× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 7f9f8f9f582811ce3b38ad6cbe73822865288ebf8a48b61d7fe7cb76ad1c6209
File name: EC9BF84D53C.exe
Detection ratio: 37 / 46
Analysis date: 2013-04-17 08:51:48 UTC ( 5 years, 10 months ago )
Antivirus Result Update
Yandex Trojan.Injector!9dkoYzF2VBY 20130416
AhnLab-V3 Spyware/Win32.Zbot 20130416
AntiVir TR/Dropper.Gen8 20130417
Avast Win32:Rootkit-gen [Rtk] 20130417
AVG Win32/Cryptor 20130417
BitDefender Gen:Variant.Symmi.4990 20130417
CAT-QuickHeal TrojanSpy.SpyEyes.qpz 20130417
Commtouch W32/Trojan.KWXO-8249 20130417
Comodo UnclassifiedMalware 20130417
DrWeb Trojan.PWS.SpySweep.143 20130417
Emsisoft Gen:Variant.Symmi.4990 (B) 20130417
ESET-NOD32 a variant of Win32/Injector.YWC 20130417
F-Secure Gen:Variant.Symmi.4990 20130417
Fortinet W32/Injector.YVD!tr 20130417
GData Gen:Variant.Symmi.4990 20130417
Ikarus Virus.Win32.Cryptor 20130417
Jiangmin Trojan/Generic.axtww 20130417
K7AntiVirus Riskware 20130416
K7GW Riskware 20130416
Kaspersky Trojan-Spy.Win32.SpyEyes.qpz 20130417
Kingsoft Win32.Troj.Undef.(kcloud) 20130415
Malwarebytes Trojan.Ransom 20130417
McAfee PWS-Zbot.gen.apx 20130417
McAfee-GW-Edition PWS-Zbot.gen.apx 20130417
Microsoft Trojan:Win32/EyeStye.N 20130417
eScan Gen:Variant.Symmi.4990 20130417
NANO-Antivirus Trojan.Win32.SpySweep.bbowof 20130417
Norman Troj_Generic.FJFMY 20130416
nProtect Trojan-Spy/W32.Spyeye.391168 20130417
Panda Trj/Genetic.gen 20130416
Sophos AV Mal/Generic-S 20130417
Symantec WS.Reputation.1 20130417
TheHacker Trojan/Injector.ywc 20130416
TrendMicro TROJ_GEN.FCBCBKQ 20130417
TrendMicro-HouseCall TROJ_RANSOM.SMWX 20130417
VIPRE Trojan.Win32.Encpk.ahq (v) 20130417
ViRobot Trojan.Win32.A.SpyEyes.391168 20130417
Antiy-AVL 20130417
ByteHero 20130417
ClamAV 20130417
eSafe 20130415
F-Prot 20130416
PCTools 20130417
SUPERAntiSpyware 20130417
TotalDefense 20130417
VBA32 20130416
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-06-08 22:34:19
Entry Point 0x000010E4
Number of sections 8
PE sections
PE imports
GetFileTitleA
PrintDlgW
GetFileTitleW
CommDlgExtendedError
PrintDlgExA
GetLastError
HeapFree
GetStdHandle
EnterCriticalSection
SetHandleCount
GetOEMCP
ExitProcess
TlsAlloc
GetVersionExA
GetModuleFileNameA
RtlUnwind
LoadLibraryA
GetLocalTime
DeleteCriticalSection
GetStartupInfoA
GetEnvironmentStrings
GetFileType
SetConsoleCtrlHandler
UnhandledExceptionFilter
GetVolumeInformationW
SetDefaultCommConfigA
GetCommandLineA
GetProcAddress
GetProcessHeap
SetFilePointer
RaiseException
GetCPInfo
TlsFree
GetModuleHandleA
WriteFile
CloseHandle
GetComputerNameExW
GetACP
GetStringTypeW
GetVersion
GlobalMemoryStatus
GetTimeZoneInformation
InitializeCriticalSection
lstrcpyA
VirtualQuery
VirtualFree
TlsGetValue
GetProfileIntA
TlsSetValue
CreateFileA
HeapAlloc
GetCurrentThreadId
VirtualAlloc
SetLastError
LeaveCriticalSection
wsprintfA
MessageBoxA
EnumThreadWindows
VerFindFileA
GetFileVersionInfoW
GetFileVersionInfoA
VerInstallFileW
PE exports
Number of PE resources by type
RT_RCDATA 1
RT_STRING 1
Number of PE resources by language
NEUTRAL 1
ENGLISH US 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2012:06:08 23:34:19+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
36864

LinkerVersion
5.0

FileAccessDate
2013:04:17 09:51:53+01:00

EntryPoint
0x10e4

InitializedDataSize
353792

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

FileCreateDate
2013:04:17 09:51:53+01:00

UninitializedDataSize
0

File identification
MD5 bfb6f015904a30f3742d70b7e064bc0c
SHA1 eab3d912e200fa84f68fbd43fbe1f034a581bfa2
SHA256 7f9f8f9f582811ce3b38ad6cbe73822865288ebf8a48b61d7fe7cb76ad1c6209
ssdeep
6144:2syegrkAkGUT+kt2mglMnXEI9N7VhxVOw/5exkkUWeZzyUiRgMI7Wlw5qTjEI+pj:G8+02bncN7vmYexrK5MmWu5qr

File size 382.0 KB ( 391168 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (38.0%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
VXD Driver (0.1%)
Tags
peexe

VirusTotal metadata
First submission 2012-11-13 21:40:55 UTC ( 6 years, 3 months ago )
Last submission 2013-04-17 08:51:48 UTC ( 5 years, 10 months ago )
File names 1849d829022a4d59aa38b7a198e5572aac28c7f5
aa
EC9BF84D53C.exe.virus
ol90R5sg.jar
G3Iv6Y.dotm
EC9BF84D53C.exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!