× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 76c24af9d020303e0a87c89305cec56dbff19170edf4133a00141ad0ecce510b
File name: vt-upload-1HliM
Detection ratio: 36 / 46
Analysis date: 2013-08-17 08:09:29 UTC ( 8 months, 1 week ago )
Antivirus Result Update
AVG PSW.Generic11.BEUG 20130816
Agnitum Trojan.PWS.Tepfer!XDhMHuTsNOs 20130816
AhnLab-V3 Trojan/Win32.Tepfer 20130816
AntiVir TR/PSW.Tepfer.orbb 20130817
Avast Win32:Trojan-gen 20130817
BitDefender Trojan.Generic.9465593 20130817
CAT-QuickHeal TrojanPWS.Fareit 20130816
Commtouch W32/Trojan.FZYB-5214 20130817
Comodo UnclassifiedMalware 20130817
DrWeb Trojan.PWS.Stealer.3231 20130817
ESET-NOD32 Win32/PSW.Fareit.A 20130816
Emsisoft Trojan.Win32.Fareit (A) 20130817
F-Prot W32/Trojan3.FRR 20130817
F-Secure Trojan.Generic.9465593 20130817
Fortinet W32/Tepfer.ORBB!tr 20130817
GData Trojan.Generic.9465593 20130817
Ikarus Trojan.Injector 20130817
K7AntiVirus Trojan 20130817
K7GW Trojan 20130816
Kaspersky Trojan-PSW.Win32.Tepfer.orbb 20130817
Malwarebytes Trojan.PWS.Tepfer 20130816
McAfee PWS-Zbot.gen.ab 20130817
McAfee-GW-Edition PWS-Zbot.gen.ab 20130817
MicroWorld-eScan Trojan.Generic.9465593 20130817
Microsoft PWS:Win32/Fareit 20130817
NANO-Antivirus Trojan.Win32.Tepfer.bzfkqo 20130817
Norman Troj_Generic.NLKGV 20130816
PCTools Trojan.Gen 20130817
Panda Trj/Tepfer.B 20130816
Sophos Troj/Agent-ADAU 20130817
Symantec Trojan.Gen.3 20130817
TrendMicro TSPY_ZBOT.CEN 20130817
TrendMicro-HouseCall TSPY_ZBOT.CEN 20130817
VBA32 TrojanPSW.Tepfer 20130816
VIPRE Trojan.Win32.Generic!BT 20130817
ViRobot Trojan.Win32.U.Agent.155648 20130817
Antiy-AVL 20130817
ByteHero 20130814
ClamAV 20130817
Jiangmin 20130817
Kingsoft 20130723
Rising 20130816
SUPERAntiSpyware 20130817
TheHacker 20130817
TotalDefense 20130816
nProtect 20130816
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
PEiD Armadillo v1.71
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-08-01 09:23:54
Link date 10:23 AM 8/1/2013
Entry Point 0x0001E4E3
Number of sections 3
PE sections
PE imports
CreateRoundRectRgn
CreatePalette
SetMapMode
SetTextCharacterExtra
BuildCommDCBA
GetLastError
HeapFree
GetStdHandle
LCMapStringW
SetHandleCount
GetOEMCP
LCMapStringA
HeapDestroy
ExitProcess
VirtualProtect
GetModuleFileNameA
RtlUnwind
LoadLibraryA
FreeEnvironmentStringsA
GetStartupInfoA
GetEnvironmentStrings
GetCPInfo
UnhandledExceptionFilter
MultiByteToWideChar
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
WideCharToMultiByte
GetStringTypeA
GetModuleHandleA
ReadFile
WriteFile
GetCurrentProcess
GetACP
HeapReAlloc
GetStringTypeW
TerminateProcess
HeapCreate
VirtualFree
GetEnvironmentStringsW
GetFileType
CreateFileA
HeapAlloc
GetVersion
VirtualAlloc
CreateMenu
DlgDirListA
GetWindowRect
IsZoomed
GetSystemMenu
ChildWindowFromPoint
CreateDialogParamA
GetKeyboardType
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2013:08:01 10:23:54+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
131072

LinkerVersion
6.0

EntryPoint
0x1e4e3

InitializedDataSize
24576

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 b7fa4173cf694f53a2597e9eca21ab4c
SHA1 863c998dcb57fa9c53bd0d156866a9b42298cbd0
SHA256 76c24af9d020303e0a87c89305cec56dbff19170edf4133a00141ad0ecce510b
ssdeep
3072:Teak8bc8G9lQPfzK1+YpY/VRb9kdRfIbKewo8J:TW18GDVps1kdRf

File size 152.0 KB ( 155648 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.1%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe armadillo

VirusTotal metadata
First submission 2013-08-01 10:10:23 UTC ( 8 months, 3 weeks ago )
Last submission 2013-08-05 09:54:31 UTC ( 8 months, 3 weeks ago )
File names snapshot876905_iphone.pic.png.exe
b7fa4173cf694f53a2597e9eca21ab4c.bin
file-5789150_exe
malekal_b7fa4173cf694f53a2597e9eca21ab4c
vt-upload-C0cmS
vt-upload-QN1cv
863C998DCB57FA9C53BD0D156866A9B42298CBD0.exe
vt-upload-QOIQO
snapshot_iphone.pic.png.exe
vti-rescan
vt-upload-u9lu2
9192e7781eb9344bc3f2e298e94be60b739a21aa
vt-upload-1HliM
T87596848950037593847.pdf.exe
vt-upload-O1ZLT
b7fa4173cf694f53a2597e9eca21ab4c
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!