× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 8a9ff4bf365ed4daab735f0b42fc8f3f06cd88221bafd02b20c0a3e540598358
File name: 8a9ff4bf365ed4daab735f0b42fc8f3f06cd88221bafd02b20c0a3e540598358.vir
Detection ratio: 38 / 56
Analysis date: 2016-01-18 03:01:24 UTC ( 2 years, 11 months ago )
Antivirus Result Update
Ad-Aware Trojan.Generic.3202463 20160118
AegisLab DR-Dldr.NSIS.Agent 20160117
Antiy-AVL Trojan[Downloader]/NSIS.Agent 20160118
Arcabit Trojan.Generic.D30DD9F 20160118
Avast Win32:Malware-gen 20160118
AVG Generic16.BWSO 20160118
Avira (no cloud) DR/Dldr.NSIS.Agent.EK.1 20160117
AVware Trojan.Win32.Generic!BT 20160111
BitDefender Trojan.Generic.3202463 20160118
CAT-QuickHeal TrojanDownloader.NSIS.r4 20160116
Comodo TrojWare.Win32.Agent.~dfg 20160118
Cyren W32/Risk.UCEC-5517 20160118
DrWeb Trojan.DownLoader1.25799 20160118
Emsisoft Trojan.Generic.3202463 (B) 20160118
F-Prot W32/MalwareF.IFUV 20160118
F-Secure Trojan.Generic.3202463 20160118
Fortinet W32/Dloader.C!tr.NSIS 20160118
GData Trojan.Generic.3202463 20160118
Jiangmin TrojanDownloader.FrauLoad.a 20160118
Kaspersky Trojan-Downloader.NSIS.Agent.ek 20160118
McAfee Artemis!678CF6672EFF 20160118
McAfee-GW-Edition BehavesLike.Win32.Downloader.kc 20160118
Microsoft Trojan:Win32/Danglo!gmb 20160118
eScan Trojan.Generic.3202463 20160118
NANO-Antivirus Trojan.Win32.Agent.dsybl 20160118
nProtect Trojan-Downloader/W32.Agent.65578 20160115
Panda Trj/CI.A 20160117
Qihoo-360 Win32/Trojan.b7f 20160118
Rising PE:Malware.Generic/QRS!1.9E2D [F] 20160117
Sophos AV Mal/Generic-S 20160118
SUPERAntiSpyware Trojan.Agent/Gen 20160117
Symantec Trojan.ADH 20160117
Tencent Nsis.Trojan-downloader.Agent.Wpjw 20160118
TrendMicro-HouseCall TROJ_PAM_0000030250.T3 20160118
VBA32 TrojanDownloader.Agent 20160117
VIPRE Trojan.Win32.Generic!BT 20160118
ViRobot Worm.Win32.Agent.65578[h] 20160118
Zillya Downloader.Agent.Win32.181271 20160117
Yandex 20160117
AhnLab-V3 20160117
Alibaba 20160118
ALYac 20160118
Baidu-International 20160117
Bkav 20160118
ByteHero 20160118
ClamAV 20160118
CMC 20160111
ESET-NOD32 20160118
Ikarus 20160118
K7AntiVirus 20160117
K7GW 20160117
Malwarebytes 20160118
TheHacker 20160116
TotalDefense 20160117
TrendMicro 20160118
Zoner 20160118
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
Command NSIS
F-PROT NSIS
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2008-05-03 14:08:42
Entry Point 0x00003225
Number of sections 5
PE sections
Overlays
MD5 2d6973b4e0d0a50f124f67e245cde006
File type data
Offset 46080
Size 19498
Entropy 7.99
PE imports
RegDeleteKeyA
RegCloseKey
RegQueryValueExA
RegSetValueExA
RegEnumValueA
RegCreateKeyExA
RegOpenKeyExA
RegEnumKeyA
RegDeleteValueA
ImageList_Create
Ord(17)
ImageList_Destroy
ImageList_AddMasked
GetDeviceCaps
SetBkMode
CreateBrushIndirect
CreateFontIndirectA
SelectObject
SetBkColor
DeleteObject
SetTextColor
GetLastError
lstrlenA
GetFileAttributesA
GlobalFree
WaitForSingleObject
GetExitCodeProcess
CopyFileA
ExitProcess
SetFileTime
GlobalUnlock
GetModuleFileNameA
LoadLibraryA
GetShortPathNameA
GetCurrentProcess
LoadLibraryExA
CompareFileTime
GetPrivateProfileStringA
WritePrivateProfileStringA
GetFileSize
lstrcatA
CreateDirectoryA
DeleteFileA
GetWindowsDirectoryA
SetErrorMode
MultiByteToWideChar
GetCommandLineA
GlobalLock
SetFileAttributesA
SetFilePointer
GetTempPathA
CreateThread
lstrcmpiA
GetModuleHandleA
lstrcmpA
ReadFile
WriteFile
FindFirstFileA
CloseHandle
GetTempFileNameA
lstrcpynA
FindNextFileA
RemoveDirectoryA
GetSystemDirectoryA
GetDiskFreeSpaceA
ExpandEnvironmentStringsA
GetFullPathNameA
FreeLibrary
MoveFileA
CreateProcessA
GlobalAlloc
SearchPathA
FindClose
Sleep
CreateFileA
GetTickCount
GetVersion
GetProcAddress
SetCurrentDirectoryA
MulDiv
SHGetFileInfoA
SHGetSpecialFolderLocation
SHBrowseForFolderA
SHGetPathFromIDListA
ShellExecuteA
SHFileOperationA
EmptyClipboard
GetMessagePos
EndPaint
CharPrevA
EndDialog
BeginPaint
PostQuitMessage
DefWindowProcA
SetWindowTextA
SetClassLongA
LoadBitmapA
SetWindowPos
GetSystemMetrics
IsWindow
AppendMenuA
GetWindowRect
DispatchMessageA
ScreenToClient
SetDlgItemTextA
MessageBoxIndirectA
LoadImageA
GetDlgItemTextA
PeekMessageA
SetWindowLongA
IsWindowEnabled
GetSysColor
CheckDlgButton
GetDC
FindWindowExA
SystemParametersInfoA
CreatePopupMenu
wsprintfA
DialogBoxParamA
SetClipboardData
IsWindowVisible
GetClassInfoA
SetForegroundWindow
GetClientRect
CreateWindowExA
GetDlgItem
CreateDialogParamA
DrawTextA
EnableMenuItem
RegisterClassA
InvalidateRect
GetWindowLongA
SendMessageTimeoutA
SetTimer
LoadCursorA
TrackPopupMenu
SendMessageA
FillRect
ShowWindow
OpenClipboard
CharNextA
CallWindowProcA
GetSystemMenu
EnableWindow
CloseClipboard
DestroyWindow
ExitWindowsEx
SetCursor
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA
OleUninitialize
CoTaskMemFree
OleInitialize
CoCreateInstance
Number of PE resources by type
RT_ICON 7
RT_DIALOG 3
RT_MANIFEST 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 12
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2008:05:03 15:08:42+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
23040

LinkerVersion
6.0

FileTypeExtension
exe

InitializedDataSize
119808

SubsystemVersion
4.0

EntryPoint
0x3225

OSVersion
4.0

ImageVersion
0.0

UninitializedDataSize
1024

File identification
MD5 678cf6672eff36f91c217fe17ba38688
SHA1 ec23d79a9034cba5720040eb0f38454dca0a68c1
SHA256 8a9ff4bf365ed4daab735f0b42fc8f3f06cd88221bafd02b20c0a3e540598358
ssdeep
1536:WUeHiWRgkkjH8nyWmJO4Romu/FlYHWM9lb7EMm:Wd/vyWmJO45yMWmlb7EMm

authentihash ea8a4ac8bae76421da7e705a5fd1f7011e8446bb81b8270ffa1601e01c7a383f
imphash 099c0646ea7282d232219f8807883be0
File size 64.0 KB ( 65578 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID NSIS - Nullsoft Scriptable Install System (94.8%)
Win32 Executable MS Visual C++ (generic) (3.4%)
Win32 Dynamic Link Library (generic) (0.7%)
Win32 Executable (generic) (0.5%)
Generic Win/DOS Executable (0.2%)
Tags
nsis peexe overlay

VirusTotal metadata
First submission 2010-02-10 19:34:57 UTC ( 8 years, 10 months ago )
Last submission 2016-01-18 03:01:24 UTC ( 2 years, 11 months ago )
File names 425846
ms_w.exe_
678cf6672eff36f91c217fe17ba38688
aa
_5qmO1m0rW.pps
1266066878.ms_w.exe
1fac589f1e81bf776f203571f938552e
13263003945251238832
678CF6672EFF36F91C217FE17BA38688
ms_w.exe
8a9ff4bf365ed4daab735f0b42fc8f3f06cd88221bafd02b20c0a3e540598358.vir
ms_w.exe.20100210_0906
smona126834083401577203667
ec23d79a9034cba5720040eb0f38454dca0a68c1
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!