6.virus
b6d700a58965692e92dce5dbc4323391.exe
0f8249a2593f38c6bf54b6f366c0cac6
file-3918895_sys
vti-rescan
0F8249A2593F38C6BF54B6F366C0CAC6.exe
file-3918895.sys_
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!