× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 84c2d6503779ec54f56f399412bc6998a91cfa225102c77fdea8a3f74c72c391
File name: 1059-f9bf4c3fab69cdae9336be07527705120d8d8030
Detection ratio: 44 / 55
Analysis date: 2014-10-12 13:13:28 UTC ( 3 years, 7 months ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Symmi.37344 20141012
Yandex Trojan.PWS.Delf!UuIr1Zqsp0Q 20141012
AhnLab-V3 Trojan/Win32.Banbra 20141012
Antiy-AVL Trojan[PSW]/Win32.Delf 20141012
Avast Win32:GenMalicious-ABK [Trj] 20141012
AVG PSW.Generic9.BVAW 20141012
Avira (no cloud) TR/ATRAPS.Gen 20141012
AVware Trojan.Win32.Generic.pak!cobra 20141012
Baidu-International Trojan.Win32.InfoStealer.an 20141012
BitDefender Gen:Variant.Symmi.37344 20141012
Bkav W32.Clodcc1.Trojan.6c5d 20141011
CMC Trojan-PSW.Win32.Delf!O 20141009
Comodo UnclassifiedMalware 20141011
Cyren W32/Banker.T.gen!Eldorado 20141012
DrWeb Trojan.AVKill.16934 20141012
Emsisoft Gen:Variant.Symmi.37344 (B) 20141012
ESET-NOD32 a variant of Win32/PSW.FakeMSN.NDM 20141012
F-Prot W32/Banker.T.gen!Eldorado 20141009
F-Secure Gen:Variant.Symmi.37344 20141012
Fortinet W32/FakeMSN.NCI!tr 20141012
GData Gen:Variant.Symmi.37344 20141012
Ikarus Trojan-Banker.Win32.Banbra 20141012
Jiangmin TrojanDownloader.Generic.syw 20141011
K7AntiVirus Trojan ( 7000000f1 ) 20141010
K7GW Trojan ( 7000000f1 ) 20141011
Kaspersky Trojan-PSW.Win32.Delf.hjw 20141012
Malwarebytes Trojan.Banker 20141012
McAfee Artemis!E7FB6A53AF03 20141012
McAfee-GW-Edition BehavesLike.Win32.Trojan.hc 20141012
Microsoft PWS:Win32/Fakemsn.H 20141012
eScan Gen:Variant.Symmi.37344 20141012
NANO-Antivirus Trojan.Win32.ATRAPS.mssvp 20141012
Norman Troj_Generic.AWKTC 20141012
Panda Generic Malware 20141011
Qihoo-360 Win32/Trojan.PSW.624 20141012
Rising PE:Trojan.Win32.Generic.12BE7852!314472530 20141012
Sophos AV Mal/FauxMSN-A 20141012
SUPERAntiSpyware Trojan.Agent/Gen-PWS 20141011
Symantec Trojan.Gen 20141012
Tencent Win32.Trojan-qqpass.Qqrob.Anpr 20141012
TheHacker Trojan/PSW.Delf.hjw 20141010
VBA32 TrojanPSW.Delf 20141010
VIPRE Trojan.Win32.Generic.pak!cobra 20141012
Zillya Trojan.Delf.Win32.44017 20141012
AegisLab 20141012
ByteHero 20141012
CAT-QuickHeal 20141011
ClamAV 20141012
Kingsoft 20141012
nProtect 20141012
TotalDefense 20141012
TrendMicro 20141012
TrendMicro-HouseCall 20141012
ViRobot 20141012
Zoner 20141010
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
F-PROT UPX
PEiD UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-04-02 21:45:01
Entry Point 0x001C7530
Number of sections 3
PE sections
PE imports
VirtualFree
ExitProcess
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
RegCloseKey
ImageList_Add
AlphaBlend
IsEqualGUID
VariantCopy
VerQueryValueW
OpenPrinterW
Number of PE resources by type
RT_STRING 26
RT_GROUP_CURSOR 7
RT_CURSOR 7
RT_RCDATA 5
RT_ICON 1
RT_MANIFEST 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 30
ENGLISH US 15
PORTUGUESE BRAZILIAN 3
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2012:04:02 22:45:01+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
532480

LinkerVersion
2.25

FileAccessDate
2014:10:12 14:14:50+01:00

EntryPoint
0x1c7530

InitializedDataSize
16384

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

FileCreateDate
2014:10:12 14:14:50+01:00

UninitializedDataSize
1331200

Compressed bundles
File identification
MD5 e7fb6a53af03dafddd3a1b152e5fe646
SHA1 f9bf4c3fab69cdae9336be07527705120d8d8030
SHA256 84c2d6503779ec54f56f399412bc6998a91cfa225102c77fdea8a3f74c72c391
ssdeep
12288:ypiy1xiv0r69TFeS3k/0gBTyD9ne4rIn+OUnc/t+Kfoww8Df:U1xd8TwGk/0gBiefFUXKfjDf

authentihash 44160bad5a1db87b7178859152baf8826af6a467f37da6720c02b04d5eca8385
imphash 4ce3dc6aadd56ab4dfbb4d1e6f555a73
File size 532.5 KB ( 545280 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID UPX compressed Win32 Executable (42.3%)
Win32 EXE Yoda's Crypter (36.7%)
Win32 Dynamic Link Library (generic) (9.1%)
Win32 Executable (generic) (6.2%)
Generic Win/DOS Executable (2.7%)
Tags
peexe upx

VirusTotal metadata
First submission 2012-04-03 01:49:10 UTC ( 6 years, 1 month ago )
Last submission 2014-10-12 13:13:28 UTC ( 3 years, 7 months ago )
File names VirusShare_e7fb6a53af03dafddd3a1b152e5fe646
aa
84c2d6503779ec54f56f399412bc6998a91cfa225102c77fdea8a3f74c72c391
e7fb6a53af03dafddd3a1b152e5fe646
maria.tx
okKezas.msc
maria.txt
1059-f9bf4c3fab69cdae9336be07527705120d8d8030
file-3760419_txt
f9bf4c3fab69cdae9336be07527705120d8d8030.exe
foLPjXWO7r.xdp
smona_84c2d6503779ec54f56f399412bc6998a91cfa225102c77fdea8a3f74c72c391.bin
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!