× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 8ddd4e26b925aedb33846d7ad2afad0277a3b765906ffb57a73d6552d12018d6
File name: aa
Detection ratio: 37 / 43
Analysis date: 2010-11-20 21:27:30 UTC ( 7 years, 11 months ago )
Antivirus Result Update
AhnLab-V3 Win-Trojan/Securisk 20101119
AntiVir TR/FakeAV.iql 20101119
Antiy-AVL Trojan/Win32.FakeAv.gen 20101120
Avast Win32:Trojan-gen 20101120
Avast5 Win32:Trojan-gen 20101120
AVG Generic19.ASHM 20101120
BitDefender Trojan.FakeAlert.CFW 20101120
Command W32/FakeAlert.IG.gen!Eldorado 20101120
Comodo TrojWare.Win32.FakeAv.iql 20101120
DrWeb Trojan.Fakealert.19260 20101120
Emsisoft Trojan.Win32.FakeAV!IK 20101120
eTrust-Vet Win32/FakeAV.PZC 20101120
F-Prot W32/FakeAlert.IG.gen!Eldorado 20101120
F-Secure Trojan.FakeAlert.CFW 20101120
Fortinet W32/FakeAV.FO!tr 20101120
GData Trojan.FakeAlert.CFW 20101120
Ikarus Trojan.Win32.FakeAV 20101120
Jiangmin Trojan/Fakeav.atz 20101120
K7AntiVirus Trojan 20101120
Kaspersky Trojan.Win32.FakeAv.iql 20101120
McAfee Generic.dx!ufs 20101120
McAfee-GW-Edition Generic.dx!ufs 20101120
Microsoft Rogue:Win32/FakePAV 20101119
NOD32 a variant of Win32/Adware.FakeMSE.D 20101120
Norman W32/FakeAV.AL!genr 20101120
nProtect Trojan/W32.FakeAV.654336.M 20101120
Panda Adware/AntispySafeguard 20101120
PCTools RogueAntiSpyware.SecurityEssentialFraud!rem 20101120
Prevx High Risk Fraudulent Security Program 20101120
Sophos AV Mal/FakeAV-FO 20101120
Symantec SecurityEssentialFraud 20101120
TheHacker Trojan/FakeAv.iql 20101120
TrendMicro TROJ_GEN.RFFE1JM 20101120
TrendMicro-HouseCall TROJ_GEN.RFFE1JM 20101120
VBA32 Trojan.FakeAv.ioh 20101119
VIPRE FraudTool.Win32.FakeVimes!delf (v) 20101120
VirusBuster Trojan.FakeAv!bzerE+i8Kqc 20101120
CAT-QuickHeal 20101109
ClamAV 20101120
eSafe 20101118
Rising 20101120
SUPERAntiSpyware 20101120
ViRobot 20101120
The file being studied is a Portable Executable file! More specifically, it is a unknown file.
Packers identified
PEiD UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
PE header basic information
Number of sections 3
PE sections
PE imports
RegCloseKey
ImageList_Add
SaveDC
LoadLibraryA
GetProcAddress
VirtualProtect
VirtualAlloc
VirtualFree
ExitProcess
AlphaBlend
OleDraw
VariantCopy
ShellExecuteW
VerQueryValueW
timeGetTime
OpenPrinterW
File identification
MD5 581bd4d15d2dffe4894f311f3bbf6a2f
SHA1 01cdd3fc0485c49e78608867d9f2cd1c66259a83
SHA256 8ddd4e26b925aedb33846d7ad2afad0277a3b765906ffb57a73d6552d12018d6
ssdeep
12288:/UCZYcvkClx6HnAZj9hoC7znf53AK4uP0U2nu6DvRlYU1:cCZVVxaQowDhMS6DHYm

File size 639.0 KB ( 654336 bytes )
File type unknown
Magic literal

TrID UPX compressed Win32 Executable (38.5%)
Win32 EXE Yoda's Crypter (33.4%)
Win32 Executable Generic (10.7%)
Win32 Dynamic Link Library (generic) (9.5%)
Win16/32 Executable Delphi generic (2.6%)
VirusTotal metadata
First submission 2010-10-09 20:45:43 UTC ( 8 years ago )
Last submission 2010-11-20 21:27:30 UTC ( 7 years, 11 months ago )
File names aa
oBt81.reg
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!