× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 643b9fe814174ef8ef7f6dac0de66a7a4d6e012bd4f79d1cf5c11105cd893f3c
File name: 58eb2a0aa1c06754c17dc6ea639714e5
Detection ratio: 45 / 52
Analysis date: 2014-05-20 20:15:42 UTC ( 4 years, 9 months ago )
Antivirus Result Update
Ad-Aware Trojan.Generic.3115093 20140520
Yandex Trojan.PWS.OnLineGames!xlKV+5w0rAU 20140520
AhnLab-V3 Trojan/Win32.OnlineGameHack 20140520
AntiVir TR/Crypt.ULPM.Gen 20140520
Antiy-AVL Trojan[GameThief]/Win32.OnLineGames 20140520
Avast Win32:Malware-gen 20140520
AVG Generic16.AOSZ 20140520
Baidu-International Trojan.Win32.Kryptik.DI 20140520
BitDefender Trojan.Generic.3115093 20140520
Bkav W32.Gosemasj.Worm 20140520
CAT-QuickHeal Win32.PWS.OnLineGames.GP.3.Pack 20140520
Commtouch W32/OnlineGames.CW.gen!Eldorado 20140520
DrWeb Trojan.PWS.Wsgame.16578 20140520
Emsisoft Trojan.Generic.3115093 (B) 20140520
ESET-NOD32 a variant of Win32/Kryptik.WI 20140520
F-Prot W32/OnlineGames.CW.gen!Eldorado 20140520
F-Secure Trojan.Generic.3115093 20140520
Fortinet Malware_fam.gw 20140520
GData Trojan.Generic.3115093 20140520
Ikarus Trojan-GameThief.Win32.OnLineGames 20140520
K7AntiVirus Trojan ( 00386dc51 ) 20140520
K7GW Trojan ( 00386dc51 ) 20140520
Kaspersky HEUR:Trojan.Win32.Generic 20140520
Kingsoft Win32.Troj.OnLineG.ak.(kcloud) 20140520
McAfee PWS-OnlineGames.ha 20140520
McAfee-GW-Edition PWS-OnlineGames.ha 20140520
Microsoft PWS:Win32/Prast!rts 20140520
eScan Trojan.Generic.3115093 20140520
NANO-Antivirus Trojan.Win32.OnLineGames.leoe 20140520
Norman OnLineGames.LHCI 20140520
nProtect Trojan-PWS/W32.WebGame.24120.F 20140520
Panda Trj/Lineage.BZE 20140520
Qihoo-360 HEUR/Trojan.4b2 20140520
Rising PE:Trojan.Win32.Generic.11E6104C!300290124 20140520
Sophos AV Mal/HckPk-A 20140520
Symantec Trojan.Dropper 20140520
Tencent Win32.Trojan-gamethief.Onlinegames.Szcd 20140520
TheHacker Trojan/Kryptik.ae 20140520
TotalDefense Win32/Zuten.FV 20140520
TrendMicro PAK_Generic.005 20140520
TrendMicro-HouseCall PAK_Generic.005 20140520
VBA32 BScope.Trojan-Dropper.OLGames.2512 20140520
VIPRE Trojan.Win32.Generic!BT 20140520
ViRobot Trojan.Win32.S.PSWIGames.24120.D 20140520
Zillya Trojan.OnLineGames.Win32.44477 20140520
AegisLab 20140520
ByteHero 20140520
ClamAV 20140520
CMC 20140520
Comodo 20140520
Jiangmin 20140520
Malwarebytes 20140520
SUPERAntiSpyware 20140520
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2010-01-19 19:38:25
Entry Point 0x0000F2F5
Number of sections 3
PE sections
PE imports
VirtualFree
ExitProcess
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
wsprintfA
Number of PE resources by type
UVB 1
Number of PE resources by language
CHINESE SIMPLIFIED 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2010:01:19 20:38:25+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
24576

LinkerVersion
6.0

FileAccessDate
2014:05:20 21:16:43+01:00

EntryPoint
0xf2f5

InitializedDataSize
4096

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

FileCreateDate
2014:05:20 21:16:43+01:00

UninitializedDataSize
36864

File identification
MD5 58eb2a0aa1c06754c17dc6ea639714e5
SHA1 511e8c453f80765fa39d7bdff8d4bcd04f7a3933
SHA256 643b9fe814174ef8ef7f6dac0de66a7a4d6e012bd4f79d1cf5c11105cd893f3c
ssdeep
384:LHC9D5fnqh36hRUePwQe/YWp9ePixhwjvP6tO2frd8SMvqA:LHonOURUYuxMvuO2DMD

imphash a7763b6300995bdfb604b44d3fcfb1cb
File size 23.6 KB ( 24120 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID UPX compressed Win32 Executable (42.3%)
Win32 EXE Yoda's Crypter (36.7%)
Win32 Dynamic Link Library (generic) (9.1%)
Win32 Executable (generic) (6.2%)
Generic Win/DOS Executable (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2010-01-26 16:00:42 UTC ( 9 years ago )
Last submission 2014-05-20 20:15:42 UTC ( 4 years, 9 months ago )
File names 58eb2a0aa1c06754c17dc6ea639714e5
8m2bSfE0.tmp
aa
58EB2A0AA1C06754C17DC6EA639714E5
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Moved files
Deleted files
Created processes
Shell commands
Searched windows
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.