× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 8dafb21e7d106a6c98f745f30c2577ee7b0984ec7ba2c4107f7ddcd0d127baf6
File name: 8dafb21e7d106a6c98f745f30c2577ee7b0984ec7ba2c4107f7ddcd0d127baf6.bin
Detection ratio: 61 / 65
Analysis date: 2017-09-20 07:10:48 UTC ( 1 year, 4 months ago )
Antivirus Result Update
Ad-Aware Trojan.Generic.7456886 20170920
AegisLab Virus.W32.Virut!c 20170920
AhnLab-V3 Win32/Virut.B 20170920
ALYac Trojan.Generic.7456886 20170919
Antiy-AVL Virus/Win32.Virut.av 20170920
Arcabit Trojan.Generic.D71C876 20170920
Avast Win32:Sality 20170920
AVG Win32:Sality 20170920
Avira (no cloud) W32/Sality.AT 20170920
AVware Virus.Win32.Virut.a (v) 20170919
Baidu Win32.Virus.Virut.b 20170920
BitDefender Trojan.Generic.7456886 20170920
CAT-QuickHeal W32.Virut.E 20170919
ClamAV Win.Trojan.Virut-224 20170920
CMC Net-Worm.Win32.Padobot!O 20170919
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20170804
Cylance Unsafe 20170920
Cyren W32/Virut.7116 20170920
DrWeb Win32.Lsabot 20170920
Emsisoft Trojan.Generic.7456886 (B) 20170920
Endgame malicious (moderate confidence) 20170821
ESET-NOD32 Win32/Virut.AV 20170920
F-Prot W32/Korgo.V 20170920
F-Secure Trojan.Generic.7456886 20170920
Fortinet W32/Virut.J 20170920
GData Win32.Virus.Sality.A 20170920
Ikarus Worm.Win32.Korgo 20170919
Sophos ML heuristic 20170914
Jiangmin Win32/Virut.af 20170920
K7AntiVirus Virus ( 00001b781 ) 20170920
K7GW Virus ( 00001b781 ) 20170920
Kaspersky Virus.Win32.Virut.av 20170920
Kingsoft Win32.Virut.xf.57344 20170920
MAX malware (ai score=88) 20170920
McAfee W32/Virut.gen.a 20170920
McAfee-GW-Edition BehavesLike.Win32.FakeAlertSecurityTool.nc 20170920
Microsoft Worm:Win32/Korgo.V 20170920
eScan Trojan.Generic.7456886 20170920
NANO-Antivirus Virus.Win32.Virut.ljfw 20170920
nProtect Virus/W32.Virut.Gen 20170920
Palo Alto Networks (Known Signatures) generic.ml 20170920
Panda Generic Malware 20170919
Qihoo-360 Virus.Win32.Virtob.B 20170920
Rising Worm.Win32.Korgo.ad (CLOUD) 20170920
SentinelOne (Static ML) static engine - malicious 20170806
Sophos AV W32/Virut-W 20170920
Symantec W32.Sality.AE 20170920
Tencent Trojan.Win32.Agent.bdl 20170920
TheHacker W32/Virut.AV 20170916
TotalDefense Win32/Virut.7115 20170920
TrendMicro PE_VIRUT.AV 20170920
TrendMicro-HouseCall PE_VIRUT.AV 20170920
VBA32 Virus.Virut.07 20170919
VIPRE Virus.Win32.Virut.a (v) 20170920
ViRobot Win32.Virut.S 20170920
Webroot W32.Worm.Korgo.Gen 20170920
WhiteArmor Malware.HighConfidence 20170829
Yandex Win32.Virut.Gen.4 20170908
Zillya Worm.Padobot.Win32.1 20170919
ZoneAlarm by Check Point Virus.Win32.Virut.av 20170920
Zoner I-Worm.Korgo.V 20170920
Alibaba 20170911
Avast-Mobile 20170829
Comodo 20170920
Malwarebytes 20170920
SUPERAntiSpyware 20170920
Symantec Mobile Insight 20170920
Trustlook 20170920
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2004-06-22 16:09:44
Entry Point 0x0001B000
Number of sections 3
PE sections
PE imports
RegCloseKey
LoadLibraryA
ExitProcess
GetProcAddress
wsprintfA
InternetOpenA
closesocket
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2004:06:22 17:09:44+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
8192

LinkerVersion
6.0

EntryPoint
0x1b000

InitializedDataSize
4096

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
20480

File identification
MD5 efeb717fdbb98d8043eb4c51254d9b74
SHA1 2644a7c50aa3cd366be0dd219efe531ed72ae514
SHA256 8dafb21e7d106a6c98f745f30c2577ee7b0984ec7ba2c4107f7ddcd0d127baf6
ssdeep
1536:dyD8SId/9ztODihwpBKWgGXeDSaI4Y6b0W37K0GR7TMTomTpONjgZYU3YIVV+wcZ:ddSSVUGhIjXeD7zb137KJWPpONtzIgRr

authentihash b41c27367fd81009c38b5e55894aea5c36a988597de0eca0dccfe5c9f8296335
imphash 9d26f1a3061dfb765257a72c1fbc6940
File size 91.5 KB ( 93696 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable (generic) (52.9%)
Generic Win/DOS Executable (23.5%)
DOS Executable Generic (23.5%)
Tags
peexe

VirusTotal metadata
First submission 2012-01-13 18:02:34 UTC ( 7 years ago )
Last submission 2015-01-05 08:41:25 UTC ( 4 years ago )
File names 8dafb21e7d106a6c98f745f30c2577ee7b0984ec7ba2c4107f7ddcd0d127baf6.bin
13265533595628958195
13265678157566335021
13266183208066385694
13265793968687708284
13265137873837388142
13264928079819864411
13265101490798985449
13265757951789449079
13265281912270733108
13265317904242287145
13265908583027971792
13265497962001409065
13266147101945506592
efeb717fdbb98d8043eb4c51254d9b74
13265392221134420145
13265965745089507189
13265645330618225691
13265461478473131864
virustotalbinary_30535
13265937562011074424
13266037976470575646
13264849512313257938
13265572284098571378
13265605643667658774
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!