× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 68d730ad7ce2bdc8581cbe000e2b32e963fbdb97180d043f73a04bcf96272e3b
File name: b4fe4b25b5b5b8e3ae7000d8a483dc70
Detection ratio: 39 / 54
Analysis date: 2014-11-12 08:57:31 UTC ( 4 years ago )
Antivirus Result Update
Ad-Aware Gen:Trojan.Heur.AutoIT.2 20141112
AhnLab-V3 HEUR/Fakon.mwf 20141111
Avast Win32:Trojan-gen 20141112
AVG Generic32.BQWJ 20141112
Avira (no cloud) TR/Dropper.Gen 20141112
AVware Trojan.Win32.AutoIT.gen (v) 20141112
BitDefender Gen:Trojan.Heur.AutoIT.2 20141112
CAT-QuickHeal Trojan.Autoit.r3 20141112
Comodo TrojWare.Win32.Agent.~JH1 20141112
Cyren W32/Trojan.UUSN-2750 20141112
DrWeb Win32.HLLW.Autohit.7920 20141112
Emsisoft Gen:Trojan.Heur.AutoIT.2 (B) 20141112
F-Secure Trojan-Downloader:W32/AutoIt.BI 20141112
Fortinet W32/AutoIt.CH!worm 20141112
GData Gen:Trojan.Heur.AutoIT.2 20141112
Ikarus Worm.Win32.AutoIt 20141112
Jiangmin Trojan/Midgare.dsh 20141111
K7AntiVirus Trojan ( 00071a9a1 ) 20141111
K7GW Trojan ( 00071a9a1 ) 20141112
Kaspersky Trojan.Win32.Autoit.yk 20141112
Malwarebytes Worm.AutoRun 20141112
McAfee W32/YahLover.worm.gen 20141112
McAfee-GW-Edition BehavesLike.Win32.YahLover.fh 20141112
Microsoft Worm:Win32/Autorun.VL 20141112
eScan Gen:Trojan.Heur.AutoIT.2 20141112
Norman Obfuscated.H11!genr 20141112
nProtect Trojan/W32.Midgare_Packed.405988 20141111
Panda Trj/CI.A 20141110
Qihoo-360 Malware.QVM11.Gen 20141112
Rising PE:Trojan.Win32.Generic.178CBB52!395098962 20141111
Sophos AV Mal/Sohana-A 20141112
Symantec W32.Imaut!gen1 20141112
Tencent Win32.Trojan.Autoit.Phqk 20141112
TotalDefense Win32/SillyAutorun.BVG 20141111
TrendMicro Mal_SHND-4 20141112
TrendMicro-HouseCall Mal_SHND-4 20141112
VIPRE Trojan.Win32.AutoIT.gen (v) 20141112
Zillya Trojan.Midgare.Win32.21946 20141111
Zoner I-Worm.AutoRun.Autoit.AB.autodetect.2660 20141110
AegisLab 20141112
Yandex 20141111
Antiy-AVL 20141112
Baidu-International 20141107
Bkav 20141112
ByteHero 20141112
ClamAV 20141112
CMC 20141110
F-Prot 20141111
Kingsoft 20141112
NANO-Antivirus 20141112
SUPERAntiSpyware 20141112
TheHacker 20141111
VBA32 20141111
ViRobot 20141112
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
File version 3, 2, 12, 1
Packers identified
F-PROT AutoIt, UPX
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2008-06-12 08:51:05
Entry Point 0x000A6CB0
Number of sections 3
PE sections
PE imports
RegCloseKey
ImageList_Create
LineTo
VirtualFree
ExitProcess
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
WNetUseConnectionW
GetActiveObject
DragFinish
VerQueryValueW
timeGetTime
GetSaveFileNameW
CoInitialize
Number of PE resources by type
RT_ICON 16
RT_STRING 6
RT_GROUP_ICON 4
RT_DIALOG 1
RT_MANIFEST 1
RT_MENU 1
RT_VERSION 1
Number of PE resources by language
ENGLISH UK 30
PE resources
ExifTool file metadata
UninitializedDataSize
450560

InitializedDataSize
315392

ImageVersion
0.0

FileVersionNumber
3.2.12.1

LanguageCode
English (British)

FileFlagsMask
0x0017

CharacterSet
Unicode

LinkerVersion
8.0

MIMEType
application/octet-stream

FileVersion
3, 2, 12, 1

TimeStamp
2008:06:12 09:51:05+01:00

FileType
Win32 EXE

PEType
PE32

FileAccessDate
2014:11:12 10:02:27+01:00

SubsystemVersion
4.0

OSVersion
4.0

FileCreateDate
2014:11:12 10:02:27+01:00

FileOS
Win32

Subsystem
Windows GUI

CompiledScript
AutoIt v3 Script : 3, 2, 12, 1

MachineType
Intel 386 or later, and compatibles

CodeSize
0

FileSubtype
0

ProductVersionNumber
3.2.12.1

EntryPoint
0xa6cb0

ObjectFileType
Unknown

File identification
MD5 b4fe4b25b5b5b8e3ae7000d8a483dc70
SHA1 0768a73416cd5bd98f89d844ab3f3bcac1c25a8c
SHA256 68d730ad7ce2bdc8581cbe000e2b32e963fbdb97180d043f73a04bcf96272e3b
ssdeep
6144:bknN4CVUIm6uk06ZLYgvBA+8xmrxgmA+3cclptVopAfVd:YnNhuBoY8SorxgmA+nlvVlfVd

authentihash b622c8c51ab7904e1692cad0955110e77033084927e75d5f1d7a97c2dfa74a6a
imphash a47a8f374586a42b20d3b48a138e11e8
File size 396.5 KB ( 405988 bytes )
File type Win32 EXE
Magic literal
MS-DOS executable, MZ for MS-DOS

TrID Win32 Executable (generic) (52.9%)
Generic Win/DOS Executable (23.5%)
DOS Executable Generic (23.4%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe upx

VirusTotal metadata
First submission 2014-11-12 08:57:31 UTC ( 4 years ago )
Last submission 2014-11-12 08:57:31 UTC ( 4 years ago )
File names b4fe4b25b5b5b8e3ae7000d8a483dc70
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Deleted files
Created processes
Shell commands
Code injections in the following processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
Additional details
The file uses the IsDebuggerPresent Windows API function in order to see whether it is being debugged.
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
HTTP requests
DNS requests
TCP connections