× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 8f8e42498d2251ae4ebaa30713fc5bddcde7a98f21d5e8005fd8a9d56f5814f5
File name: vt-upload-tM22Z
Detection ratio: 24 / 45
Analysis date: 2013-08-10 07:45:18 UTC ( 5 years, 7 months ago )
Antivirus Result Update
Yandex Trojan.Agent!9y9tEJaLgAk 20130809
AhnLab-V3 Trojan/Win32.Foreign 20130810
AntiVir TR/Rogue.1161411 20130810
Avast Win32:Malware-gen 20130810
AVG Agent4.AXBK 20130810
BitDefender Trojan.GenericKDV.1161411 20130810
Comodo UnclassifiedMalware 20130810
DrWeb Trojan.Packed.23907 20130810
Emsisoft Trojan.GenericKDV.1161411 (B) 20130810
ESET-NOD32 a variant of Win32/Kryptik.BHNH 20130810
F-Secure Trojan.GenericKDV.1161411 20130810
Fortinet W32/Kryptik.BEVQ!tr 20130810
GData Trojan.GenericKDV.1161411 20130810
Ikarus Trojan.Agent4 20130810
Kaspersky Trojan.Win32.Agent.aaoph 20130810
Malwarebytes Trojan.Inject.RRE 20130809
McAfee Artemis!356134FE8B98 20130810
McAfee-GW-Edition Artemis!356134FE8B98 20130810
eScan Trojan.GenericKDV.1161411 20130810
Norman Troj_Generic.NRVGI 20130810
Panda Trj/CI.A 20130810
TrendMicro TROJ_GEN.R0CBC0RH913 20130810
TrendMicro-HouseCall TROJ_GEN.R0CBC0RH913 20130810
VIPRE Trojan.Win32.Generic!BT 20130810
Antiy-AVL 20130809
ByteHero 20130807
CAT-QuickHeal 20130808
ClamAV 20130810
Commtouch 20130810
F-Prot 20130810
Jiangmin 20130810
K7AntiVirus 20130809
K7GW 20130809
Kingsoft 20130723
Microsoft 20130810
NANO-Antivirus 20130810
nProtect 20130809
PCTools 20130810
Rising 20130809
SUPERAntiSpyware 20130810
Symantec 20130810
TheHacker 20130810
TotalDefense 20130809
VBA32 20130809
ViRobot 20130810
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-08-05 07:49:24
Entry Point 0x0002033F
Number of sections 4
PE sections
PE imports
AVISaveA
GetLastError
ReadConsoleInputA
HeapFree
GetStdHandle
LCMapStringW
SetHandleCount
GetSystemInfo
GetOEMCP
GetEnvironmentStringsW
HeapDestroy
ExitProcess
FlushFileBuffers
VirtualProtect
GetVersionExA
GetModuleFileNameA
RtlUnwind
LoadLibraryA
FreeEnvironmentStringsA
GetStartupInfoA
GetEnvironmentStrings
GetConsoleMode
GetLocaleInfoA
GetCurrentProcessId
DeleteFileA
LCMapStringA
GetCPInfo
UnhandledExceptionFilter
MultiByteToWideChar
HeapSize
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
SetStdHandle
SetFilePointer
RaiseException
WideCharToMultiByte
GetStringTypeA
GetModuleHandleA
InterlockedExchange
WriteFile
GetCurrentProcess
CloseHandle
GetSystemTimeAsFileTime
GetACP
HeapReAlloc
GetStringTypeW
TerminateProcess
ResumeThread
QueryPerformanceCounter
WriteConsoleA
SetConsoleMode
VirtualQuery
VirtualFree
InterlockedDecrement
Sleep
GetFileType
GetTickCount
CreateFileA
HeapAlloc
GetCurrentThreadId
VirtualAlloc
HeapCreate
InterlockedIncrement
acmMetrics
ReleaseDC
auxSetVolume
Ord(16)
Ord(18)
CoInitialize
Number of PE resources by type
1
Number of PE resources by language
ENGLISH US 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2013:08:05 08:49:24+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
159744

LinkerVersion
7.1

EntryPoint
0x2033f

InitializedDataSize
208896

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 356134fe8b985011be88449d850d9139
SHA1 47e78ab7b78489d3d15543545712fc9ababaf110
SHA256 8f8e42498d2251ae4ebaa30713fc5bddcde7a98f21d5e8005fd8a9d56f5814f5
ssdeep
3072:sc/qX1KpD5y+dsk4Q5qJXfxPVgzOasWUwSOyzHAYdkbta/DW:sc/qlKLpKe5KXhBwzKHAIqtaC

File size 364.0 KB ( 372736 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2013-08-05 09:10:27 UTC ( 5 years, 7 months ago )
Last submission 2013-08-10 07:45:18 UTC ( 5 years, 7 months ago )
File names vt-upload-VFaGu
vt-upload-tM22Z
vt-upload-oLI5J
EA3A.tmp.exe
vt-upload-xxmWY
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!