× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 6bc8cdbda20902ffa77a4a2e6b00dcaeb347eee0c532de5a746396c3c585910f
File name: uYNBHmhohyyMUMs.exe
Detection ratio: 48 / 53
Analysis date: 2014-07-29 12:57:00 UTC ( 4 years, 4 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.1149781 20140729
Yandex Backdoor.Androm!tfFcjzMUyug 20140729
AhnLab-V3 Trojan/Win32.Dorkbot 20140729
AntiVir TR/Agent.ZRGT 20140729
Antiy-AVL Worm/Win32.AutoRun 20140729
Avast Win32:Downloader-UBU [Trj] 20140729
AVG PSW.Generic11.BDWD 20140729
AVware Trojan.Win32.Generic!BT 20140729
Baidu-International Trojan.Win32.Agent.aH 20140729
BitDefender Trojan.GenericKD.1149781 20140729
Bkav W32.XavileD.Trojan 20140728
CAT-QuickHeal Trojan.Lethic.B5 20140729
Commtouch W32/Backdoor.OZVR-2983 20140729
Comodo TrojWare.Win32.Injector.AKKV 20140729
DrWeb Trojan.PWS.Panda.368 20140729
Emsisoft Trojan.GenericKD.1149781 (B) 20140729
ESET-NOD32 Win32/Dorkbot.B 20140729
F-Prot W32/Backdoor2.HTEQ 20140729
F-Secure Trojan.GenericKD.1149781 20140729
Fortinet W32/Agent.B!tr 20140729
GData Trojan.GenericKD.1149781 20140729
Ikarus Backdoor.Win32.Androm 20140729
Jiangmin Backdoor/Androm.bit 20140725
K7AntiVirus Riskware ( 0040eff71 ) 20140728
K7GW Riskware ( 0040eff71 ) 20140728
Kaspersky Trojan.Win32.Agent.ibga 20140729
Kingsoft Win32.Troj.Generic.a.(kcloud) 20140729
Malwarebytes Trojan.Inject.RRE 20140729
McAfee W32/Kolab 20140729
McAfee-GW-Edition W32/Kolab 20140728
Microsoft Worm:Win32/Dorkbot.I 20140729
eScan Trojan.GenericKD.1149781 20140729
Norman Gamarue.BBV 20140729
nProtect Trojan/W32.Agent.157184.QB 20140729
Panda Trj/Agent.IVN 20140729
Qihoo-360 Win32/Trojan.Multi.daf 20140729
Rising PE:Trojan.Win32.Generic.1585A9D7!361081303 20140729
Sophos AV Mal/EncPk-AKA 20140729
SUPERAntiSpyware Trojan.Agent/Gen-Zbot 20140729
Tencent Win32.Trojan.Agent.Egoj 20140729
TheHacker Trojan/Injector.akkv 20140728
TotalDefense Win32/Loktrom.LQGJWFD 20140729
TrendMicro WORM_DORKBOT.UE 20140729
TrendMicro-HouseCall WORM_DORKBOT.UE 20140729
VBA32 Hoax.Foreign 20140729
VIPRE Trojan.Win32.Generic!BT 20140729
ViRobot Spyware.PornoAsset.157184.A 20140729
Zoner I-Worm.Dorkbot.B 20140723
AegisLab 20140729
ByteHero 20140729
ClamAV 20140729
CMC 20140728
NANO-Antivirus 20140729
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © 1999-2006 Underground InformatioN Center

Product PE Tools v1.5
Original name PETools.exe
Internal name PE Tools v1.5 RC7
File version 1.5.800.2006 RC7
Description PE Tools - Nice PE Editor !!!
Comments For Win9x/ME/2000/2003/XP/Vista
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-07-30 21:53:15
Entry Point 0x00002910
Number of sections 5
PE sections
PE imports
MakeSelfRelativeSD
OpenCluster
ClusterGroupControl
DeleteClusterGroup
ClusterRegEnumValue
CloseCluster
CloseClusterNotifyPort
ClusterResourceTypeOpenEnum
GetClusterResourceTypeKey
GetClusterFromNetwork
HeapSize
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
HeapCreate
GetModuleFileNameW
WaitForSingleObject
GetOEMCP
QueryPerformanceCounter
IsDebuggerPresent
EncodePointer
TlsAlloc
GetEnvironmentStringsW
FlushFileBuffers
GetModuleFileNameA
RtlUnwind
GetACP
HeapSetInformation
GetCurrentProcess
EnumSystemLocalesA
GetConsoleMode
GetLocaleInfoA
GetCurrentProcessId
GetUserDefaultLCID
WriteConsoleW
GetCPInfo
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
GetStartupInfoW
GetTickCount
SetHandleCount
GetCommandLineA
GetProcAddress
GetLocaleInfoW
SetStdHandle
SetFilePointer
CreateThread
LoadLibraryW
TlsFree
FreeEnvironmentStringsW
GetSystemTimeAsFileTime
DeleteCriticalSection
SetUnhandledExceptionFilter
WriteFile
CloseHandle
IsProcessorFeaturePresent
IsValidLocale
ExitThread
HeapReAlloc
DecodePointer
GetModuleHandleW
HeapAlloc
TerminateProcess
GetConsoleCP
WideCharToMultiByte
IsValidCodePage
SetConsoleMode
CreateFileW
GetStringTypeW
TlsGetValue
Sleep
GetFileType
ReadConsoleW
TlsSetValue
ExitProcess
GetCurrentThreadId
InterlockedIncrement
SetLastError
LeaveCriticalSection
Number of PE resources by type
RT_FONT 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
SPANISH PUERTO RICO 1
PE resources
ExifTool file metadata
Author
NEOx <neox@pisem.net>

CodeSize
48640

SubsystemVersion
5.0

Comments
For Win9x/ME/2000/2003/XP/Vista

InitializedDataSize
107520

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.5.800.2005

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
PE Tools - Nice PE Editor !!!

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unicode

LinkerVersion
9.0

Credits
NiFi, Dr.Golova, SOLDIER, Corbio, Rook, SUnteXx, V.Vilman, JFX, dum0h, .Cryorb, Volodya, spEctoRius, cyberbob, FEUERRADER, .::D.e.M.o.N.i.X::., dyn!o, Bad_guy, Aster!x, lepton, Hellsp@wN, Jupiter, GPcH, Ms-Rem, BiT-H@ck, SLV, sanniassin, Smokii, DrDead..

SpecialBuild
Visit http://www.uinc.ru/ or http://neox.pisem.net/ for updates.

PrivateBuild
Public version

EntryPoint
0x2910

OriginalFileName
PETools.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright 1999-2006 Underground InformatioN Center

FileVersion
1.5.800.2006 RC7

TimeStamp
2013:07:30 22:53:15+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
PE Tools v1.5 RC7

ProductVersion
1.5.800.2006 RC7

UninitializedDataSize
0

OSVersion
5.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Underground InformatioN Center

LegalTrademarks
PE Tools v1.5 RC7

ProductName
PE Tools v1.5

ProductVersionNumber
1.5.800.2005

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 fbbde5e5ec172d526188edb800753a50
SHA1 fb7a44f7eb3c3ff4204c21447cdd09a089eee779
SHA256 6bc8cdbda20902ffa77a4a2e6b00dcaeb347eee0c532de5a746396c3c585910f
ssdeep
3072:Nl6EgmJBkSju7dMIplpdWnWf1WYCPTkG8M8kkRqX66po:N3BPju7B3zjNWlIG88k666q

authentihash d274ff982a3bc495a7ffffe413ea9ec559bbf0fbb1b3fc2d8d9939e3aca9eabf
imphash 42e0f7e55c4be34250108c1ce9cabaa2
File size 153.5 KB ( 157184 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (72.3%)
Win32 Executable (generic) (11.8%)
OS/2 Executable (generic) (5.3%)
Generic Win/DOS Executable (5.2%)
DOS Executable Generic (5.2%)
Tags
peexe usb-autorun

VirusTotal metadata
First submission 2013-07-30 23:18:23 UTC ( 5 years, 4 months ago )
Last submission 2017-10-13 12:30:50 UTC ( 1 year, 2 months ago )
File names fbbde5e5ec172d526188edb800753a50
uYNBHmhohyyMUMs.exe
fbbde5e5ec172d526188edb800753a50.virobj
OaNdCXcWchfGxCm.exe
CefDTEEfKdWWeeq.exe
vti-rescan
7381jjul.exe
fbbde5e5ec172d526188edb800753a50
007091683
QNeeAWpXHgEYzgc.exe
d9ce.exe
PETools.exe
PE Tools v1.5 RC7
fb7a44f7eb3c3ff4204c21447cdd09a089eee779
ckSobBoICjVTvKN.exe
vXNnkVKBmlyMXNv.exe
rwqpkaLTspXqAaD.exe
virussign.com_fbbde5e5ec172d526188edb800753a50.vir
C__Documents and Settings_user_Application Data_ScreenSaverPro.scr
Win32.Dorkbot.B.virus
ccc.exe
6bc8cdbda20902ffa77a4a2e6b00dcaeb347eee0c532de5a746396c3c585910f
flash_virus.vir_exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!