× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 798b0c15e36486b1cc531bda2562b5b94baa2a305db988e6e6a8ec0670ba2f24
File name: 798b0c15e36486b1cc531bda2562b5b94baa2a305db988e6e6a8ec0670ba2f24.vir
Detection ratio: 45 / 54
Analysis date: 2016-01-18 00:57:09 UTC ( 2 years, 10 months ago )
Antivirus Result Update
Ad-Aware Trojan.Crypt.Delf.AG 20160117
Yandex Trojan.PWS.Banker!Xu4pST1nc7g 20160117
AhnLab-V3 Downloader/Win32.Banload 20160117
ALYac Trojan.Crypt.Delf.AG 20160118
Antiy-AVL Trojan[Downloader]/Win32.Delf 20160117
Arcabit Trojan.Crypt.Delf.AG 20160118
Avast Win32:Delf-RQM [Trj] 20160118
AVG Downloader.Banload.BRKK 20160118
Avira (no cloud) TR/Dldr.Banload.aea.42 20160117
AVware Trojan.Win32.Banload.taa (v) 20160111
Baidu-International Trojan.Win32.Banker.snqm 20160117
BitDefender Trojan.Crypt.Delf.AG 20160118
Bkav W32.BeletoBI.Trojan 20160116
CAT-QuickHeal Downloader.Banload.019649 20160116
CMC Trojan-Banker.Win32.Banker!O 20160111
Comodo UnclassifiedMalware 20160118
DrWeb Trojan.PWS.Banker.62591 20160118
Emsisoft Trojan.Crypt.Delf.AG (B) 20160118
ESET-NOD32 a variant of Win32/TrojanDownloader.Banload.QOW 20160118
Fortinet W32/Banload.QOW!tr 20160118
GData Trojan.Crypt.Delf.AG 20160118
Ikarus Trojan-Banker.Win32.Banker 20160117
Jiangmin Trojan/Jorik.ahla 20160117
K7AntiVirus Trojan ( 7000000f1 ) 20160117
K7GW Trojan ( 7000000f1 ) 20160117
Kaspersky Trojan-Banker.Win32.Banker.snqm 20160118
McAfee Artemis!9727FE4C46DA 20160117
McAfee-GW-Edition BehavesLike.Win32.Downloader.cc 20160117
Microsoft TrojanDownloader:Win32/Banload.AEA 20160117
eScan Trojan.Crypt.Delf.AG 20160117
NANO-Antivirus Trojan.Win32.Banload.jttzu 20160118
nProtect Trojan.Crypt.Delf.AG 20160115
Panda Generic Malware 20160117
Qihoo-360 Malware.Radar01.Gen 20160118
Rising PE:Malware.Generic(Thunder)!1.A1C4 [F] 20160117
Sophos AV Mal/Behav-130 20160117
Symantec Trojan.Gen 20160117
TheHacker Trojan/Banker.snqm 20160116
TotalDefense Win32/Bancos.ABUM 20160117
TrendMicro TROJ_BANLOAD.FFG 20160118
TrendMicro-HouseCall TROJ_BANLOAD.FFG 20160118
VBA32 TrojanBanker.Banker 20160117
VIPRE Trojan.Win32.Banload.taa (v) 20160118
ViRobot Trojan.Win32.A.Banker.159744.C[UPX][h] 20160117
Zillya Downloader.Banload.Win32.33257 20160117
AegisLab 20160117
Alibaba 20160115
ByteHero 20160118
ClamAV 20160117
Cyren 20160118
F-Prot 20160118
Malwarebytes 20160118
SUPERAntiSpyware 20160117
Zoner 20160117
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
F-PROT UPX
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1992-06-19 22:22:17
Entry Point 0x000686B0
Number of sections 3
PE sections
PE imports
VirtualFree
ExitProcess
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
RegCloseKey
ImageList_Add
SaveDC
VariantCopy
SHGetSpecialFolderPathA
VerQueryValueA
Number of PE resources by type
RT_STRING 16
RT_BITMAP 11
RT_GROUP_CURSOR 7
RT_CURSOR 7
RT_RCDATA 3
RT_DIALOG 1
RT_ICON 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 45
PORTUGUESE BRAZILIAN 2
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
1992:06:19 23:22:17+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
155648

LinkerVersion
2.25

FileTypeExtension
exe

InitializedDataSize
8192

SubsystemVersion
4.0

EntryPoint
0x686b0

OSVersion
4.0

ImageVersion
0.0

UninitializedDataSize
270336

File identification
MD5 9727fe4c46da6c810bab36f4fed6a33b
SHA1 76ce029ebe073cf75e9f93c4ec56ba850be0299f
SHA256 798b0c15e36486b1cc531bda2562b5b94baa2a305db988e6e6a8ec0670ba2f24
ssdeep
3072:6/LyseP/V9cN4uWMIyPvTVxpwoVRX8xz3jAGkPK9hPQoJxZRx:ePGT3uPTVvw2eBkjQhPPxv

authentihash 15455576f58d6cb082dd02303fc2781de6071c0c8b2fcab7df6a2d4c3fdd899c
imphash 1ec39138341d3d24bb310317d1504189
File size 156.0 KB ( 159744 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID UPX compressed Win32 Executable (41.1%)
Win32 EXE Yoda's Crypter (35.7%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Win16/32 Executable Delphi generic (2.7%)
Tags
peexe upx

VirusTotal metadata
First submission 2011-12-09 07:29:13 UTC ( 6 years, 11 months ago )
Last submission 2016-01-18 00:57:09 UTC ( 2 years, 10 months ago )
File names p1uzj3.vcf
aa
76ce029ebe073cf75e9f93c4ec56ba850be0299f.exe
t6odwu6OJ.inf
pv6xofP.msi
9727FE4C46DA6C810BAB36F4FED6A33B
1124095
Generic_139556-08.com
1123843
4C20AO6XaM.tiff
l6N6PdRWJe.scr
cavelense.php
Copy of .exe
configuracao.com
798b0c15e36486b1cc531bda2562b5b94baa2a305db988e6e6a8ec0670ba2f24.vir
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!