× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 776b26c9c516e1cd60871097e586026f73bc0f0c210582d1b2ea1ae7c954b2be
File name: rpcall.exe
Detection ratio: 34 / 39
Analysis date: 2012-05-07 11:19:33 UTC ( 4 years, 10 months ago ) View latest
Antivirus Result Update
AhnLab-V3 Win-Trojan/Xema.variant 20120507
AntiVir TR/PCK.CPEX-based.F.66 20120507
Avast Win32:Agent-WCR [Trj] 20120507
AVG BackDoor.RBot.AN 20120507
BitDefender IRC-Worm.Generic.1680 20120507
ClamAV Trojan.Agent-31916 20120507
Commtouch W32/Trojan3.AQK 20120507
Comodo Worm.Win32.Sdbot.gen_as2 20120507
DrWeb Trojan.Inject.251 20120507
Emsisoft Trojan.Inject!IK 20120507
eSafe Win32.CPEX-based.f 20120506
eTrust-Vet Win32/Rbot.IFD 20120504
F-Prot W32/Trojan3.AQK 20120506
F-Secure IRC-Worm.Generic.1680 20120507
GData IRC-Worm.Generic.1680 20120507
Ikarus Trojan.Inject 20120507
Jiangmin Backdoor/SdBot.hrf 20120507
K7AntiVirus Backdoor 20120505
Kaspersky Trojan-Banker.Win32.Bancos.zm 20120507
McAfee W32/Sdbot.worm.gen.as 20120507
McAfee-GW-Edition Heuristic.LooksLike.Win32.Suspicious.C!81 20120507
Microsoft VirTool:Win32/DelfInject.gen!L 20120507
NOD32 a variant of Win32/Injector.GGL 20120507
Norman W32/Smalldrp.OOW 20120506
nProtect Trojan/W32.Packer.132096.N 20120507
PCTools Net-Worm.Spybot.C!rem 20120507
Symantec W32.Spybot.Worm 20120507
TheHacker Trojan/CPEX-based.f 20120507
TrendMicro WORM_SDBOT.FLY 20120507
TrendMicro-HouseCall WORM_SDBOT.FLY 20120506
VBA32 Win32.TrojanDropper.Rime.Gen 20120507
VIPRE Trojan.Win32.Packer.PPP1.0.2 (ep) 20120507
ViRobot Backdoor.Win32.IRCBot.132096.B 20120507
VirusBuster Worm.RBot!YuGYfGBAt7w 20120507
Antiy-AVL 20120507
CAT-QuickHeal 20120507
Fortinet 20120507
Rising 20120507
SUPERAntiSpyware 20120411
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2007-03-12 01:55:20
Entry Point 0x00001000
Number of sections 2
PE sections
PE imports
VirtualFree
LoadLibraryA
VirtualAlloc
GetProcAddress
Number of PE resources by type
RT_RCDATA 1
Number of PE resources by language
NEUTRAL 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2007:03:12 02:55:20+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
2560

LinkerVersion
5.12

EntryPoint
0x1000

InitializedDataSize
128882

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 a183965f42bda106370d9bbcc0fc56b3
SHA1 5d5a53182e73742acb027bb3a3abc1472d02dde9
SHA256 776b26c9c516e1cd60871097e586026f73bc0f0c210582d1b2ea1ae7c954b2be
ssdeep
3072:IgK8/aeeV+9RA8rVM/VKlML3rjF+kXDq0tep9dSpJ8/:I+LeViRjhIxjF3DtepQc

authentihash 8f95eeecf701eddd7fc97ba031be06eb2ce7a7e43c873770c94fe8e39e99a597
imphash 09d0478591d4f788cb3e5ea416c25237
File size 129.0 KB ( 132096 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Tags
peexe

VirusTotal metadata
First submission 2007-10-14 06:05:51 UTC ( 9 years, 5 months ago )
Last submission 2016-12-12 11:56:55 UTC ( 3 months, 1 week ago )
File names rpcall.exe
rpcall.exe
vol1-C..WINDOWS.system32.inetsrv.rpcall.exe
A183965F42BDA106370D9BBCC0FC56B3
pcall.exe
rpcall._exe
rpcall.exe
rpcall.exe.copy0
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!