× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 7e8390200ac14f0dbf2b5abe9f55ec5dd3d5c87c8557f0ac8c33eacdd194bd1a
File name: d234a238eb8686d08cd4e0b8b705da14
Detection ratio: 10 / 43
Analysis date: 2012-11-25 23:45:36 UTC ( 4 years, 3 months ago ) View latest
Antivirus Result Update
BitDefender Trojan.Generic.KDV.796015 20121125
DrWeb Trojan.Winlock.7431 20121125
ESET-NOD32 a variant of Win32/Injector.ZMJ 20121125
GData Trojan.Generic.KDV.796015 20121126
Kaspersky Trojan.Win32.Inject.ewud 20121126
Kingsoft Win32.Troj.Buzus.ms.(kcloud) 20121119
McAfee PWS-Zbot.gen.aqw 20121125
eScan Trojan.Generic.KDV.796015 20121125
Norman W32/Ransom.CNY None
TrendMicro-HouseCall TROJ_GEN.R47H1KP 20121126
Yandex 20121125
AhnLab-V3 20121125
AntiVir 20121125
Antiy-AVL 20121123
Avast 20121125
AVG 20121125
ByteHero 20121116
CAT-QuickHeal 20121125
ClamAV 20121125
Commtouch 20121125
Emsisoft 20121126
eSafe 20121121
F-Prot 20121125
F-Secure 20121125
Fortinet 20121125
Ikarus 20121125
Jiangmin 20121125
K7AntiVirus 20121124
McAfee-GW-Edition 20121125
Microsoft 20121125
nProtect 20121125
Panda 20121125
PCTools 20121125
Rising 20121123
Sophos 20121125
SUPERAntiSpyware 20121125
Symantec 20121126
TheHacker 20121125
TotalDefense 20121125
TrendMicro 20121126
VBA32 20121124
VIPRE 20121126
ViRobot 20121125
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-11-25 12:51:54
Entry Point 0x00001000
Number of sections 5
PE sections
PE imports
GetObjectA
DeleteDC
DeleteObject
BitBlt
GetStockObject
CreateBitmap
SetPixel
GetDIBits
SelectObject
CreateDIBSection
CreateCompatibleDC
GetObjectType
HeapAlloc
HeapFree
Sleep
GetModuleHandleA
HeapCreate
FreeLibrary
HeapDestroy
ExitProcess
TlsAlloc
GetVersionExA
LoadLibraryA
HeapReAlloc
GetProcAddress
malloc
fseek
fabs
floor
memset
fclose
free
ceil
fopen
strlen
memcpy
Shell_NotifyIconA
FillRect
CallWindowProcA
DestroyIcon
Number of PE resources by type
Struct(11822) 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 2
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2012:11:25 12:51:54+00:00

FileType
Win32 EXE

PEType
PE32

CodeSize
11822

LinkerVersion
2.5

EntryPoint
0x1000

InitializedDataSize
7168

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 d234a238eb8686d08cd4e0b8b705da14
SHA1 d07b448c346360f40de15f44ed912aa87bdabc93
SHA256 7e8390200ac14f0dbf2b5abe9f55ec5dd3d5c87c8557f0ac8c33eacdd194bd1a
ssdeep
768:aFDT6CCrZQoOR868R8Z8s888m8E8Qve7IXoesQrbaVlHPd3Sp9XbOOR7q04XqbIT:a51Rzq+5hRpfve7IXNpn7CabI4Yoevk8

File size 34.9 KB ( 35688 bytes )
File type Win32 EXE
Magic literal
MS-DOS executable PE for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Generic (38.3%)
Win32 Dynamic Link Library (generic) (34.1%)
Win16/32 Executable Delphi generic (9.3%)
Generic Win/DOS Executable (9.0%)
DOS Executable Generic (9.0%)
Tags
peexe

VirusTotal metadata
First submission 2012-11-25 23:45:36 UTC ( 4 years, 3 months ago )
Last submission 2012-11-28 21:31:57 UTC ( 4 years, 3 months ago )
File names d234a238eb8686d08cd4e0b8b705da14
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created processes
Terminated processes
Opened mutexes
Runtime DLLs
UDP communications