× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 84a9b12a483c988796b18c0fcf19a285321ff2894a5a3ba8cba61626496e4cde
File name: 225ff074a07d837ed8a19d8ed66fda6a
Detection ratio: 47 / 57
Analysis date: 2015-02-10 09:53:05 UTC ( 4 years, 1 month ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Zusy.101658 20150210
Yandex Worm.AutoRun!kR88Ss6z+yk 20150208
AhnLab-V3 HEUR/Fakon.mwf 20150210
ALYac Gen:Variant.Zusy.101658 20150210
Antiy-AVL Trojan/Win32.Agent 20150210
Avast Win32:Malware-gen 20150210
AVG Agent4.BMSO 20150210
Avira (no cloud) TR/Nohad.A.17 20150210
AVware Trojan.Win32.Generic!BT 20150210
Baidu-International Trojan.Win32.Agent.Anx 20150210
BitDefender Gen:Variant.Zusy.101658 20150210
CAT-QuickHeal Worm.Nohad.A9 20150205
Comodo UnclassifiedMalware 20150210
Cyren W32/Trojan.KDXB-0268 20150210
DrWeb Win32.HLLW.Autoruner2.14226 20150210
Emsisoft Gen:Variant.Zusy.101658 (B) 20150210
ESET-NOD32 Win32/AutoRun.Delf.QI 20150210
F-Prot W32/Trojan2.OEMC 20150210
F-Secure Gen:Variant.Zusy.101658 20150210
Fortinet W32/Agent.ADTMI!tr 20150210
GData Gen:Variant.Zusy.101658 20150210
Ikarus Worm.Win32.AutoRun 20150210
Jiangmin Trojan/Agent.kehh 20150209
K7AntiVirus P2PWorm ( 00496ab31 ) 20150210
K7GW P2PWorm ( 00496ab31 ) 20150210
Kaspersky Trojan.Win32.Agent.adtmi 20150210
Kingsoft Win32.Troj.Agent.(kcloud) 20150210
McAfee W32/Autorun-FSV!225FF074A07D 20150210
McAfee-GW-Edition W32/Autorun-FSV!225FF074A07D 20150209
Microsoft Worm:Win32/Nohad.A 20150210
eScan Gen:Variant.Zusy.101658 20150210
NANO-Antivirus Trojan.Win32.Agent.dcfdop 20150210
Norman Malware 20150210
nProtect Trojan/W32.Agent.3953152.B 20150210
Qihoo-360 HEUR/QVM04.0.Malware.Gen 20150210
Rising PE:Trojan.Win32.Generic.1651F9A0!374471072 20150209
Sophos AV Mal/Delf-EZ 20150210
Symantec Trojan.Gen.2 20150210
Tencent Win32.Trojan.Agent.Hoot 20150210
TheHacker Trojan/AutoRun.Delf.qi 20150209
TotalDefense Win32/Tnega.AUMK 20150210
TrendMicro TROJ_GEN.R03BC0DKS14 20150210
TrendMicro-HouseCall WORM_SOHANAD.SM0 20150210
VBA32 Trojan.Agent.adtmi 20150210
VIPRE Trojan.Win32.Generic!BT 20150210
Zillya Trojan.Agent.Win32.458180 20150209
Zoner I-Worm.AutoRun.Delf.QI 20150209
AegisLab 20150210
Alibaba 20150210
Bkav 20150209
ByteHero 20150210
ClamAV 20150209
CMC 20150209
Malwarebytes 20150210
Panda 20150209
SUPERAntiSpyware 20150210
ViRobot 20150210
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
llanero solitario

Publisher Perú
Product llanero solitario
Original name llanero solitario
Internal name llanero solitario
File version 1.0.0.0
Description Explorador de Windows
Comments www.facebook.com/llaneroinformatico
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-01-04 03:51:28
Entry Point 0x00002164
Number of sections 9
PE sections
PE imports
RegCreateKeyExW
RegDeleteValueW
RegOpenKeyA
RegCloseKey
RegRestoreKeyW
RegSetValueExW
RegUnLoadKeyW
RegQueryInfoKeyW
RegConnectRegistryW
RegEnumKeyExW
RegOpenKeyExW
RegSetValueExA
RegSaveKeyW
RegFlushKey
RegReplaceKeyW
RegEnumValueW
RegDeleteKeyW
RegQueryValueExW
RegLoadKeyW
ImageList_BeginDrag
ImageList_SetBkColor
ImageList_GetImageInfo
FlatSB_SetScrollInfo
ImageList_SetImageCount
Ord(17)
FlatSB_GetScrollInfo
ImageList_DragMove
FlatSB_SetScrollProp
ImageList_Remove
ImageList_GetDragImage
ImageList_DrawEx
ImageList_SetIconSize
ImageList_Write
ImageList_GetImageCount
ImageList_Replace
ImageList_SetOverlayImage
ImageList_Destroy
_TrackMouseEvent
ImageList_Draw
ImageList_GetIconSize
ImageList_DragLeave
ImageList_GetBkColor
ImageList_GetIcon
FlatSB_SetScrollPos
ImageList_ReplaceIcon
ImageList_DragEnter
ImageList_Add
InitializeFlatSB
FlatSB_GetScrollPos
ImageList_DragShowNolock
ImageList_Create
ImageList_Read
ImageList_Copy
ImageList_LoadImageW
ImageList_EndDrag
SetDIBits
PolyPolyline
GetTextMetricsW
SetMapMode
GetWindowOrgEx
GetPaletteEntries
CombineRgn
GetViewportOrgEx
CopyEnhMetaFileW
SetPixel
EndDoc
IntersectClipRect
AngleArc
GetTextExtentPointW
CreatePalette
CreateDIBitmap
GetDIBits
ExtCreateRegion
GetEnhMetaFileBits
StretchBlt
StretchDIBits
ArcTo
Pie
SetWindowExtEx
Arc
SetViewportExtEx
ExtCreatePen
SetBkColor
SetWinMetaFileBits
GetDIBColorTable
DeleteEnhMetaFile
CreateFontIndirectW
SetStretchBltMode
EnumFontsW
GetCurrentPositionEx
GetBitmapBits
GetBrushOrgEx
ExcludeClipRect
SetBkMode
BitBlt
SetAbortProc
FrameRgn
CreateBrushIndirect
SelectPalette
StartDocW
SetROP2
EndPage
SetDIBColorTable
GetTextColor
DeleteObject
CreatePenIndirect
PatBlt
GetClipBox
Rectangle
GetDeviceCaps
LineTo
DeleteDC
SetEnhMetaFileBits
GetSystemPaletteEntries
StartPage
GetObjectW
CreateDCW
RealizePalette
ExtTextOutW
CreateBitmap
RectVisible
GetStockObject
PlayEnhMetaFile
UnrealizeObject
GdiFlush
SelectClipRgn
RoundRect
GetWinMetaFileBits
GetEnhMetaFileDescriptionW
GetEnhMetaFileHeader
SetWindowOrgEx
GetTextExtentPoint32W
Polygon
CreateHalftonePalette
GetRgnBox
SaveDC
CreateICW
MaskBlt
GetEnhMetaFilePaletteEntries
RestoreDC
GetPixel
CreateDIBSection
SetTextColor
ExtFloodFill
GetCurrentObject
MoveToEx
EnumFontFamiliesExW
SetViewportOrgEx
CreateRoundRectRgn
CreateCompatibleDC
PolyBezierTo
PolyBezier
Chord
SetBrushOrgEx
CreateRectRgn
SelectObject
CreateCompatibleBitmap
CreateSolidBrush
Polyline
AbortDoc
Ellipse
SetThreadLocale
GetStdHandle
FileTimeToSystemTime
GetFileAttributesA
SetEvent
GetDriveTypeA
FindFirstFileW
HeapDestroy
GetFileAttributesW
GetLocalTime
DeleteCriticalSection
GetCurrentProcess
GetLocaleInfoA
LocalAlloc
UnhandledExceptionFilter
ExpandEnvironmentStringsA
SetErrorMode
GetLocaleInfoW
IsDBCSLeadByteEx
GetCPInfo
GetStringTypeA
GetDiskFreeSpaceW
InterlockedExchange
WriteFile
WaitForSingleObject
GetStringTypeW
ResumeThread
SetFileAttributesA
GetOEMCP
LocalFree
FormatMessageW
GetThreadPriority
GetTimeZoneInformation
LoadResource
FindClose
InterlockedDecrement
GetFullPathNameW
SetLastError
GetUserDefaultUILanguage
InitializeCriticalSection
GlobalFindAtomW
GetModuleFileNameW
TryEnterCriticalSection
CopyFileA
ExitProcess
SwitchToThread
GetModuleFileNameA
SetConsoleCtrlHandler
EnumSystemLocalesW
LoadLibraryExW
MultiByteToWideChar
EnumCalendarInfoW
SetFilePointer
GlobalAddAtomW
CreateThread
GetSystemDefaultUILanguage
GetExitCodeThread
MulDiv
GetSystemTimes
ExitThread
WaitForMultipleObjectsEx
GlobalAlloc
VirtualQueryEx
SetEndOfFile
GetVersion
LeaveCriticalSection
HeapFree
EnterCriticalSection
SetHandleCount
LoadLibraryW
GetVersionExW
FreeLibrary
QueryPerformanceCounter
GetTickCount
TlsAlloc
VirtualProtect
GetVersionExA
LoadLibraryA
RtlUnwind
GlobalSize
GetStartupInfoA
CreateDirectoryA
DeleteFileA
GetDateFormatW
GetStartupInfoW
GetUserDefaultLCID
GetProcessHeap
EnumResourceNamesW
CompareStringW
FindFirstFileA
GetCurrentThreadId
ResetEvent
FindNextFileA
IsValidLocale
lstrcmpW
GetProcAddress
CreateEventW
CreateFileW
IsDebuggerPresent
GetFileType
TlsSetValue
CreateFileA
HeapAlloc
InterlockedIncrement
GetLastError
GlobalDeleteAtom
GetSystemInfo
GlobalFree
LCMapStringA
GetThreadLocale
GetEnvironmentStringsW
GlobalUnlock
VirtualQuery
lstrlenW
FileTimeToLocalFileTime
GetEnvironmentStrings
GetCurrentProcessId
LockResource
GetCommandLineW
WideCharToMultiByte
HeapSize
InterlockedCompareExchange
GetCurrentThread
SuspendThread
GetSystemDefaultLangID
RaiseException
TlsFree
GetModuleHandleA
ReadFile
CloseHandle
GetACP
GlobalLock
GetModuleHandleW
FreeResource
GetCPInfoExW
SizeofResource
TlsGetValue
HeapCreate
FindResourceW
VirtualFree
Sleep
SetThreadPriority
VirtualAlloc
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW
DocumentPropertiesW
OpenPrinterW
ClosePrinter
EnumPrintersW
Ord(203)
PE exports
Number of PE resources by type
RT_STRING 25
RT_ICON 10
RT_GROUP_CURSOR 8
RT_CURSOR 8
RT_RCDATA 3
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 30
NEUTRAL 27
PE resources
ExifTool file metadata
CodeSize
3129344

SubsystemVersion
5.0

Comments
www.facebook.com/llaneroinformatico

LinkerVersion
5.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.0.0.0

LanguageCode
Unknown (280A)

FileFlagsMask
0x003f

FileDescription
Explorador de Windows

CharacterSet
Windows, Latin1

InitializedDataSize
196608

FileOS
Win32

MIMEType
application/octet-stream

LegalCopyright
llanero solitario

FileVersion
1.0.0.0

TimeStamp
2014:01:04 04:51:28+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
llanero solitario

FileAccessDate
2015:02:10 10:53:13+01:00

ProductVersion
1.0.0.0

UninitializedDataSize
0

OSVersion
4.0

FileCreateDate
2015:02:10 10:53:13+01:00

OriginalFilename
llanero solitario

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Per

LegalTrademarks
llanero solitario

ProductName
llanero solitario

ProductVersionNumber
1.0.0.0

EntryPoint
0x2164

ObjectFileType
Executable application

File identification
MD5 225ff074a07d837ed8a19d8ed66fda6a
SHA1 ac98f128796f4c1a1d20d36014f51aca44dede87
SHA256 84a9b12a483c988796b18c0fcf19a285321ff2894a5a3ba8cba61626496e4cde
ssdeep
49152:0x211wH2zSLA5SSRLRG/nMPEZEHyTM7wdOY:s2EH2ib67wA

authentihash a8f30321cedfed835853327ec70b4ab4d5b3f298bada02f4106a79fa3c23572e
imphash 843299c818db927b8dbcafb217c5cf40
File size 3.8 MB ( 3953152 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Windows Screen Saver (60.5%)
Win32 Executable (generic) (20.8%)
Generic Win/DOS Executable (9.2%)
DOS Executable Generic (9.2%)
VXD Driver (0.1%)
Tags
peexe

VirusTotal metadata
First submission 2015-02-10 09:53:05 UTC ( 4 years, 1 month ago )
Last submission 2015-02-10 09:53:05 UTC ( 4 years, 1 month ago )
File names llanero solitario
225ff074a07d837ed8a19d8ed66fda6a
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Copied files
Created processes
Shell commands
Opened mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.