× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 74a155b4646278f38da518b78200ce7e921e75d0a7026e729bd4483528c9e6b0
File name: 1
Detection ratio: 56 / 65
Analysis date: 2017-09-22 21:08:03 UTC ( 1 year, 4 months ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Zusy.Elzob.424 20170922
AegisLab Troj.Dropper.W32.Injector.eqbf!c 20170922
AhnLab-V3 Backdoor/Win32.Ruskill.R20912 20170922
ALYac Gen:Variant.Zusy.Elzob.424 20170922
Antiy-AVL Trojan[Dropper]/Win32.Injector 20170922
Arcabit Trojan.Zusy.Elzob.424 20170922
Avast Win32:Malware-gen 20170922
AVG Win32:Malware-gen 20170922
Avira (no cloud) TR/Crypt.ULPM.Gen 20170922
AVware Worm.Win32.Dorkbot 20170922
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20170922
BitDefender Gen:Variant.Zusy.Elzob.424 20170922
ClamAV Win.Trojan.Injector-12170 20170922
CMC Trojan-Dropper.Win32.Injector!O 20170920
Comodo UnclassifiedMalware 20170922
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20170804
Cylance Unsafe 20170922
Cyren W32/Backdoor.CSXB-3052 20170922
DrWeb Trojan.MulDrop3.26236 20170922
Emsisoft Gen:Variant.Zusy.Elzob.424 (B) 20170922
Endgame malicious (high confidence) 20170821
ESET-NOD32 a variant of Win32/Injector.MUV 20170922
F-Prot W32/Backdoor2.HQRT 20170922
F-Secure Gen:Variant.Zusy.Elzob.424 20170922
GData Win32.Trojan.Injector.E 20170922
Ikarus Trojan.VB.Crypt 20170922
Sophos ML heuristic 20170914
Jiangmin TrojanDropper.Injector.hwy 20170922
K7AntiVirus Trojan ( 003417bf1 ) 20170922
K7GW Trojan ( 003417bf1 ) 20170922
Kaspersky Trojan-Dropper.Win32.Injector.eqbf 20170922
Kingsoft Win32.Troj.Injector.(kcloud) 20170922
Malwarebytes Backdoor.Agent.WPM 20170922
MAX malware (ai score=80) 20170922
McAfee Generic.dx!7603F394EE85 20170922
McAfee-GW-Edition BehavesLike.Win32.Downloader.nc 20170922
Microsoft Worm:Win32/Dorkbot.I 20170922
eScan Gen:Variant.Zusy.Elzob.424 20170922
NANO-Antivirus Trojan.Win32.Inject.hgixa 20170922
nProtect Trojan/W32.Injector.93708 20170922
Panda Generic Malware 20170922
Qihoo-360 HEUR/Malware.QVM11.Gen 20170922
Rising Malware.Heuristic!ET#99% (RDM+:cmRtazr3EycVQbklU78JVhr8ptkG) 20170922
SentinelOne (Static ML) static engine - malicious 20170806
Sophos AV Troj/Agent-UMR 20170922
Symantec Trojan.Gen 20170922
Tencent Win32.Trojan-dropper.Injector.Aexn 20170922
TheHacker Trojan/Dropper.Injector.bkcj 20170921
TotalDefense Win32/Injector.PU 20170922
TrendMicro-HouseCall Possible_Virus 20170922
VBA32 Malware-Cryptor.VB.gen 20170922
VIPRE Worm.Win32.Dorkbot 20170922
Webroot W32.Backdoor.Gen 20170922
Yandex Trojan.DR.Injector!J5v5aXE2hQQ 20170908
Zillya Dropper.Injector.Win32.8430 20170922
ZoneAlarm by Check Point Trojan-Dropper.Win32.Injector.eqbf 20170922
Alibaba 20170911
Avast-Mobile 20170922
CAT-QuickHeal 20170922
Fortinet 20170922
Palo Alto Networks (Known Signatures) 20170922
SUPERAntiSpyware 20170922
Symantec Mobile Insight 20170922
TrendMicro 20170922
Trustlook 20170922
ViRobot 20170922
WhiteArmor 20170829
Zoner 20170922
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Product 4H37H
Internal name 1
File version 43.34.0003
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1970-06-29 01:05:30
Entry Point 0x00010C40
Number of sections 3
PE sections
Overlays
MD5 e29475d5a77f7e81ce0550c23e679f3d
File type data
Offset 36864
Size 56844
Entropy 6.63
PE imports
Ord(617)
VirtualFree
ExitProcess
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
Number of PE resources by type
RT_ICON 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 2
ENGLISH US 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
1970:06:29 02:05:30+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
16384

LinkerVersion
6.0

Warning
Invalid Version Info block

FileTypeExtension
exe

InitializedDataSize
4096

SubsystemVersion
4.0

EntryPoint
0x10c40

OSVersion
4.0

ImageVersion
43.34

UninitializedDataSize
49152

File identification
MD5 7603f394ee858ed0b698ad465b6fe9ba
SHA1 014375d101af84bea3f32f375dbb549bfaa01d77
SHA256 74a155b4646278f38da518b78200ce7e921e75d0a7026e729bd4483528c9e6b0
ssdeep
1536:5y9z0/NRyjy3HiRbJeUJ5R90TLlX6gk+NWDE3zc/lI8sgtoZuB:5ypjy3CRbJeoj90TL0gk+NWDyG68sv6

authentihash f77cc1f52aedf7f8303df15370da4b801266acd53d9162acf4334bfbff586bd1
imphash 9b03d3d17e442964814bc84501db1c79
File size 91.5 KB ( 93708 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 EXE Yoda's Crypter (63.7%)
Win32 Dynamic Link Library (generic) (15.7%)
Win32 Executable (generic) (10.8%)
Generic Win/DOS Executable (4.8%)
DOS Executable Generic (4.8%)
Tags
peexe overlay

VirusTotal metadata
First submission 2012-01-05 20:17:53 UTC ( 7 years ago )
Last submission 2014-03-26 22:22:52 UTC ( 4 years, 10 months ago )
File names file-3374336_exe
7603f394ee858ed0b698ad465b6fe9ba-extfud.exe
266834
ZD
1161760
extfud.exe
1160908
1
014375d101af84bea3f32f375dbb549bfaa01d77.bin
2.exe.vir
extfud.exe
smona132603696795689039156
7603F394EE858ED0B698AD465B6FE9BA
extfud.exe-sslbJQ
A.exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!