× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 7daeff97d260845479991cf97d49620624e86113012f03a29b4d2a4896ddf230
File name: 88E3.tmp
Detection ratio: 30 / 42
Analysis date: 2012-04-16 17:50:49 UTC ( 6 years, 6 months ago )
Antivirus Result Update
AhnLab-V3 Trojan/Win32.Agent 20120416
AntiVir TR/Agent.40960 20120416
Antiy-AVL Trojan/Win32.Agent.gen 20120416
Avast Win32:Rootkit-gen [Rtk] 20120416
AVG Agent3.BAAD 20120416
BitDefender Trojan.Generic.7036141 20120416
CAT-QuickHeal Trojan.Agent.hvph 20120416
Comodo UnclassifiedMalware 20120416
DrWeb Trojan.Packed.20771 20120416
Emsisoft Trojan.Win32.Agent!IK 20120416
F-Secure Trojan.Generic.7036141 20120416
Fortinet W32/Shiz.YWP!tr.bdr 20120416
GData Trojan.Generic.7036141 20120416
Ikarus Trojan.Win32.Agent 20120416
K7AntiVirus Trojan 20120416
Kaspersky Trojan.Win32.Agent.hvph 20120416
McAfee Generic.dx!bcgh 20120416
McAfee-GW-Edition Generic.dx!bcgh 20120416
Microsoft TrojanDownloader:Win32/Hacyayu.A 20120416
NOD32 a variant of Win32/Kryptik.WVR 20120416
Norman W32/Suspicious_Gen2.TXKIH 20120416
nProtect Trojan.Generic.7036141 20120416
Panda Trj/CI.A 20120416
PCTools Trojan.Gen 20120416
Symantec Trojan.Gen 20120416
TheHacker Posible_Worm32 20120416
TrendMicro TROJ_SPNR.16C912 20120416
TrendMicro-HouseCall TROJ_SPNR.16C912 20120416
VBA32 Trojan.Agent.hvph 20120416
VIPRE Trojan.Win32.Generic!BT 20120416
ByteHero 20120411
ClamAV 20120416
Commtouch 20120415
eSafe 20120415
eTrust-Vet 20120416
F-Prot 20120415
Jiangmin 20120416
Prevx 20120416
Rising 20120416
Sophos AV 20120416
SUPERAntiSpyware 20120402
ViRobot 20120416
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Unsweated

Publisher Piriform Ltd.
Product Gurian
File version 7.6.9.2
Description Mnemonicalist
Packers identified
F-PROT UPX_LZMA
PEiD UPX 2.93 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1998-10-22 22:36:57
Entry Point 0x000883D0
Number of sections 3
PE sections
PE imports
I_CryptSetTls
DeleteObject
LoadLibraryA, GetProcAddress, VirtualProtect, VirtualAlloc, VirtualFree, ExitProcess
CryptSetKeyParam
FindTextW
MprInfoDelete
IsChild
mmioClose
ExifTool file metadata
SubsystemVersion
4.0

InitializedDataSize
8192

ImageVersion
0.0

ProductName
Gurian

FileVersionNumber
7.6.9.2

UninitializedDataSize
524288

LanguageCode
Neutral

FileFlagsMask
0x003f

CharacterSet
Unicode

LinkerVersion
5.8

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
7.6.9.2

TimeStamp
1998:10:23 00:36:57+02:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
1.8.4.3

FileDescription
Mnemonicalist

OSVersion
4.0

FileOS
Windows NT 32-bit

LegalCopyright
Unsweated

MachineType
Intel 386 or later, and compatibles

CompanyName
Piriform Ltd.

CodeSize
32768

FileSubtype
0

ProductVersionNumber
1.8.4.3

EntryPoint
0x883d0

ObjectFileType
Executable application

File identification
MD5 545576c81df1082c811f574656b1e23e
SHA1 4e16af510fd92f82c269650d3ab4b3c3074d0441
SHA256 7daeff97d260845479991cf97d49620624e86113012f03a29b4d2a4896ddf230
ssdeep
768:f90J+g04mr9f3DGqwOl6Gsw+1GI62Nos6IRDyDLX15dvebnbcuyD7Uz/KO:f90IkmRfZwUts7aooV0DOLd2bnouy87K

File size 39.0 KB ( 39936 bytes )
File type Win32 EXE
Magic literal
MS-DOS executable PE for MS Windows (GUI) Intel 80386 32-bit, UPX compressed

TrID UPX compressed Win32 Executable (39.5%)
Win32 EXE Yoda's Crypter (34.3%)
Win32 Executable Generic (11.0%)
Win32 Dynamic Link Library (generic) (9.8%)
Generic Win/DOS Executable (2.5%)
Tags
upx

VirusTotal metadata
First submission 2011-12-05 14:53:01 UTC ( 6 years, 10 months ago )
Last submission 2012-04-16 17:50:49 UTC ( 6 years, 6 months ago )
File names 88E3.tmp
aa
jorC.jar
4e16af510fd92f82c269650d3ab4b3c3074d0441.bin
DPYRWMXAQL-780.pms.exe.SVD
5DB862A40037379B9C20007C2A17630053DA07F4.exe
3270527[1].exe
YYlo.rtf
15e1447[1].exe
vBG9Awvw.scr
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!