× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 8757190977b1ac40c6b0bcff494a216f207925faa2ba14d288b01d37cfe6e80e
File name: index.html@getexe=loader.ex
Detection ratio: 45 / 52
Analysis date: 2014-05-25 03:18:16 UTC ( 3 years, 5 months ago )
Antivirus Result Update
Ad-Aware Win32.Worm.Koobface.APB 20140525
Yandex Worm.Koobface!h+wJxeiQZw4 20140524
AhnLab-V3 Win32/Koobface.worm.39936.FR 20140524
AntiVir TR/Dropper.Gen 20140524
Avast Win32:Inject-ABT [Trj] 20140525
AVG Dropper.Generic.BQNB 20140525
Baidu-International Worm.Win32.Koobface.AHFx 20140524
BitDefender Win32.Worm.Koobface.APB 20140525
Bkav W32.Clod1d0.Trojan.721a 20140523
CAT-QuickHeal I-Worm.Koobface.fel.cw3 20140524
CMC Net-Worm.Win32.Koobface!O 20140525
Commtouch W32/Koobface.ADLX-0067 20140525
Comodo TrojWare.Win32.Trojan.Agent.Gen 20140524
DrWeb Trojan.MulDrop1.1888 20140525
Emsisoft Win32.Worm.Koobface.APB (B) 20140525
ESET-NOD32 Win32/Koobface.NCK 20140524
F-Prot W32/Koobface.FY 20140525
F-Secure Win32.Worm.Koobface.APB 20140524
Fortinet W32/VBInjector.AGB!tr 20140525
GData Win32.Worm.Koobface.APB 20140525
Ikarus Trojan-Dropper.Win32.VB 20140524
K7AntiVirus Trojan ( 000a95721 ) 20140523
K7GW Trojan ( 000a95721 ) 20140523
Kaspersky Net-Worm.Win32.Koobface.fel 20140524
Kingsoft Worm.Koobface.(kcloud) 20140525
Malwarebytes Trojan.Dropper 20140524
McAfee Artemis!DED34526BEDB 20140525
McAfee-GW-Edition Heuristic.BehavesLike.Win32.Suspicious-PKR.G 20140525
Microsoft VirTool:Win32/VBInject.gen!DB 20140525
eScan Win32.Worm.Koobface.APB 20140525
NANO-Antivirus Trojan.Win32.Koobface.roqi 20140525
Norman Troj_Generic.FQIDT 20140524
nProtect Win32.Worm.Koobface.APB 20140523
Panda Trj/Genetic.gen 20140524
Qihoo-360 Win32/Trojan.b7f 20140525
Rising PE:Trojan.Win32.Generic.11EC30A7!300691623 20140524
Sophos AV Troj/Koobfa-T 20140525
Symantec Downloader 20140525
TheHacker W32/Koobface.fel 20140523
TrendMicro WORM_KOOBFACE.JS 20140525
TrendMicro-HouseCall WORM_KOOBFACE.JS 20140525
VBA32 SScope.Trojan.VB.0155 20140523
VIPRE Trojan.Win32.Generic.pak!cobra 20140525
ViRobot Worm.Win32.S.Net-Koobface.39936.U 20140524
Zillya Worm.Koobface.Win32.5350 20140524
AegisLab 20140525
Antiy-AVL 20140525
ByteHero 20140525
ClamAV 20140525
Jiangmin 20140524
SUPERAntiSpyware 20140524
Tencent 20140515
TotalDefense 20140524
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
PEiD UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2010-02-13 22:30:45
Entry Point 0x0000FAA0
Number of sections 3
PE sections
PE imports
VirtualFree
ExitProcess
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
Ord(100)
CallWindowProcA
Number of PE resources by type
RT_ICON 3
RT_GROUP_ICON 1
RT_VERSION 1
4 1
Number of PE resources by language
NEUTRAL 4
ENGLISH US 1
ARABIC NEUTRAL 1
PE resources
ExifTool file metadata
UninitializedDataSize
24576

LinkerVersion
6.0

ImageVersion
1.0

FileVersionNumber
0.1.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

CharacterSet
Unicode

InitializedDataSize
4096

MIMEType
application/octet-stream

TimeStamp
2010:02:13 23:30:45+01:00

FileType
Win32 EXE

PEType
PE32

FileAccessDate
2014:05:25 04:18:22+01:00

SubsystemVersion
4.0

OSVersion
4.0

FileCreateDate
2014:05:25 04:18:22+01:00

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
36864

FileSubtype
0

ProductVersionNumber
0.1.0.0

EntryPoint
0xfaa0

ObjectFileType
Executable application

File identification
MD5 ded34526bedb0db9d8853dc7fd55e04e
SHA1 81a7f5ef70223ef43e53582fec38037267355b41
SHA256 8757190977b1ac40c6b0bcff494a216f207925faa2ba14d288b01d37cfe6e80e
ssdeep
768:6cK0+QyphKfUfCs4jrKWTxuv/tOVVn6JnPXN6YiWIYEB9zpzmjpO:6cK0+QWKHs4jrKa8v18wnfNCYszmjpO

imphash f79973fdd49a330bd99c2d8a45381012
File size 39.0 KB ( 39936 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID UPX compressed Win32 Executable (32.7%)
Win64 Executable (generic) (29.6%)
Win32 EXE Yoda's Crypter (28.4%)
Win32 Executable (generic) (4.8%)
Generic Win/DOS Executable (2.1%)
Tags
peexe upx

VirusTotal metadata
First submission 2010-02-14 00:14:36 UTC ( 7 years, 9 months ago )
Last submission 2014-05-25 03:18:16 UTC ( 3 years, 5 months ago )
File names Face_DED34.exe
81a7f5ef70223ef43e53582fec38037267355b41_index.ex
B
C17A7F5500B8392F9C2700851B8FB100A8801CD2.exe
d
setup.exe-BsLTQN
ded34526bedb0db9d8853dc7fd55e04e
setup.exe.91
setup.exe.1
429909
index.html@getexe=loader.ex
setup__1_.exe
smona126676551575047871408
index.html_getexe_loader.exe.912393033.20100213_2045
427068
setup.exe
malw_46.ex_
428418
ded34526bedb0db9d8853dc7fd55e04e_
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!