× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 81048ad15be2e618cb07a9eaafec6e781fc9485ca7e745d98c3536127e1a5853
File name: 001426437
Detection ratio: 52 / 54
Analysis date: 2016-02-02 16:07:29 UTC ( 3 years ago )
Antivirus Result Update
Ad-Aware Trojan.PWS.OnlineGames.KECE 20160202
AegisLab Troj.GameThief.W32.Magania.bzmm!c 20160202
Yandex Trojan.PWS.Magania.SPG 20160202
AhnLab-V3 Trojan/Win32.OnlineGameHack 20160202
ALYac Spyware.OnlineGames-GLG 20160202
Antiy-AVL Trojan[GameThief]/Win32.Magania 20160202
Arcabit Trojan.PWS.OnlineGames.KECE 20160202
Avast Win32:Kamso [Trj] 20160202
AVG Worm/AutoRun.IJ 20160202
Avira (no cloud) TR/PSW.OnLineGa.bbe 20160202
Baidu-International Trojan.Win32.Kamso.bbe 20160202
BitDefender Trojan.PWS.OnlineGames.KECE 20160202
Bkav W32.KavoQEA.Worm 20160202
CAT-QuickHeal Trojan.Agen.rw4 20160202
ClamAV Win.Trojan.Magania-812 20160202
Comodo TrojWare.Win32.PSW.Magania.~Bzmm 20160202
Cyren W32/Magania.NURJ-5235 20160202
DrWeb Trojan.PWS.Wsgame.12661 20160202
Emsisoft Trojan.PWS.OnlineGames.KECE (B) 20160202
ESET-NOD32 Win32/PSW.OnLineGames.NNU 20160202
F-Prot W32/Magania.CER 20160129
F-Secure Trojan.PWS.OnlineGames.KECE 20160202
Fortinet W32/OnlineGames!tr 20160202
GData Trojan.PWS.OnlineGames.KECE 20160202
Ikarus Trojan-GameThief.Win32.Magania 20160202
Jiangmin Trojan/PSW.Magania.ysw 20160202
K7AntiVirus Password-Stealer ( 0001a8f31 ) 20160202
K7GW Password-Stealer ( 0001a8f31 ) 20160202
Kaspersky Trojan-GameThief.Win32.Magania.bzmm 20160202
Malwarebytes Worm.AutoRun 20160202
McAfee Generic PWS.ak 20160202
McAfee-GW-Edition BehavesLike.Win32.Dropper.cc 20160202
Microsoft Worm:Win32/Taterf.B 20160202
eScan Trojan.PWS.OnlineGames.KECE 20160202
NANO-Antivirus Trojan.Win32.Magania.bdakw 20160202
nProtect Trojan/W32.Agent.112679 20160201
Panda W32/Lineage.LJI 20160202
Qihoo-360 Win32/Trojan.GameThief.d30 20160203
Rising PE:Packer.Win32.Nodef.c!1522068 [F] 20160202
Sophos AV Mal/Taterf-B 20160202
SUPERAntiSpyware Trojan.Agent/Gen-FakeAlert 20160202
Symantec W32.Gammima 20160202
Tencent Win32.Trojan-gamethief.Magania.Szbi 20160203
TheHacker Trojan/Magania.bzmm 20160202
TotalDefense Win32/Frethog.FEH 20160202
TrendMicro WORM_TATERF.FA 20160202
TrendMicro-HouseCall WORM_TATERF.FA 20160202
VBA32 BScope.Trojan.MTA.01233 20160202
VIPRE Trojan.Win32.Generic!SB.0 20160202
ViRobot Worm.Win32.Taterf.112679[h] 20160202
Zillya Trojan.Magania.Win32.12353 20160202
Zoner Trojan.OnLineGames.NNU 20160202
Alibaba 20160202
ByteHero 20160203
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2009-08-14 14:52:27
Entry Point 0x00036DB9
Number of sections 4
PE sections
PE imports
DeviceIoControl
GetWriteWatch
EnterCriticalSection
FindNextVolumeA
GetVersionExW
GetVolumePathNameW
ExitProcess
LoadLibraryA
GetDefaultCommConfigW
FreeEnvironmentStringsA
DeleteCriticalSection
GetEnvironmentStrings
GetCurrentProcessId
GenerateConsoleCtrlEvent
FoldStringW
GetCompressedFileSizeA
GetUserDefaultLCID
GetPrivateProfileIntW
FileTimeToSystemTime
EnumTimeFormatsA
GetComputerNameW
GetLogicalDrives
GetStringTypeA
GetFileAttributesExA
GetACP
EscapeCommFunction
EnumDateFormatsW
GetFileAttributesExW
DuplicateConsoleHandle
GetLogicalDriveStringsA
FindFirstVolumeA
GetProcessShutdownParameters
GlobalCompact
GetLogicalDriveStringsW
GetDiskFreeSpaceExW
IsBadReadPtr
GetPrivateProfileSectionA
Number of PE resources by type
RT_ICON 8
RT_STRING 4
RT_DIALOG 2
RT_ACCELERATOR 2
RT_GROUP_ICON 2
RT_MENU 1
RT_VERSION 1
Number of PE resources by language
CHINESE SIMPLIFIED 20
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2009:08:14 15:52:27+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
4096

LinkerVersion
15.3

Warning
Error processing PE data dictionary

FileTypeExtension
exe

InitializedDataSize
0

SubsystemVersion
4.0

EntryPoint
0x36db9

OSVersion
4.0

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 c0f6edd8f2c9e4e64a9743e0a1d1ef00
SHA1 74be53755188feec50c1041046d2d2d9722af891
SHA256 81048ad15be2e618cb07a9eaafec6e781fc9485ca7e745d98c3536127e1a5853
ssdeep
3072:+G8CXvhvwHiKSCY3OJN94BD0B/57kUqfTGI:Fii9CYOJH4+B/5gA

authentihash 1ca057c1cbee409fd40f0f0c036ff7138bbe8cdc6c3a102a87a36592db6e1464
imphash 85e868c292b0b1b8037b30d8d9a84819
File size 110.0 KB ( 112679 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable (generic) (52.9%)
Generic Win/DOS Executable (23.5%)
DOS Executable Generic (23.5%)
Tags
peexe

VirusTotal metadata
First submission 2009-08-30 17:55:47 UTC ( 9 years, 5 months ago )
Last submission 2015-06-12 07:34:29 UTC ( 3 years, 8 months ago )
File names TDZpy.gif
aa
001426437
WL-174f5387f8919517aef2114f033e20d6-0.ex$
file-3708721_exe
C0F6EDD8F2C9E4E64A9743E0A1D1EF00
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!