× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 630ecb9f87dfb6990dbb340e725493d9a6f3105173d590711438040912a03694
File name: 003012216
Detection ratio: 65 / 67
Analysis date: 2017-10-23 16:01:07 UTC ( 1 year, 4 months ago )
Antivirus Result Update
Ad-Aware Worm.Generic.275619 20171023
AegisLab W32.W.Palevo.auvb!c 20171023
AhnLab-V3 Worm/Win32.Kolab.R970 20171023
ALYac Worm.Generic.275619 20171023
Antiy-AVL Worm[P2P]/Win32.Palevo 20171023
Arcabit Worm.Generic.D434A3 20171023
Avast Win32:Flot-U [Wrm] 20171023
AVG Win32:Flot-U [Wrm] 20171023
Avira (no cloud) TR/Injector.AP.1 20171023
AVware Worm.Win32.Palevo.auvb (v) 20171023
Baidu Win32.Worm.Peerfrag.ar 20171023
BitDefender Worm.Generic.275619 20171023
Bkav W32.OnlineGameBLIAXAA.Trojan 20171023
CAT-QuickHeal Worm.SlenfBot.Gen 20171020
ClamAV Win.Worm.Palevo-13121 20171023
CMC P2P-Worm.Win32.Palevo!O 20171023
Comodo Worm.Win32.Tenavt.A 20171023
CrowdStrike Falcon (ML) malicious_confidence_80% (D) 20171016
Cylance Unsafe 20171023
Cyren W32/Trojan.TUYZ-8783 20171023
DrWeb Win32.HLLW.Lime.18 20171023
eGambit malicious_confidence_81% 20171023
Emsisoft Worm.Generic.275619 (B) 20171023
Endgame malicious (high confidence) 20171016
ESET-NOD32 Win32/Peerfrag.IS 20171023
F-Prot W32/Trojan4.ASV 20171023
F-Secure Worm.Generic.275619 20171023
Fortinet W32/Klob.KHS!tr 20171023
GData Worm.Generic.275619 20171023
Ikarus P2P-Worm.Win32.Palevo 20171023
Sophos ML heuristic 20170914
Jiangmin Worm/Palevo.akwf 20171023
K7AntiVirus Trojan ( 004cc51f1 ) 20171023
K7GW Trojan ( 004cc51f1 ) 20171023
Kaspersky P2P-Worm.Win32.Palevo.ibqp 20171023
Kingsoft Worm.Palevo.143360 20171023
MAX malware (ai score=89) 20171023
McAfee W32/Rimecud.gen.ag 20171023
McAfee-GW-Edition BehavesLike.Win32.Rimecud.cc 20171023
Microsoft Worm:Win32/Rimecud 20171023
eScan Worm.Generic.275619 20171023
NANO-Antivirus Trojan.Win32.Palevo.bdktw 20171023
nProtect Worm/W32.Palevo.143360.FX 20171023
Palo Alto Networks (Known Signatures) generic.ml 20171023
Panda W32/P2PWorm.PT.worm 20171023
Qihoo-360 Malware.Radar01.Gen 20171023
Rising Malware.Heuristic!ET#91% (RDM+:cmRtazpJIJNdsUOmTOQGQCBTA7SH) 20171023
SentinelOne (Static ML) static engine - malicious 20171019
Sophos AV W32/Rimecud-BA 20171023
SUPERAntiSpyware Trojan.Agent/Gen-CDesc[Gen] 20171023
Symantec W32.Pilleuz 20171023
Tencent Win32.Worm-p2p.Palevo.Wopk 20171023
TheHacker W32/Palevo.auvb 20171017
TotalDefense Win32/Inject.ZX 20171023
TrendMicro WORM_PALEVO.ABX 20171023
TrendMicro-HouseCall WORM_PALEVO.ABX 20171023
VBA32 BScope.P2P-Worm.Palevo 20171023
VIPRE Worm.Win32.Palevo.auvb (v) 20171023
ViRobot Worm.Win32.P2P-Palevo.143360.CH 20171023
Webroot W32.Rimecud.Gen 20171023
WhiteArmor Malware.HighConfidence 20171016
Yandex Worm.P2P.Palevo!Kxh6NSGQ3II 20171021
Zillya Worm.Palevo.Win32.25879 20171021
ZoneAlarm by Check Point P2P-Worm.Win32.Palevo.ibqp 20171023
Zoner I-Worm.Peerfrag.IS 20171023
Alibaba 20170911
Avast-Mobile 20171023
Malwarebytes 20171023
Symantec Mobile Insight 20171011
Trustlook 20171023
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
PEiD Armadillo v1.71
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2010-08-24 14:19:35
Entry Point 0x00001A9E
Number of sections 4
PE sections
PE imports
SelectObject
PolyTextOutA
CreateDIBitmap
TextOutA
BitBlt
GetFontData
RealizePalette
HeapFree
GetStdHandle
LCMapStringW
HeapCreate
lstrlenA
GetOEMCP
LCMapStringA
HeapDestroy
HeapAlloc
GetEnvironmentStringsW
LoadLibraryA
RtlUnwind
GetModuleFileNameA
FreeEnvironmentStringsA
GetStartupInfoA
GetEnvironmentStrings
SetHandleCount
WideCharToMultiByte
UnhandledExceptionFilter
MultiByteToWideChar
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
GetCPInfo
GetStringTypeA
GetModuleHandleA
WriteFile
GetCurrentProcess
CloseHandle
FreeConsole
GetACP
HeapReAlloc
GetStringTypeW
GetVersion
ReadConsoleA
TerminateProcess
OutputDebugStringW
VirtualFree
Sleep
GetFileType
ExitProcess
OutputDebugStringA
VirtualAlloc
SHGetFileInfoA
SetFocus
GetWindowLongA
SetTimer
IsWindow
GetParent
TrackPopupMenu
GetWindowRect
DestroyIcon
LoadMenuA
MessageBoxA
CreateWindowExA
SetWindowLongA
UpdateWindow
PrintDlgA
GetSaveFileNameA
CoCreateInstance
CoInitialize
Number of PE resources by type
RT_RCDATA 12
Number of PE resources by language
NEUTRAL 12
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2010:08:24 15:19:35+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
16384

LinkerVersion
6.0

EntryPoint
0x1a9e

InitializedDataSize
122880

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

Compressed bundles
File identification
MD5 d608c5edcbf88e3577d95451fdca6979
SHA1 3f1bc25bfb1f63b875249fc11199428e14188a04
SHA256 630ecb9f87dfb6990dbb340e725493d9a6f3105173d590711438040912a03694
ssdeep
3072:n6CztTrHPlhhH1+mASFbQfcI6xfWEThtCOS33Y7yRJG:3TbZ1+mAlkIWOETXCO6I7yDG

authentihash 648a59fea4144d43c1d3a11b3bb6f443901af5d916c8bbee6ace0edb25df0b20
imphash b69cdd35604db3acab0c406d98ab1c4e
File size 140.0 KB ( 143360 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.4%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2010-08-26 06:36:07 UTC ( 8 years, 6 months ago )
Last submission 2015-06-12 07:49:30 UTC ( 3 years, 8 months ago )
File names zdNe8y.jpg
fede.exe
MSGVN.EXE (Taskman).vir
003012216
aa
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!