× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 68c01ec9b0dc7330d2d51cfc6de666d0e44131c91b0b68bcd02655ab4878fbde
File name: 9b3d6e3b9f5bbe4c02a0c9eccffa81e5.malware
Detection ratio: 37 / 46
Analysis date: 2013-08-17 19:42:26 UTC ( 3 years, 8 months ago )
Antivirus Result Update
Yandex Trojan.Ponmocup!0iyTkbhY+QI 20130817
AhnLab-V3 Trojan/Win32.Pirminay 20130817
AntiVir TR/Crypt.ZPACK.Gen8 20130817
Antiy-AVL Trojan/Win32.Generic.gen 20130817
Avast Win32:Vundo-YH [Trj] 20130817
AVG Agent4.BZO 20130817
BitDefender Trojan.Generic.KDV.798232 20130817
ClamAV Win.Trojan.Pirminay 20130817
Commtouch W32/Syntat.A.gen!Eldorado 20130817
DrWeb Trojan.Inject1.14623 20130817
Emsisoft Trojan.Generic.KDV.798232 (B) 20130817
ESET-NOD32 Win32/Ponmocup.AA 20130817
F-Prot W32/Syntat.A.gen!Eldorado 20130817
F-Secure Trojan.Generic.KDV.798232 20130817
Fortinet W32/MDrop.AA!tr 20130817
GData Trojan.Generic.KDV.798232 20130817
Ikarus Virus.Win32.Cryptor 20130817
Jiangmin Trojan/Generic.ayrna 20130817
K7AntiVirus Trojan 20130817
K7GW Trojan 20130816
Kaspersky HEUR:Trojan.Win32.Generic 20130817
Malwarebytes Trojan.Pirminay 20130817
McAfee Vundo.gen.hp 20130817
McAfee-GW-Edition Heuristic.LooksLike.Win32.Suspicious.I 20130817
Microsoft Trojan:Win32/Vundo 20130817
eScan Trojan.Generic.KDV.798232 20130817
NANO-Antivirus Trojan.Win32.Pirminay.bfwdkk 20130817
Panda Trj/Genetic.gen 20130817
PCTools Trojan.Gen 20130817
Sophos Troj/Mdrop-ERQ 20130817
SUPERAntiSpyware Trojan.Agent/Gen-Ponmocup 20130817
Symantec Trojan.Gen 20130817
TheHacker Trojan/Pirminay.ula 20130817
TrendMicro TROJ_PIRMINAY_CA082AD0.TOMC 20130817
TrendMicro-HouseCall TROJ_PIRMINAY_CA082AD0.TOMC 20130817
VBA32 Trojan.Pirminay 20130816
VIPRE Virtumonde 20130817
ByteHero 20130814
CAT-QuickHeal 20130817
Comodo 20130817
Kingsoft 20130723
Norman 20130817
nProtect 20130816
Rising 20130816
TotalDefense 20130816
ViRobot 20130817
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
PEiD Armadillo v1.71
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2010-10-11 11:39:03
Entry Point 0x0000A2D2
Number of sections 3
PE sections
PE imports
ImageList_GetImageCount
ImageList_Duplicate
ImageList_Destroy
CreateStatusWindowW
_TrackMouseEvent
FlatSB_SetScrollProp
ImageList_DragLeave
Ord(17)
Ord(4)
CreatePropertySheetPageA
Ord(14)
Ord(2)
UninitializeFlatSB
VerLanguageNameA
GetModuleHandleA
lstrcpyW
GetSystemTime
CreateFileMappingA
GetVersion
VerLanguageNameW
Process32First
GlobalCompact
FreeLibrary
GetDiskFreeSpaceExW
GetStartupInfoA
TlsSetValue
GetHandleInformation
IsValidLocale
GetProcAddress
VirtualAlloc
LoadLibraryA
GetLocalTime
__p__fmode
_mbccpy
ferror
memset
fclose
__dllonexit
fprintf
printf
_wspawnl
_wutime
feof
fsetpos
_except_handler3
fputc
fopen
_getmbcp
_unlink
fseek
_mbslen
_onexit
fputs
ftell
exit
sprintf
_spawnve
__setusermatherr
_adjust_fdiv
_XcptFilter
_acmdln
fread
_fullpath
_exit
__p__commode
_CIsqrt
__getmainargs
fwprintf
_controlfp
isspace
fwrite
_initterm
__set_app_type
wglDeleteContext
glClearColor
wglCreateContext
glCallList
glScissor
glDrawElements
glColor4d
wglMakeCurrent
PathUnquoteSpacesW
PathCombineA
SHDeleteOrphanKeyA
PathRemoveBlanksW
StrNCatA
PathRelativePathToW
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerFindFileW
VerInstallFileA
VerQueryValueW
VerFindFileA
GetFileVersionInfoW
GetFileVersionInfoSizeW
VerInstallFileW
VerQueryValueA
StartPagePrinter
DeletePrintProvidorA
PrinterMessageBoxW
AdvancedSetupDialog
DocumentPropertiesA
GetSpoolFileHandle
OpenPrinterA
Ord(213)
XcvDataW
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2010:10:11 12:39:03+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
40960

LinkerVersion
6.0

EntryPoint
0xa2d2

InitializedDataSize
561152

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 9b3d6e3b9f5bbe4c02a0c9eccffa81e5
SHA1 8cded7ed718da1dc0b4d4c1c84a7f45d16e7e156
SHA256 68c01ec9b0dc7330d2d51cfc6de666d0e44131c91b0b68bcd02655ab4878fbde
ssdeep
12288:8d0B4hunEjo5jM19t6IH3HRVvpnkulpbCrh:8CBYJ8U3HR1RLxCrh

File size 595.2 KB ( 609472 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable (generic) (52.9%)
Generic Win/DOS Executable (23.5%)
DOS Executable Generic (23.4%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe armadillo

VirusTotal metadata
First submission 2013-08-17 19:42:26 UTC ( 3 years, 8 months ago )
Last submission 2013-08-17 19:42:26 UTC ( 3 years, 8 months ago )
File names 9b3d6e3b9f5bbe4c02a0c9eccffa81e5.malware
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!