× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 769e98baad27b8752b1d2e3114e2ebbfcb8cd0655db86401be4cfecf825a93be
File name: 001652682
Detection ratio: 55 / 57
Analysis date: 2016-08-31 06:10:38 UTC ( 2 years, 7 months ago )
Antivirus Result Update
Ad-Aware Trojan.Generic.7407006 20160831
AegisLab Troj.GameThief.W32.Magania.cvin!c 20160831
AhnLab-V3 Dropper/Win32.OnlineGameHack.N49161475 20160830
ALYac Spyware.OnlineGames-GLG 20160831
Antiy-AVL Trojan[GameThief]/Win32.Magania.cvin 20160831
Avast Win32:Soolo [Trj] 20160831
AVG Dropper.Generic.BIQQ 20160831
Avira (no cloud) TR/PSW.OnLineGa.bbe 20160830
AVware Worm.Win32.Taterf.b (v) 20160831
Baidu Win32.Trojan-PSW.OnlineGames.a 20160831
BitDefender Trojan.Generic.7407006 20160830
Bkav W32.CdoosoftAX.Trojan 20160830
CAT-QuickHeal Worm.Taterf.D 20160830
ClamAV Win.Spyware.83217-2 20160831
CMC Trojan-GameThief.Win32.Magania!O 20160830
Comodo TrojWare.Win32.GameThief.Magania.~cvin 20160831
Cyren W32/Trojan.RHPW-0575 20160831
DrWeb Trojan.PWS.Wsgame.12661 20160831
Emsisoft Trojan.Generic.7407006 (B) 20160831
ESET-NOD32 Win32/PSW.OnLineGames.NNU 20160831
F-Prot W32/Trojan3.BOY 20160831
F-Secure Trojan.Generic.7407006 20160831
Fortinet W32/OnlineGames.LVO!tr.pws 20160831
GData Trojan.Generic.7407006 20160831
Ikarus Trojan-GameThief.Win32.Magania 20160830
Sophos ML worm.win32.taterf.b 20160830
Jiangmin Trojan/PSW.Magania.alzq 20160831
K7AntiVirus Trojan ( 0001140e1 ) 20160830
K7GW Trojan ( 0001140e1 ) 20160831
Kaspersky Trojan-GameThief.Win32.Magania.cvin 20160831
Kingsoft Win32.PSWTroj.Magania.115347 20160831
Malwarebytes Spyware.PasswordStealer 20160831
McAfee Generic PWS.ak 20160831
McAfee-GW-Edition BehavesLike.Win32.Generic.cc 20160831
Microsoft Worm:Win32/Taterf.B 20160831
eScan Trojan.Generic.7407006 20160831
NANO-Antivirus Trojan.Win32.Magania.vrzqt 20160831
nProtect Trojan-PWS/W32.WebGame.115347 20160831
Panda W32/Lineage.LGJ 20160830
Qihoo-360 HEUR/Malware.QVM19.Gen 20160831
Rising Malware.Generic!UN3GLg1nAZI@1 (thunder) 20160831
Sophos AV Mal/Taterf-A 20160831
SUPERAntiSpyware Trojan.Agent/Gen-FakeAlert 20160831
Symantec W32.Gammima.AG 20160831
Tencent Win32.Trojan-gamethief.Magania.Ecad 20160831
TheHacker Trojan/Magania.cppb 20160829
TotalDefense Win32/Frethog.FWQ 20160831
TrendMicro TSPY_ONLINEG.LVO 20160831
TrendMicro-HouseCall TSPY_ONLINEG.LVO 20160831
VBA32 Trojan-PSW.Win32.OnlineGames.3 20160830
VIPRE Worm.Win32.Taterf.b (v) 20160831
ViRobot Worm.Win32.Taterf.115347[h] 20160831
Yandex Worm.Taterf.Gen!Pac.2 20160830
Zillya Trojan.Magania.Win32.20616 20160830
Zoner Trojan.OnLineGames.NNU 20160831
Alibaba 20160831
Arcabit 20160831
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2009-12-06 07:17:53
Entry Point 0x0000101D
Number of sections 6
PE sections
PE imports
GetPrivateProfileSectionNamesA
GetStdHandle
GetUserDefaultLangID
GetFileAttributesA
GlobalGetAtomNameW
ExitProcess
FlushFileBuffers
LoadLibraryA
DisconnectNamedPipe
GetStartupInfoA
FileTimeToLocalFileTime
GetWindowsDirectoryW
ExitVDM
GetFileSize
GetCompressedFileSizeW
GetSystemDefaultLCID
EnumTimeFormatsA
GetLogicalDrives
GetCommandLineA
EnumResourceTypesA
GetVolumeNameForVolumeMountPointA
GetModuleHandleA
GetProcessPriorityBoost
CreateFileMappingA
ExitThread
EscapeCommFunction
GetProcessAffinityMask
GetProcessShutdownParameters
FatalExit
CreateEventA
GetDiskFreeSpaceExW
GetFullPathNameW
GetFileAttributesExA
GetSystemWindowsDirectoryW
FindResourceA
GetCurrentProcessId
FindFirstVolumeW
Number of PE resources by type
RT_ICON 8
RT_STRING 4
RT_MENU 4
RT_DIALOG 2
RT_ACCELERATOR 2
RT_GROUP_ICON 2
RT_VERSION 1
Number of PE resources by language
CHINESE SIMPLIFIED 23
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2009:12:06 08:17:53+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
4096

LinkerVersion
3.2

Warning
Error processing PE data dictionary

FileTypeExtension
exe

InitializedDataSize
0

SubsystemVersion
4.0

EntryPoint
0x101d

OSVersion
4.0

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 f55b53da7c92cec3e38c0036e4347376
SHA1 8f482e85fc276d6d9f43a28d76d26c117b0ab5a1
SHA256 769e98baad27b8752b1d2e3114e2ebbfcb8cd0655db86401be4cfecf825a93be
ssdeep
1536:COofupvTWG3oApLhjwIK+1ue3Mek1g0CtJslSdaY/fwQ/pF7/4RSBt3vp:guN/hQaT8b9CklSdaYgQ/bDDt3h

authentihash 744581ac1c7bf3ee747e53d815595afcd4a40e8bb586e26ed35e12d0cae8f0b6
imphash 1dd20fecac4bab9126cca12331c112ce
File size 112.6 KB ( 115347 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable (generic) (52.9%)
Generic Win/DOS Executable (23.5%)
DOS Executable Generic (23.5%)
Tags
corrupt peexe usb-autorun

VirusTotal metadata
First submission 2009-12-06 14:08:01 UTC ( 9 years, 4 months ago )
Last submission 2015-06-12 07:39:23 UTC ( 3 years, 10 months ago )
File names herss.exe
001652682
8f482e85fc276d6d9f43a28d76d26c117b0ab5a1.bin
F55B53DA7C92CEC3E38C0036E4347376
2id9.exe
2id9.exe
file-3178833_exe
file-662640_exe
Behaviour characterization
Zemana
dll-injection

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!