× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 6c27b6d71a71853874945a69c045e3fc603a4f95bf957ff43adddc01132ab06f
File name: aa
Detection ratio: 49 / 54
Analysis date: 2014-07-11 00:33:20 UTC ( 4 years ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Barys.688 20140710
Yandex Trojan.DL.Agent!c+oDq7WYpdQ 20140710
AhnLab-V3 Trojan/Win32.Agent 20140710
AntiVir TR/Crypt.XPACK.Gen 20140711
Antiy-AVL Trojan[Downloader]/Win32.Agent 20140710
Avast Win32:Small-NNS [Drp] 20140711
AVG Cryptic.KG 20140710
Baidu-International Trojan.Win32.Downloader.ae 20140710
BitDefender Gen:Variant.Barys.688 20140710
Bkav W32.Maikoasf.Worm 20140710
CMC Trojan.Win32.Krap.3!O 20140710
Commtouch W32/Downloader.BF.gen!Eldorado 20140710
Comodo TrojWare.Win32.Downloader.Agent.dlhe 20140710
DrWeb Trojan.DownLoad.37236 20140711
Emsisoft Gen:Variant.Barys.688 (B) 20140711
ESET-NOD32 Win32/Wigon.KQ 20140710
F-Prot W32/Downloader.BF.gen!Eldorado 20140711
F-Secure Gen:Variant.Barys.688 20140710
Fortinet W32/Krapt.AOA!tr 20140710
GData Gen:Variant.Barys.688 20140710
Ikarus Packed.Win32.Krap 20140710
Jiangmin Trojan/Inject.kdb 20140710
K7AntiVirus Trojan ( 0009fb6c1 ) 20140710
K7GW Trojan ( 0009fb6c1 ) 20140710
Kaspersky Trojan-Downloader.Win32.Agent.dlhe 20140710
Kingsoft Win32.Troj.Generic.kd.(kcloud) 20140711
Malwarebytes Trojan.Downloader 20140711
McAfee Artemis!2E45D92E9E27 20140711
McAfee-GW-Edition Artemis!2E45D92E9E27 20140711
Microsoft TrojanDownloader:Win32/Cutwail.gen!C 20140711
eScan Gen:Variant.Barys.688 20140710
NANO-Antivirus Trojan.Win32.Agent.swfw 20140711
Norman Agent.USRU 20140710
nProtect Trojan-Downloader/W32.Agent.26624.DH 20140710
Panda Trj/Downloader.XOF 20140710
Qihoo-360 Win32/Trojan.Downloader.b35 20140711
Rising PE:Trojan.Win32.Generic.11EB1944!300620100 20140710
Sophos AV Troj/Inject-NB 20140710
SUPERAntiSpyware Trojan.Agent/Gen-Reader_S 20140711
Symantec Trojan Horse 20140711
Tencent Win32.Trojan-downloader.Agent.Hssr 20140711
TheHacker Posible_Worm32 20140708
TotalDefense Win32/Cutwail.BAB 20140710
TrendMicro TROJ_BRDOLAB.SMF 20140711
TrendMicro-HouseCall TROJ_BRDOLAB.SMF 20140711
VBA32 BScope.Trojan.MTA.0230 20140710
VIPRE Trojan-Downloader.Win32.Agent.dlhe (v) 20140711
ViRobot Trojan.Win32.Downloader.26624.FH 20140710
Zillya Downloader.Agent.Win32.149809 20140710
AegisLab 20140711
ByteHero 20140711
CAT-QuickHeal 20140710
ClamAV 20140710
Zoner 20140708
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
Command UPX
F-PROT UPX
PEiD UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2009-07-14 18:50:05
Entry Point 0x000188E0
Number of sections 3
PE sections
PE imports
AddAccessAllowedAce
ChooseFontA
VirtualFree
ExitProcess
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
Number of PE resources by type
RT_ICON 2
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 4
PE resources
ExifTool file metadata
SubsystemVersion
5.0

LinkerVersion
6.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
8.0.1311.3400

UninitializedDataSize
73728

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
4096

FileOS
Win32

MIMEType
application/octet-stream

LegalCopyright
SHD(c) 2010

FileVersion
8.0.1311.3400

TimeStamp
2009:07:14 19:50:05+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
SHD

FileAccessDate
2014:07:11 01:34:47+01:00

ProductVersion
8.0.1311.3400

FileDescription
SHD Launcher

OSVersion
6.0

FileCreateDate
2014:07:11 01:34:47+01:00

OriginalFilename
SHD.EXE

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Sound HD

CodeSize
24576

ProductName
SHD

ProductVersionNumber
8.0.1311.3400

EntryPoint
0x188e0

ObjectFileType
Executable application

File identification
MD5 2e45d92e9e271cfc7d8dfde68951f38e
SHA1 08730a5f2f4e4d8d7d3b2c3790db108fe1ce7106
SHA256 6c27b6d71a71853874945a69c045e3fc603a4f95bf957ff43adddc01132ab06f
ssdeep
768:Snus8oMbn8iAyMDN7wSj3tY5F+oMw8XYpK0X:SnuZMDdbj3wFIw8aX

imphash cadb1fc8f06478e8597f01b0f5c528c3
File size 26.0 KB ( 26624 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID UPX compressed Win32 Executable (42.3%)
Win32 EXE Yoda's Crypter (36.7%)
Win32 Dynamic Link Library (generic) (9.1%)
Win32 Executable (generic) (6.2%)
Generic Win/DOS Executable (2.7%)
Tags
peexe upx

VirusTotal metadata
First submission 2010-04-19 19:59:21 UTC ( 8 years, 3 months ago )
Last submission 2010-06-09 09:45:35 UTC ( 8 years, 1 month ago )
File names SAdZO.jpg
aa
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!