× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 8b3587b7d7394deb5be7645752a9d237e31b52b8ca14d465508cfb955d0cbc66
File name: 8b3587b7d7394deb5be7645752a9d237e31b52b8ca14d465508cfb955d0cbc66
Detection ratio: 33 / 42
Analysis date: 2012-07-11 18:49:35 UTC ( 6 years, 8 months ago ) View latest
Antivirus Result Update
AhnLab-V3 Win-Trojan/Agent.117248.GV 20120711
AntiVir TR/Agent.117248.18 20120711
Antiy-AVL Trojan/win32.agent.gen 20120711
Avast Win32:Malware-gen 20120711
AVG Generic26.LDI 20120711
BitDefender DeepScan:Generic.Malware.P!.5936F6C7 20120711
CAT-QuickHeal TrojanBanker.Agent.fyn 20120711
Comodo UnclassifiedMalware 20120711
DrWeb Trojan.Click2.26269 20120711
Emsisoft Trojan-Banker.Win32.Agent!IK 20120711
eSafe Win32.TRAgent 20120710
F-Secure DeepScan:Generic.Malware.P!.5936F6C7 20120711
Fortinet W32/Trackr!tr 20120711
GData DeepScan:Generic.Malware.P!.5936F6C7 20120711
Ikarus Trojan-Banker.Win32.Agent 20120711
Jiangmin Trojan/Banker.Agent.bhj 20120711
K7AntiVirus Trojan 20120711
Kaspersky Trojan-Banker.Win32.Agent.fyn 20120711
McAfee PWS-Banker!h2o 20120711
McAfee-GW-Edition PWS-Banker!h2o 20120711
Microsoft Trojan:Win32/Bumat!rts 20120711
NOD32 probably a variant of Win32/Spy.Banker.CPNRGDZ 20120711
Norman W32/Suspicious_Gen2.TYAHG 20120711
nProtect Trojan/W32.Agent.117248.NB 20120711
Sophos AV Troj/Trackr-Gen 20120711
Symantec WS.Reputation.1 20120711
TheHacker Trojan/Agent.fyn 20120711
TrendMicro TROJ_BANKER.QPA 20120711
TrendMicro-HouseCall TROJ_BANKER.QPA 20120711
VBA32 TrojanBanker.Agent.fyn 20120711
VIPRE Trojan.Win32.Generic!BT 20120711
ViRobot Trojan.Win32.A.Agent.117248.B 20120711
VirusBuster Trojan.PWS.Agent!oG9LUK+WC5E 20120711
ByteHero 20120613
ClamAV 20120711
Commtouch 20120711
F-Prot 20120711
Panda 20120711
PCTools 20120711
Rising 20120711
SUPERAntiSpyware 20120711
TotalDefense 20120710
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1992-06-19 22:22:17
Entry Point 0x00018C34
Number of sections 8
PE sections
PE imports
CloseServiceHandle
RegCloseKey
StartServiceCtrlDispatcherA
OpenServiceA
SetServiceStatus
CreateServiceA
QueryServiceStatus
RegQueryValueExA
ControlService
DeleteService
RegOpenKeyExA
OpenSCManagerA
RegisterServiceCtrlHandlerA
GetLastError
EnumCalendarInfoA
GetStdHandle
EnterCriticalSection
lstrlenA
WaitForSingleObject
FreeLibrary
ExitProcess
GetThreadLocale
GetVersionExA
GetModuleFileNameA
RtlUnwind
DuplicateHandle
GetLocalTime
DeleteCriticalSection
GetStartupInfoA
GetDateFormatA
LoadLibraryExA
GetLocaleInfoA
LocalAlloc
OpenProcess
VirtualQueryEx
GetCPInfo
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
ReadProcessMemory
GetCommandLineA
GetProcAddress
GetCurrentThread
SuspendThread
SetFilePointer
RaiseException
CompareStringA
CloseHandle
WideCharToMultiByte
GetModuleHandleA
FindFirstFileA
FormatMessageA
WriteFile
GetCurrentProcess
ReadFile
ResetEvent
lstrcpynA
GetACP
GetDiskFreeSpaceA
GetCurrentThreadId
GetFullPathNameA
SetEvent
LocalFree
ResumeThread
InitializeCriticalSection
VirtualQuery
VirtualFree
CreateEventA
FindClose
InterlockedDecrement
Sleep
GetFileType
SetEndOfFile
TlsSetValue
CreateFileA
GetStringTypeExA
GetVersion
LeaveCriticalSection
VirtualAlloc
GetFileSize
InterlockedIncrement
VariantChangeType
SafeArrayGetLBound
SafeArrayPtrOfIndex
SysAllocStringLen
VariantClear
SafeArrayCreate
SysReAllocStringLen
SafeArrayGetUBound
VariantCopy
SysFreeString
VariantInit
GetSystemMetrics
LoadStringA
CharLowerA
CharNextA
MessageBoxA
CharUpperA
GetKeyboardType
CharToOemA
Number of PE resources by type
RT_STRING 7
RT_RCDATA 2
Number of PE resources by language
NEUTRAL 9
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
1992:06:19 23:22:17+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
98304

LinkerVersion
2.25

EntryPoint
0x18c34

InitializedDataSize
17920

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 3f92beffcadcc9305abba867927f766e
SHA1 8126c0d1c738849b06e0fbb0db1b87fa4f630467
SHA256 8b3587b7d7394deb5be7645752a9d237e31b52b8ca14d465508cfb955d0cbc66
ssdeep
3072:U28d4ti9UzpOBN9Hogg5LUSm4z2i4DQFu/U3buRKlemZ9DnGAekEBghde/Rx7Gys:VGj8ez+Ci4DQFu/U3buRKlemZ9DnGAeR

authentihash 0d4731cde4cd593c9000f2940320e7be70588b76bc131c8c6ae24dfa42c8c637
imphash d98380415a9e01bc213802830c18c1ec
File size 114.5 KB ( 117248 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win32 Executable Borland Delphi 7 (95.2%)
Win32 Executable Delphi generic (2.0%)
Win32 Dynamic Link Library (generic) (0.9%)
Win32 Executable (generic) (0.6%)
Win16/32 Executable Delphi generic (0.2%)
Tags
peexe

VirusTotal metadata
First submission 2011-04-15 17:39:59 UTC ( 7 years, 11 months ago )
Last submission 2017-07-28 11:34:57 UTC ( 1 year, 7 months ago )
File names r2.exe
malware_283.vir
rdspooler.exe
file-3154252_exe
1882097
3f92beffcadcc9305abba867927f766e.virus
x.exe
rdasrv.exe
3F92BEFFCADCC9305ABBA867927F766E
RDASRV.EXE
rdasrv.exe.txt
output.1882097.txt
vti-rescan
3f92beffcadcc9305abba867927f766e
rdasrv.exe
8b3587b7d7394deb5be7645752a9d237e31b52b8ca14d465508cfb955d0cbc66
smona_8b3587b7d7394deb5be7645752a9d237e31b52b8ca14d465508cfb955d0cbc66.bin
8b3587b7d7394deb5be7645752a9d237e31b52b8ca14d465508cfb955d0cbc66.exe
x.exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!