× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 809b222ce868e1c4fa386b4be022284497b16675f48895c3603c661e882509e3
File name: c08f969b10cd70f5cc68dedd4141f347
Detection ratio: 54 / 61
Analysis date: 2017-03-26 05:09:03 UTC ( 2 years ago ) View latest
Antivirus Result Update
Ad-Aware Win32.Sober.Gen 20170326
AegisLab W32.W.Sober.x!c 20170326
AhnLab-V3 Worm/Win32.Sober.R64652 20170325
ALYac Win32.Sober.Gen 20170326
Antiy-AVL Worm[Email]/Win32.Sober 20170326
Arcabit Win32.Sober.Gen 20170326
Avast Win32:Sober-BQ [Wrm] 20170326
AVG I-Worm/Sober.U 20170325
Avira (no cloud) DR/Sober.X 20170325
AVware Trojan.Win32.Generic!BT 20170326
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9965 20170323
BitDefender Win32.Sober.Gen 20170326
CAT-QuickHeal (Suspicious) - DNAScan 20170325
Comodo TrojWare.Win32.TrojanDropper.Sober.X0 20170325
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20170130
Cyren W32/SuspPack.DH.gen!Eldorado 20170326
DrWeb Win32.HLLM.Sober 20170326
Emsisoft Win32.Sober.Gen (B) 20170326
Endgame malicious (high confidence) 20170317
ESET-NOD32 Win32/Sober.U 20170326
F-Prot W32/SuspPack.DH.gen!Eldorado 20170326
F-Secure Win32.Sober.Gen 20170326
Fortinet W32/Sober.W!tr.dldr 20170326
GData Win32.Sober.Gen 20170326
Ikarus Email-Worm.Win32.Sober 20170325
Sophos ML virtool.win32.obfuscator.c 20170203
Jiangmin I-Worm/Sober.o 20170326
K7AntiVirus Trojan ( 003b1b581 ) 20170326
K7GW Trojan ( 003b1b581 ) 20170326
Kaspersky Email-Worm.Win32.Sober.x 20170326
McAfee W32/Sober.u.dr 20170326
McAfee-GW-Edition W32/Sober.u.dr 20170326
Microsoft Worm:Win32/Sober.X@mm.dr 20170326
eScan Win32.Sober.Gen 20170326
NANO-Antivirus Trojan.Win32.Sober.wkaqn 20170326
nProtect Worm/W32.Sober.135680 20170326
Palo Alto Networks (Known Signatures) generic.ml 20170326
Panda W32/Sober.AC.worm 20170325
Qihoo-360 Malware.Radar01.Gen 20170326
SentinelOne (Static ML) static engine - malicious 20170315
Sophos AV W32/Sober-R 20170326
Symantec W32.Sober.S@mm 20170325
Tencent Win32.Worm-email.Sober.Swkt 20170326
TheHacker W32/Sober.v 20170321
TotalDefense Win32/Sober.R 20170326
TrendMicro WORM_SOBER.AD 20170326
TrendMicro-HouseCall WORM_SOBER.AD 20170326
VBA32 Trojan.VBRA.0434 20170324
VIPRE Trojan.Win32.Generic!BT 20170326
ViRobot I-Worm.Win32.Sober.S[h] 20170326
Webroot W32.Malware.Gen 20170326
Yandex I-Worm.Sober.AE 20170323
Zillya Worm.Sober.Win32.32 20170323
ZoneAlarm by Check Point Email-Worm.Win32.Sober.x 20170326
Alibaba 20170325
ClamAV 20170326
CMC 20170325
Kingsoft 20170326
Malwarebytes 20170326
Rising None
SUPERAntiSpyware 20170326
Symantec Mobile Insight 20170324
Trustlook 20170326
WhiteArmor 20170315
Zoner 20170326
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Packers identified
PEiD Xtreme-Protector v1.05
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Entry Point 0x00001030
Number of sections 2
PE sections
Overlays
MD5 a94a9316a4a06fd48afa2e4d48f3a9cd
File type data
Offset 7521
Size 128159
Entropy 8.00
PE imports
LoadLibraryA
GetProcAddress
Number of PE resources by type
RT_ICON 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 2
GERMAN 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
0000:00:00 00:00:00

FileType
Win32 EXE

PEType
PE32

CodeSize
12288

LinkerVersion
0.41

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

Warning
Invalid Version Info block

EntryPoint
0x1030

InitializedDataSize
8192

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 c08f969b10cd70f5cc68dedd4141f347
SHA1 821108e2800260d81b35331dc0c5678639ec15d3
SHA256 809b222ce868e1c4fa386b4be022284497b16675f48895c3603c661e882509e3
ssdeep
3072:b05w1DAUljUztwu18fFNH8pUjqYVCg+rPT5sLQwmUe/cOHsluVsN1g:b0OzlIZ6N+pUjqe+7T5s0wmJEOMoVsN6

authentihash c31f7a1254392bfb007205fa26378b35d7fb94da35f8f6d25ed6d453a7aa8973
imphash 87bed5a7cba00c7e1f4015f1bdae2183
File size 132.5 KB ( 135680 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID DOS Executable Generic (100.0%)
Tags
peexe overlay

VirusTotal metadata
First submission 2012-12-07 21:51:58 UTC ( 6 years, 4 months ago )
Last submission 2012-12-07 21:51:58 UTC ( 6 years, 4 months ago )
File names c08f969b10cd70f5cc68dedd4141f347
Reg-List-Dat_Packer2.exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Written files
Deleted files
Created processes
Hooking activity
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.
UDP communications