× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 81b376f60b99fa629db73440ef7c0515c89367c227b253bcb01b6433b7990777
File name: 7fd9031bfd8f4722a87efbd85fcf901533781efe
Detection ratio: 3 / 55
Analysis date: 2015-08-09 19:37:07 UTC ( 3 years, 7 months ago ) View latest
Antivirus Result Update
Avira (no cloud) TR/Crypt.EPACK.1458 20150809
Kaspersky Trojan-Spy.Win32.Zbot.vugc 20150809
Qihoo-360 Win32/Trojan.4f9 20150809
Ad-Aware 20150809
AegisLab 20150809
Yandex 20150809
AhnLab-V3 20150809
Alibaba 20150803
ALYac 20150809
Antiy-AVL 20150809
Arcabit 20150809
Avast 20150809
AVG 20150809
AVware 20150809
Baidu-International 20150809
BitDefender 20150809
Bkav 20150807
ByteHero 20150809
CAT-QuickHeal 20150808
ClamAV 20150808
Comodo 20150809
Cyren 20150809
DrWeb 20150809
Emsisoft 20150809
ESET-NOD32 20150809
F-Prot 20150809
F-Secure 20150807
Fortinet 20150809
GData 20150809
Ikarus 20150809
Jiangmin 20150807
K7AntiVirus 20150809
K7GW 20150809
Kingsoft 20150809
Malwarebytes 20150809
McAfee 20150809
McAfee-GW-Edition 20150809
Microsoft 20150809
eScan 20150809
NANO-Antivirus 20150809
nProtect 20150807
Panda 20150809
Rising 20150809
Sophos AV 20150809
SUPERAntiSpyware 20150809
Symantec 20150809
TheHacker 20150809
TotalDefense 20150809
TrendMicro 20150809
TrendMicro-HouseCall 20150809
VBA32 20150809
VIPRE 20150809
ViRobot 20150809
Zillya 20150808
Zoner 20150809
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2005-07-28 16:31:04
Entry Point 0x00001000
Number of sections 7
PE sections
PE imports
GetMetaFileBitsEx
GetCharABCWidthsFloatW
GdiGetDevmodeForPage
GetEnhMetaFilePixelFormat
GetGlyphOutlineW
GdiDeleteSpoolFileHandle
GetWinMetaFileBits
SetStretchBltMode
GetCharWidth32A
RealizePalette
Number of PE resources by type
RT_MENU 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
CHINESE SIMPLIFIED 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2005:07:28 17:31:04+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
205312

LinkerVersion
0.0

EntryPoint
0x1000

InitializedDataSize
37904

SubsystemVersion
4.1

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 21448f88cc66f7247f52e3aaeb1169c4
SHA1 548f48f504607075eb950dfa2c83ff5a9199e77f
SHA256 81b376f60b99fa629db73440ef7c0515c89367c227b253bcb01b6433b7990777
ssdeep
1536:v6UQ06gxyTHLdWUQ1EEiXJMoeg09u8dYofVq:i06g2oUYEEiX2vg09Xpk

authentihash 9f26598b0421b5439598553422beb268bf2ba973bc28221e572190bc73bd579d
imphash e90312ba72f031cb18f67b220e4569d2
File size 246.5 KB ( 252416 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable (generic) (52.7%)
Generic Win/DOS Executable (23.4%)
DOS Executable Generic (23.4%)
VXD Driver (0.3%)
Tags
peexe

VirusTotal metadata
First submission 2015-08-09 18:32:02 UTC ( 3 years, 7 months ago )
Last submission 2015-08-09 19:37:07 UTC ( 3 years, 7 months ago )
File names 7fd9031bfd8f4722a87efbd85fcf901533781efe
Advanced heuristic and reputation engines
TrendMicro-HouseCall
TrendMicro's heuristic engine has flagged this file as: TROJ_GEN.R03AC0DHE15.

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Created mutexes
Opened mutexes
Runtime DLLs