× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 8ce15825d1392e8e4e1e8c098249de24bb7eff5e177f7142f15bb4c009d116b4
File name: rusyt.exe
Detection ratio: 14 / 43
Analysis date: 2012-10-02 07:02:18 UTC ( 6 years, 5 months ago ) View latest
Antivirus Result Update
AhnLab-V3 Trojan/Win32.Genome 20121001
Avast Win32:Malware-gen 20121001
AVG Generic6_c.AQMV 20121001
BitDefender Gen:Variant.Zusy.18703 20121001
CAT-QuickHeal (Suspicious) - DNAScan 20121001
Emsisoft Trojan-PWS.Win32.Zbot!IK 20120919
F-Secure Gen:Variant.Zusy.18703 20121001
GData Gen:Variant.Zusy.18703 20121001
Ikarus Trojan-PWS.Win32.Zbot 20121001
Kingsoft Win32.Malware.Generic.a.(kcloud) 20120925
McAfee-GW-Edition Heuristic.LooksLike.Win32.Suspicious.C 20121001
Microsoft PWS:Win32/Zbot.gen!AJ 20121001
Norman Black.AG 20121001
Panda Trj/Genetic.gen 20121001
Yandex 20121001
AntiVir 20121001
Antiy-AVL 20121001
ByteHero 20120918
ClamAV 20121001
Commtouch 20121001
Comodo 20121001
DrWeb 20121001
eSafe 20120927
ESET-NOD32 20121001
F-Prot 20120926
Fortinet 20121001
Jiangmin 20121001
K7AntiVirus 20121001
Kaspersky 20121001
McAfee 20121001
nProtect 20121001
PCTools 20121001
Rising 20120928
Sophos AV 20121001
SUPERAntiSpyware 20120911
Symantec 20121001
TheHacker 20121001
TotalDefense 20121001
TrendMicro 20121001
TrendMicro-HouseCall 20121001
VBA32 20121001
VIPRE 20121001
ViRobot 20121001
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Packers identified
F-PROT Aspack
PEiD ASProtect v1.23 RC1
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1988-06-30 17:51:41
Entry Point 0x00001000
Number of sections 7
PE sections
PE imports
ImageList_SetIconSize
UnrealizeObject
GetProcAddress
GetModuleHandleA
LoadLibraryA
RaiseException
PSetupGetLocalDataField
VariantChangeTypeEx
GetForegroundWindow
VerQueryValueA
Number of PE resources by type
RT_VERSION 4
Struct(31) 1
RT_ICON 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 7
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
1988:06:30 18:51:41+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
1389056

LinkerVersion
7.79

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

Warning
Possibly corrupt Version resource

EntryPoint
0x1000

InitializedDataSize
15360

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 9878b528c35640c3ede697e3b0445124
SHA1 f0947b94cd474feec3bd2bd25c7dac18af5a7344
SHA256 8ce15825d1392e8e4e1e8c098249de24bb7eff5e177f7142f15bb4c009d116b4
ssdeep
12288:RYPVeKjKeDN9OW7IC/xYcDrQWw8W1K3DnsTen:RYPflDT5IC/+cDrQWpW4DsTY

authentihash c8e3a0c7ba33a28e377079e420388790772660c743e8fca9fd3205645c128ba2
imphash 286fce91ca34d7e668a8c0473aef4d74
File size 388.5 KB ( 397824 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (34.2%)
Win32 Executable (generic) (23.4%)
Win16/32 Executable Delphi generic (10.7%)
OS/2 Executable (generic) (10.5%)
Generic Win/DOS Executable (10.4%)
Tags
peexe asprotect aspack

VirusTotal metadata
First submission 2012-10-02 07:02:18 UTC ( 6 years, 5 months ago )
Last submission 2019-01-31 00:02:20 UTC ( 1 month, 3 weeks ago )
File names 1349380661.rusyt.exe
9878B528C35640C3EDE697E3B0445124.exe
rusyt.exe
8ce15825d1392e8e4e1e8c098249de24bb7eff5e177f7142f15bb4c009d116b4.bin
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!