× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 7219bdb065697298d2fa91f2509e9124ed91da449d0317182d77d02b4c6dba00
File name: 20352-bveijo.exe
Detection ratio: 50 / 56
Analysis date: 2016-04-24 12:50:33 UTC ( 3 years ago ) View latest
Antivirus Result Update
Ad-Aware MemScan:Trojan.PWS.OnlineGames.KDAY 20160424
AegisLab Troj.Downloader.W32.Agent.l3Cr 20160424
AhnLab-V3 Win-Trojan/Vaklik.94208.C 20160424
ALYac Spyware.OnlineGames-GLG 20160424
Antiy-AVL Trojan/Win32.Vaklik 20160424
Arcabit Trojan.PWS.OnlineGames.KDAY 20160424
Avast Win32:Evo-gen [Susp] 20160424
AVG Win32/Heur 20160424
Avira (no cloud) TR/Crypt.ASPM.Gen 20160424
AVware BehavesLike.Win32.Malware.eah (mx-v) 20160424
Baidu-International Worm.Win32.PSW.OnlineGames 20160424
BitDefender MemScan:Trojan.PWS.OnlineGames.KDAY 20160424
Bkav W32.SopicClickB.Worm 20160423
CAT-QuickHeal Trojan.Agen.rw6 20160423
ClamAV Win.Trojan.OnlineGames-2160 20160423
CMC Generic.Win32.f4bd7ca06f!CMCRadar 20160421
Comodo TrojWare.Win32.Trojan.Agent.Gen 20160424
Cyren W32/Taterf.A!Eldorado 20160424
DrWeb Trojan.PWS.Wsgame.12661 20160424
Emsisoft MemScan:Trojan.PWS.OnlineGames.KDAY (B) 20160424
ESET-NOD32 Win32/AutoRun.PSW.OnlineGames.AT 20160424
F-Prot W32/Frethog.AA 20160424
F-Secure MemScan:Trojan.PWS.OnlineGames.KDAY 20160424
GData MemScan:Trojan.PWS.OnlineGames.KDAY 20160424
Ikarus Trojan-Downloader.Win32.BaoFa 20160424
K7AntiVirus Password-Stealer ( 00132c891 ) 20160424
K7GW Password-Stealer ( 00132c891 ) 20160423
Kaspersky HEUR:Trojan.Win32.Generic 20160424
Kingsoft Win32.Troj.Vaklik.(kcloud) 20160424
McAfee Artemis!F4BD7CA06FC0 20160424
McAfee-GW-Edition BehavesLike.Win32.Sality.nc 20160424
Microsoft Worm:Win32/Taterf.gen!E 20160424
eScan MemScan:Trojan.PWS.OnlineGames.KDAY 20160424
NANO-Antivirus Trojan.Win32.Wsgame.dghno 20160424
nProtect Trojan/W32.Vaklik.94208.C 20160422
Panda W32/Lineage.LIC 20160424
Qihoo-360 Malware.Radar01.Gen 20160424
Rising PE:Malware.Generic/QRS!1.9E2D [F] 20160424
Sophos AV Mal/Taterf-F 20160424
Symantec W32.Gammima.AG!gen4 20160424
Tencent Win32.Worm.Autorun.Edxl 20160424
TheHacker Trojan/OnlineGames.gen 20160422
TotalDefense Win32/Frethog.GDI 20160421
TrendMicro Mal_Mlwr-13 20160424
TrendMicro-HouseCall Mal_Mlwr-13 20160424
VBA32 BScope.Trojan-PSW.AmGames 20160423
VIPRE BehavesLike.Win32.Malware.eah (mx-v) 20160424
ViRobot Trojan.Win32.Vaklik.94208[h] 20160424
Yandex Trojan.Magania.Gen!Pac.3 20160423
Zillya Trojan.Vaklik.Win32.2087 20160423
Alibaba 20160424
Baidu 20160422
Fortinet 20160424
Malwarebytes 20160424
SUPERAntiSpyware 20160424
Zoner 20160424
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
Command Aspack
PEiD ASPack v2.12
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2010-01-30 14:25:49
Entry Point 0x00047001
Number of sections 6
PE sections
PE imports
GetProcAddress
GetModuleHandleA
LoadLibraryA
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2010:01:30 15:25:49+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
94208

LinkerVersion
6.0

EntryPoint
0x47001

InitializedDataSize
4096

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
188416

File identification
MD5 f4bd7ca06fc0f838a41eeff09dbff197
SHA1 4ae28cc4342115233ad78fd2cc5ee7c764e94ea5
SHA256 7219bdb065697298d2fa91f2509e9124ed91da449d0317182d77d02b4c6dba00
ssdeep
1536:Icv7I88X5JKD09HI0Tnp3i+TdyQ7CPCdOd89W8D/DeS1JRU4qCDc:lv7I8Eo09RkKCPgi8bLh1+

authentihash dcbe13acc257706f0b35ec9a1b7fb573a58f518404c26ff7918b4a0e50f3c99b
imphash 5a498eee87e4d89512a84502f500181f
File size 92.0 KB ( 94208 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (64.6%)
Win32 Dynamic Link Library (generic) (15.4%)
Win32 Executable (generic) (10.5%)
Generic Win/DOS Executable (4.6%)
DOS Executable Generic (4.6%)
Tags
peexe aspack usb-autorun via-tor

VirusTotal metadata
First submission 2010-02-03 15:46:48 UTC ( 9 years, 2 months ago )
Last submission 2018-01-19 16:47:08 UTC ( 1 year, 3 months ago )
File names bveijo.exe
20352-bveijo.exe
7219BDB065697298D2FA91F2509E9124ED91DA449D0317182D77D02B4C6DBA00.EXE
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

TrendMicro-HouseCall
TrendMicro's heuristic engine has flagged this file as: Suspicious_GEN.F47V1212.

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!