× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 6b24ad5c6cb93411f5c260980efb3415c7a6eb22b51be058140318efa9c40f9c
File name: ddcd268bf21337fbddddc04b4b3025df
Detection ratio: 44 / 57
Analysis date: 2015-08-12 10:54:40 UTC ( 3 years, 6 months ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Barys.1980 20150812
Yandex Trojan.DL.Delf!ZlQne4uxouA 20150811
AhnLab-V3 Downloader/Win32.Genome 20150812
ALYac Gen:Variant.Barys.1980 20150812
Antiy-AVL Trojan[:HEUR]/Win32.AGeneric 20150812
Arcabit Trojan.Barys.D7BC 20150812
Avast Win32:Trojan-gen 20150812
AVG Downloader.Generic11.BRJ 20150812
Avira (no cloud) TR/Dldr.Wives.A 20150812
AVware Trojan.Win32.Generic!BT 20150812
Baidu-International Trojan.Win32.Delf.AIlH 20150812
BitDefender Gen:Variant.Barys.1980 20150812
CAT-QuickHeal TrojanDownloader.Delf.r9 20150812
ClamAV Win.Trojan.Downloader-53301 20150812
Comodo TrojWare.Win32.TrojanDownloader.Delf.gen 20150812
DrWeb Trojan.DownLoader2.22452 20150812
Emsisoft Gen:Variant.Barys.1980 (B) 20150812
ESET-NOD32 a variant of Win32/TrojanDownloader.Delf.QIN 20150812
F-Secure Gen:Variant.Barys.1980 20150812
Fortinet W32/Downloader_x.EQW!tr 20150812
GData Gen:Variant.Barys.1980 20150812
Ikarus Downloader.Delphi 20150812
Jiangmin TrojanDownloader.Delf.dbp 20150811
K7AntiVirus Trojan ( 7000000f1 ) 20150812
K7GW Trojan ( 7000000f1 ) 20150812
Kaspersky HEUR:Trojan.Win32.Generic 20150812
Kingsoft Win32.TrojDownloader.Delf.(kcloud) 20150812
Malwarebytes Trojan.Agent 20150812
McAfee Generic.dx!DDCD268BF213 20150812
McAfee-GW-Edition BehavesLike.Win32.Dropper.mm 20150812
Microsoft TrojanDownloader:Win32/Banload.VU 20150812
eScan Gen:Variant.Barys.1980 20150812
NANO-Antivirus Trojan.Win32.Delf.cqlyt 20150812
nProtect Trojan-Downloader/W32.Delf.26624 20150812
Panda Generic Malware 20150812
Qihoo-360 HEUR/Malware.QVM05.Gen 20150812
Rising PE:Trojan.Win32.Generic.1340003B!322961467 20150811
Sophos AV Mal/DownLdr-DZ 20150812
TheHacker Trojan/Downloader.Delf.bape 20150811
TrendMicro TROJ_DLOADER.CDN 20150812
TrendMicro-HouseCall TROJ_DLOADER.CDN 20150812
VIPRE Trojan.Win32.Generic!BT 20150812
ViRobot Trojan.Win32.S.Downloader.26624.AD[h] 20150812
Zillya Downloader.Delf.Win32.17528 20150812
AegisLab 20150812
Alibaba 20150812
Bkav 20150811
ByteHero 20150812
CMC 20150710
Cyren 20150812
F-Prot 20150812
SUPERAntiSpyware 20150812
Symantec 20150812
Tencent 20150812
TotalDefense 20150812
VBA32 20150812
Zoner 20150810
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2011-03-16 02:10:16
Entry Point 0x000050AC
Number of sections 9
PE sections
PE imports
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
GetStdHandle
lstrlenA
GetFileAttributesA
FreeLibrary
ExitProcess
GetThreadLocale
GetModuleFileNameA
RtlUnwind
LoadLibraryA
WinExec
GetStartupInfoA
LoadLibraryExA
GetLocaleInfoA
LocalAlloc
lstrcatA
CreateDirectoryA
DeleteFileA
UnhandledExceptionFilter
GetShortPathNameA
GetCommandLineA
GetProcAddress
RaiseException
GetModuleHandleA
FindFirstFileA
WriteFile
CloseHandle
lstrcpynA
GetACP
MoveFileA
GetEnvironmentVariableA
lstrcpyA
VirtualQuery
VirtualFree
FindClose
TlsGetValue
Sleep
TlsSetValue
CreateFileA
GetCurrentThreadId
VirtualAlloc
ShellExecuteA
MessageBoxA
LoadStringA
GetKeyboardType
CharNextA
DestroyWindow
InternetReadFile
InternetOpenUrlA
InternetCloseHandle
InternetOpenA
Number of PE resources by type
RT_ICON 1
RT_STRING 1
RT_MANIFEST 1
RT_GROUP_ICON 1
Number of PE resources by language
PORTUGUESE BRAZILIAN 2
NEUTRAL 1
ENGLISH US 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2011:03:16 03:10:16+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
17408

LinkerVersion
2.25

FileTypeExtension
exe

InitializedDataSize
8192

SubsystemVersion
4.0

EntryPoint
0x50ac

OSVersion
4.0

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 ddcd268bf21337fbddddc04b4b3025df
SHA1 3292010631b6636d8c21e8e9a1a0c10e43982a54
SHA256 6b24ad5c6cb93411f5c260980efb3415c7a6eb22b51be058140318efa9c40f9c
ssdeep
768:J64hZ1p/ija+1IGp2beSg9sTlFEbR4u1FgMt:84hZWKn4sTcxgMt

authentihash 9ee5696dc089c906d8e29e3e1b63569d82cfff7c5e517344a6f82f29dbdbabe1
imphash 318c56f606c74282f9b0bf5305e73691
File size 26.0 KB ( 26624 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.3%)
Win32 Executable (generic) (26.2%)
Win16/32 Executable Delphi generic (12.0%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2011-03-16 13:04:23 UTC ( 7 years, 11 months ago )
Last submission 2014-06-14 11:19:37 UTC ( 4 years, 8 months ago )
File names file-1980778_scr
793744
DDCD268BF21337FBDDDDC04B4B3025DF
ddcd268bf21337fbddddc04b4b3025df
3292010631b6636d8c21e8e9a1a0c10e43982a54.exe
visualizar.php
ddcd268bf21337fbddddc04b4b3025df3292010631b6636d8c21e8e9a1a0c10e43982a5426624.exe
visualizar.scr.vir
ddcd268bf21337fbddddc04b4b3025df.exe
visualizar.scr
GjRuzAoaxW.docm
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!