× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 74b702e1ff6a9dd95e2ef9e23e5fb6a1c4fe1a4e2f069289441102c22211deb5
File name: aa
Detection ratio: 37 / 42
Analysis date: 2011-02-06 02:05:30 UTC ( 6 years, 11 months ago )
Antivirus Result Update
AhnLab-V3 Win-Trojan/Fraudload.34816.J 20110127
AntiVir TR/Drop.Agent.34816 20110201
Antiy-AVL Trojan/Win32.FraudLoad.gen 20110128
Avast Win32:Trojan-gen 20110201
Avast5 Win32:Trojan-gen 20110201
AVG Downloader.Generic10.TSF 20110202
BitDefender Dropped:Generic.XPL.ADODB.F722E8AD 20110202
CAT-QuickHeal TrojanDownloader.FraudLoad.xf 20110202
Commtouch W32/MalwareF.QQZP 20110202
Comodo TrojWare.Win32.Trojan.Agent.Gen 20110202
DrWeb Trojan.DownLoad2.16232 20110201
Emsisoft Trojan-Downloader.Win32.FraudLoad!IK 20110202
F-Prot W32/MalwareF.QQZP 20110201
F-Secure Dropped:Generic.XPL.ADODB.F722E8AD 20110202
GData Dropped:Generic.XPL.ADODB.F722E8AD 20110202
Ikarus Trojan-Downloader.Win32.FraudLoad 20110202
Jiangmin TrojanDownloader.FraudLoad.qff 20110201
K7AntiVirus Trojan-Downloader 20110201
Kaspersky Trojan-Downloader.Win32.FraudLoad.xfyy 20110202
McAfee Generic.dx!ubd 20110202
McAfee-GW-Edition Generic.dx!ubd 20110202
Microsoft Trojan:Win32/Bumat!rts 20110201
NOD32 a variant of Win32/TrojanDropper.Agent.OWO 20110201
Norman Smalldrp.AYXJ 20110201
nProtect Trojan-Downloader/W32.Agent.34816.EA 20110201
Panda Trj/Zlob.KH 20110201
PCTools RogueAntiSpyware.PCDefender!rem 20110131
Prevx Medium Risk Malware Dropper 20110206
Rising Trojan.Win32.Generic.12470DEB 20110202
Sophos AV Mal/Generic-L 20110202
Symantec PCDefender 20110202
TheHacker Trojan/Downloader.FraudLoad.xfyy 20110130
TrendMicro TROJ_DLOADE.XN 20110202
TrendMicro-HouseCall TROJ_DLOADE.XN 20110202
VBA32 Trojan-Downloader.VBS.FraudLoad.d 20110201
VIPRE Trojan-Downloader.Win32.Fraudload 20110202
VirusBuster Trojan.DL.FraudLoad!/rFoz62y3sU 20110201
ClamAV 20110202
eTrust-Vet 20110201
Fortinet 20110202
SUPERAntiSpyware 20110202
ViRobot 20110202
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file.
PE header basic information
Number of sections 5
PE sections
PE imports
CreateFileA
FindResourceA
SetPriorityClass
LoadResource
GetCurrentProcess
WriteFile
SetProcessPriorityBoost
SizeofResource
lstrcatA
GetEnvironmentVariableA
SetThreadPriority
GetShortPathNameA
LockResource
GetModuleFileNameA
CloseHandle
lstrcpyA
GetSystemTimeAsFileTime
GetProcAddress
GetModuleHandleW
ExitProcess
DecodePointer
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
EncodePointer
GetLastError
LoadLibraryW
TlsGetValue
TlsSetValue
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
GetStdHandle
GetModuleFileNameW
HeapFree
Sleep
WideCharToMultiByte
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
RtlUnwind
HeapAlloc
IsProcessorFeaturePresent
LCMapStringW
MultiByteToWideChar
GetStringTypeW
ShellExecuteExA
File identification
MD5 c501dea99aa64c2f09fe819e8092ee91
SHA1 1689940bbc74fc94c08763acdebf8c10255b1aa2
SHA256 74b702e1ff6a9dd95e2ef9e23e5fb6a1c4fe1a4e2f069289441102c22211deb5
ssdeep
768:0IE0a7XhPb7lsSEDlnPj18XpgFUYn1OUuKxAC:0UUyiJY1OUuKx5

File size 34.0 KB ( 34816 bytes )
File type Win32 EXE
Magic literal

TrID Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
VirusTotal metadata
First submission 2010-09-20 22:04:29 UTC ( 7 years, 4 months ago )
Last submission 2011-02-06 02:05:30 UTC ( 6 years, 11 months ago )
File names wird.com
aa
2RvhNJE.xlsb
Behaviour characterization
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!