× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 76c24af9d020303e0a87c89305cec56dbff19170edf4133a00141ad0ecce510b
File name: vt-upload-1HliM
Detection ratio: 46 / 53
Analysis date: 2014-05-28 02:18:55 UTC ( 10 months ago )
Antivirus Result Update
AVG PSW.Generic11.BEUG 20140527
Ad-Aware Trojan.Generic.9465593 20140528
Agnitum Trojan.PWS.Tepfer!XDhMHuTsNOs 20140527
AhnLab-V3 Trojan/Win32.Tepfer 20140527
AntiVir TR/PSW.Tepfer.orbb 20140528
Antiy-AVL Trojan[PSW]/Win32.Tepfer 20140528
Avast Win32:Trojan-gen 20140528
Baidu-International Trojan.Win32.InfoStealer.aZTD 20140527
BitDefender Trojan.Generic.9465593 20140528
CAT-QuickHeal TrojanPWS.Fareit.cw3 20140527
ClamAV Win.Trojan.Fareit-179 20140527
Commtouch W32/Trojan.FZYB-5214 20140528
Comodo UnclassifiedMalware 20140527
DrWeb Trojan.PWS.Stealer.3231 20140528
ESET-NOD32 Win32/PSW.Fareit.A 20140528
Emsisoft Trojan.Win32.Farfli (A) 20140528
F-Prot W32/Trojan3.FRR 20140528
F-Secure Trojan.Generic.9465593 20140528
Fortinet W32/Tepfer.ORBB!tr 20140527
GData Trojan.Generic.9465593 20140528
Ikarus Trojan.Injector 20140528
K7AntiVirus Trojan ( 0001140e1 ) 20140527
K7GW Trojan ( 0001140e1 ) 20140527
Kaspersky Trojan-PSW.Win32.Tepfer.orbb 20140528
Kingsoft Win32.PSWTroj.Tepfer.or.(kcloud) 20140528
Malwarebytes Trojan.PWS.Tepfer 20140528
McAfee PWS-Zbot.gen.ab 20140528
McAfee-GW-Edition PWS-Zbot.gen.ab 20140527
MicroWorld-eScan Trojan.Generic.9465593 20140528
Microsoft PWS:Win32/Fareit 20140527
NANO-Antivirus Trojan.Win32.Tepfer.bzfkqo 20140528
Norman Troj_Generic.NLKGV 20140527
Panda Trj/Agent.IVN 20140527
Qihoo-360 Win32/Trojan.PSW.07a 20140528
Rising PE:Trojan.Win32.Generic.1586991A!361142554 20140527
Sophos Troj/Agent-ADAU 20140528
Symantec Trojan.Gen.3 20140528
Tencent Win32.Trojan-qqpass.Qqrob.Pitu 20140528
TotalDefense Win32/Fareit.TI 20140527
TrendMicro TSPY_ZBOT.CEN 20140528
TrendMicro-HouseCall TSPY_ZBOT.CEN 20140528
VBA32 TrojanPSW.Tepfer 20140527
VIPRE Trojan.Win32.Generic!BT 20140528
ViRobot Trojan.Win32.U.Agent.155648 20140527
Zillya Trojan.Tepfer.Win32.59484 20140528
nProtect Trojan.Generic.9465593 20140527
AegisLab 20140528
Bkav 20140527
ByteHero 20140528
CMC 20140526
Jiangmin 20140527
SUPERAntiSpyware 20140528
TheHacker 20140528
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
PEiD Armadillo v1.71
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-08-01 09:23:54
Link date 10:23 AM 8/1/2013
Entry Point 0x0001E4E3
Number of sections 3
PE sections
PE imports
CreateRoundRectRgn
CreatePalette
SetMapMode
SetTextCharacterExtra
BuildCommDCBA
GetLastError
HeapFree
GetStdHandle
LCMapStringW
SetHandleCount
GetOEMCP
LCMapStringA
HeapDestroy
ExitProcess
VirtualProtect
GetModuleFileNameA
RtlUnwind
LoadLibraryA
FreeEnvironmentStringsA
GetStartupInfoA
GetEnvironmentStrings
GetCPInfo
UnhandledExceptionFilter
MultiByteToWideChar
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
WideCharToMultiByte
GetStringTypeA
GetModuleHandleA
ReadFile
WriteFile
GetCurrentProcess
GetACP
HeapReAlloc
GetStringTypeW
TerminateProcess
HeapCreate
VirtualFree
GetEnvironmentStringsW
GetFileType
CreateFileA
HeapAlloc
GetVersion
VirtualAlloc
CreateMenu
DlgDirListA
GetWindowRect
IsZoomed
GetSystemMenu
ChildWindowFromPoint
CreateDialogParamA
GetKeyboardType
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2013:08:01 10:23:54+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
131072

LinkerVersion
6.0

FileAccessDate
2014:05:28 03:32:27+01:00

EntryPoint
0x1e4e3

InitializedDataSize
24576

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

FileCreateDate
2014:05:28 03:32:27+01:00

UninitializedDataSize
0

File identification
MD5 b7fa4173cf694f53a2597e9eca21ab4c
SHA1 863c998dcb57fa9c53bd0d156866a9b42298cbd0
SHA256 76c24af9d020303e0a87c89305cec56dbff19170edf4133a00141ad0ecce510b
ssdeep
3072:Teak8bc8G9lQPfzK1+YpY/VRb9kdRfIbKewo8J:TW18GDVps1kdRf

imphash 339a88487b46cd459b3c2c6bc1d26ff6
File size 152.0 KB ( 155648 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.1%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe armadillo

VirusTotal metadata
First submission 2013-08-01 10:10:23 UTC ( 1 year, 8 months ago )
Last submission 2013-08-05 09:54:31 UTC ( 1 year, 7 months ago )
File names snapshot876905_iphone.pic.png.exe
b7fa4173cf694f53a2597e9eca21ab4c.bin
file-5789150_exe
malekal_b7fa4173cf694f53a2597e9eca21ab4c
vt-upload-C0cmS
vt-upload-QN1cv
863C998DCB57FA9C53BD0D156866A9B42298CBD0.exe
vt-upload-QOIQO
snapshot_iphone.pic.png.exe
vti-rescan
vt-upload-u9lu2
9192e7781eb9344bc3f2e298e94be60b739a21aa
vt-upload-1HliM
T87596848950037593847.pdf.exe
vt-upload-O1ZLT
b7fa4173cf694f53a2597e9eca21ab4c
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!