× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 785e854effad5c9f5ca3a553043859938624de05b03c26e580dda0012598b511
File name: E1B795180C95BF1EE318232DDBE6AB3E
Detection ratio: 35 / 43
Analysis date: 2011-08-13 06:46:44 UTC ( 7 years, 7 months ago )
Antivirus Result Update
AhnLab-V3 Win-Trojan/Hijacker.34624 20110812
AntiVir TR/Hijacker.Gen 20110812
Avast Win32:Malware-gen 20110812
Avast5 Win32:Malware-gen 20110812
AVG PSW.OnlineGames3.AAWE 20110813
BitDefender Trojan.Generic.4667372 20110813
CAT-QuickHeal TrojanGameThief.OnLineGames.v 20110812
Commtouch W32/OnlineGames.DG.gen!Eldorado 20110812
Comodo TrojWare.Win32.Buzus.jhfs 20110813
DrWeb Trojan.MulDrop.12903 20110813
eSafe Win32.TRHijacker 20110810
eTrust-Vet Win32/Gamepass.MSZ 20110812
F-Prot W32/OnlineGames.DG.gen!Eldorado 20110812
F-Secure Trojan.Generic.4667372 20110813
GData Trojan.Generic.4667372 20110813
Ikarus Trojan.Hijacker 20110813
Jiangmin Trojan/PSW.OnLineGames.blja 20110812
K7AntiVirus Riskware 20110812
Kaspersky Trojan-GameThief.Win32.OnLineGames.vzsn 20110813
McAfee Generic Dropper.os.gen.a 20110813
McAfee-GW-Edition Generic Dropper.os.gen.a 20110813
Microsoft PWS:Win32/OnLineGames.GS 20110813
NOD32 probably a variant of Win32/PSW.OnLineGames.BUFSPJH 20110813
Norman Suspicious_Gen2.AFTHL 20110812
nProtect Trojan-PWS/W32.WebGame.34624 20110812
Panda Trj/Lineage.BZE 20110812
PCTools Trojan.Dropper 20110813
Prevx Medium Risk Malware 20110813
Rising Trojan.Win32.Generic.11F014B9 20110812
Sophos AV Mal/PWS-FN 20110813
Symantec Trojan.Dropper 20110813
VBA32 Trojan-GameThief.Win32.OnLineGames.wdun 20110810
VIPRE Trojan.Win32.Generic!BT 20110812
ViRobot Trojan.Win32.S.PSWIGames.34624 20110813
VirusBuster Trojan.PWS.OnLineGames!3lG7DyiNRSk 20110812
Antiy-AVL 20110813
ClamAV 20110813
Emsisoft 20110813
Fortinet 20110813
SUPERAntiSpyware 20110813
TheHacker 20110813
TrendMicro 20110813
TrendMicro-HouseCall 20110813
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file.
PE header basic information
Number of sections 5
PE sections
PE imports
AdjustTokenPrivileges
OpenProcessToken
LookupPrivilegeValueA
VirtualAllocEx
VirtualFreeEx
VirtualProtectEx
ReadProcessMemory
WriteProcessMemory
CreateProcessA
GetModuleFileNameA
GetCurrentProcess
SetThreadContext
ResumeThread
GetThreadContext
malloc
fclose
__3@YAXPAX@Z
fread
fseek
fopen
free
File identification
MD5 e1b795180c95bf1ee318232ddbe6ab3e
SHA1 665b9d5420dc25f66da2c64a390f761ac637948f
SHA256 785e854effad5c9f5ca3a553043859938624de05b03c26e580dda0012598b511
ssdeep
768:ygDPPX9CwwJ7kWGKJvZJdmYxVsnupPtwOvfSRm1HXne:yh57k4FZeYv+4FwOT13e

File size 33.8 KB ( 34624 bytes )
File type Win32 EXE
Magic literal

TrID Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
VirusTotal metadata
First submission 2010-01-27 14:01:59 UTC ( 9 years, 1 month ago )
Last submission 2011-08-13 06:46:44 UTC ( 7 years, 7 months ago )
File names E1B795180C95BF1EE318232DDBE6AB3E
aa
zv3xBgMK.vbs
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!