× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 8cbae3a75339c86c33721e3c77300865dfca47e546f9cffb4a2890dd3bcb9c9d
File name: 0_184765.exe
Detection ratio: 24 / 42
Analysis date: 2011-07-01 22:44:35 UTC ( 6 years, 10 months ago )
Antivirus Result Update
AntiVir TR/Crypt.CFI.Gen 20110701
Antiy-AVL Trojan/win32.agent.gen 20110701
Avast MSIL:Inject-AO 20110701
Avast5 MSIL:Inject-AO 20110701
AVG Generic22.BONN 20110701
BitDefender Trojan.Generic.6080144 20110701
CAT-QuickHeal Worm.Rebhip.a 20110701
Comodo ApplicUnwnt.Win32.AdWare.RK.~A 20110701
DrWeb Trojan.DownLoader3.8238 20110702
eSafe Win32.TRCrypt.Cfi 20110629
F-Secure Trojan.Generic.6080144 20110701
GData Trojan.Generic.6080144 20110702
Ikarus Trojan.SuspectCRC 20110701
Kaspersky Trojan.Win32.Llac.ymi 20110702
McAfee Artemis!15E62516D600 20110702
McAfee-GW-Edition Artemis!15E62516D600 20110702
Microsoft Worm:Win32/Rebhip.A 20110701
NOD32 probably a variant of Win32/Adware.GSMPEDS 20110702
Norman W32/Suspicious_Gen2.MWASS 20110701
nProtect Trojan/W32.Llac.2574440 20110701
Panda Trj/CI.A 20110701
Symantec WS.Reputation.1 20110701
VBA32 Trojan.Llac.ymi 20110701
VIPRE Trojan.Win32.Generic!BT 20110701
AhnLab-V3 20110701
ClamAV 20110701
Commtouch 20110701
eTrust-Vet 20110701
F-Prot 20110701
Fortinet 20110702
Jiangmin 20110701
K7AntiVirus 20110701
PCTools 20110701
Prevx 20110702
Rising 20110701
Sophos AV 20110702
SUPERAntiSpyware 20110702
TheHacker 20110701
TrendMicro 20110701
TrendMicro-HouseCall 20110702
ViRobot 20110701
VirusBuster 20110701
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file.
PE header basic information
Number of sections 4
PE sections
PE imports
LookupPrivilegeValueA
OpenProcessToken
CloseServiceHandle
RegQueryInfoKeyA
RegDeleteKeyA
StartServiceA
QueryServiceStatus
OpenServiceA
RegDeleteValueA
GetUserNameA
RegSetValueExA
RegCreateKeyExA
RegOpenKeyA
RegQueryValueExA
RegOpenKeyExA
RegCloseKey
UnlockServiceDatabase
RegEnumKeyExA
OpenSCManagerA
LockServiceDatabase
AdjustTokenPrivileges
PropertySheetA
CreatePropertySheetPageA
DestroyPropertySheetPage
GetObjectA
CreateFontIndirectA
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
GetWindowExtEx
GetViewportExtEx
SetMapMode
GetMapMode
GetDeviceCaps
DeleteObject
GetStockObject
DeleteDC
SetBkMode
FindFirstFileA
FormatMessageA
ReadFile
CreateProcessA
GetExitCodeProcess
GetVersion
FindClose
GetDiskFreeSpaceA
GetModuleHandleA
CreateDirectoryA
GetEnvironmentVariableA
GetCurrentThreadId
GetCurrentProcess
FlushInstructionCache
HeapAlloc
EnterCriticalSection
LeaveCriticalSection
RemoveDirectoryA
MulDiv
OutputDebugStringA
LoadLibraryExA
EnumResourceLanguagesA
GetSystemDefaultLangID
GetUserDefaultLangID
GetTempPathA
GetTempFileNameA
FindNextFileA
GetLogicalDriveStringsA
GetDriveTypeA
GetSystemDirectoryA
GetSystemTime
GlobalMemoryStatus
OpenProcess
TerminateProcess
CreateNamedPipeA
ConnectNamedPipe
SearchPathA
InterlockedIncrement
InterlockedDecrement
IsDBCSLeadByte
lstrcpynA
lstrlenW
GetShortPathNameA
CreateMutexA
SetCurrentDirectoryA
GetFileAttributesA
SetFileAttributesA
CopyFileA
ExitProcess
DebugBreak
HeapSize
HeapReAlloc
HeapDestroy
LocalAlloc
MultiByteToWideChar
lstrlenA
GlobalAlloc
GlobalFree
GetCommandLineA
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
lstrcatA
lstrcpyA
VirtualProtect
GlobalUnlock
GetStartupInfoA
GlobalLock
GetProcessHeap
HeapFree
lstrcmpA
GetStringTypeExA
FreeLibrary
lstrcmpiA
GetModuleFileNameA
GetProcAddress
LoadLibraryA
ResetEvent
FlushFileBuffers
Sleep
WriteFile
MoveFileA
DeleteFileA
GetFileSize
SetFilePointer
CreateFileA
CreateEventA
SetEvent
CreateThread
CloseHandle
TerminateThread
GetExitCodeThread
WaitForSingleObject
InitializeCriticalSection
DeleteCriticalSection
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
WideCharToMultiByte
RaiseException
FindResourceExA
LoadResource
LockResource
SizeofResource
FindResourceA
GetLastError
VirtualAlloc
GetSystemInfo
VirtualQuery
GetWindowsDirectoryA
RtlUnwind
2 more function(s) imported by ordinal)
SHBrowseForFolderA
ShellExecuteExA
SHGetMalloc
SHGetPathFromIDListA
SHGetSpecialFolderLocation
ShellExecuteA
FindWindowA
CopyRect
ReleaseDC
GetWindowDC
ScreenToClient
GetSubMenu
LoadMenuA
TrackPopupMenu
EnableMenuItem
ExitWindowsEx
GetDC
GetSystemMetrics
SetFocus
LoadIconA
DestroyMenu
ModifyMenuA
DefWindowProcA
CallWindowProcA
GetSystemMenu
DialogBoxParamA
SetForegroundWindow
InvalidateRect
RedrawWindow
ShowWindow
PostQuitMessage
RemovePropA
SetPropA
GetDlgCtrlID
MessageBoxA
KillTimer
EnableWindow
SetTimer
DestroyWindow
CreateDialogParamA
IsWindow
PostMessageA
GetActiveWindow
SetClipboardData
EmptyClipboard
CloseClipboard
OpenClipboard
GetPropA
MsgWaitForMultipleObjects
GetForegroundWindow
SetWindowLongA
GetWindowLongA
SendMessageA
EndDialog
GetWindow
SystemParametersInfoA
GetWindowRect
GetParent
LoadImageA
DispatchMessageA
TranslateMessage
PeekMessageA
CreateWindowExA
GetClientRect
MapWindowPoints
SetWindowPos
GetDlgItem
wvsprintfA
IsWindowVisible
GetDesktopWindow
CharNextA
UnregisterClassA
SetWindowTextA
LoadStringA
GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA
CoTaskMemFree
CoCreateInstance
CreateStreamOnHGlobal
CoTaskMemRealloc
CoTaskMemAlloc
CoInitialize
CoUninitialize
File identification
MD5 15e62516d6006f72af72a651cdc79cf6
SHA1 c96892bb636102893254455714312d5338994d66
SHA256 8cbae3a75339c86c33721e3c77300865dfca47e546f9cffb4a2890dd3bcb9c9d
ssdeep
49152:5oiF3gvgs97esZ1Ug5Bmz/GYIVzTcs6j39zdh+/wfLMyCK5XKDm1M9:5oiF3gYs9isZ20gGYIVzoZvCmLDXXZ29

File size 2.5 MB ( 2574440 bytes )
File type Win32 EXE
Magic literal

TrID Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
VirusTotal metadata
First submission 2011-06-14 15:57:41 UTC ( 6 years, 11 months ago )
Last submission 2011-07-01 22:44:35 UTC ( 6 years, 10 months ago )
File names 9Mu0Tr.kwu
0_184765.exe
184765.exe
mQSXQRVTy.rtf
15e62516d6006f72af72a651cdc79cf6
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!