× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 906c30cf5403d56ac71f25896f21bcb96278e1f2c155c7166d77c45e39c33133
File name: cdb0ae783f66d37883f0431c6dd18954_INF39EA.tmp
Detection ratio: 18 / 47
Analysis date: 2013-11-03 21:24:20 UTC ( 5 months, 2 weeks ago )
Antivirus Result Update
AVG Downloader.Banload2.DCO 20131103
Agnitum Packed/PECompact 20131103
Baidu-International Trojan.Win32.Downloader.Banload.SQY 20131103
BitDefender Gen:Variant.Symmi.34392 20131103
ESET-NOD32 a variant of Win32/TrojanDownloader.Banload.SQY 20131103
Emsisoft Gen:Variant.Symmi.34392 (B) 20131103
F-Secure Gen:Variant.Symmi.34392 20131103
Fortinet W32/Delp.P!tr 20131103
GData Gen:Variant.Symmi.34392 20131103
Kaspersky UDS:DangerousObject.Multi.Generic 20131101
McAfee Artemis!CDB0AE783F66 20131103
McAfee-GW-Edition Artemis!CDB0AE783F66 20131103
Microsoft TrojanSpy:Win32/Banker.AJP 20131103
Panda Suspicious file 20131103
Sophos Troj/Delp-P 20131103
Symantec Backdoor.Graybird 20131103
TrendMicro-HouseCall TROJ_GEN.F47V1103 20131103
VIPRE Trojan.Win32.Generic!BT 20131103
AhnLab-V3 20131103
AntiVir 20131103
Antiy-AVL 20131101
Avast 20131103
Bkav 20131102
ByteHero 20131028
CAT-QuickHeal 20131103
ClamAV 20131103
Commtouch 20131103
Comodo 20131103
DrWeb 20131103
F-Prot 20131103
Ikarus 20131103
Jiangmin 20131103
K7AntiVirus 20131101
K7GW 20131101
Kingsoft 20130829
Malwarebytes 20131103
MicroWorld-eScan 20131028
NANO-Antivirus 20131103
Norman 20131103
Rising 20131101
SUPERAntiSpyware 20131103
TheHacker 20131103
TotalDefense 20131101
TrendMicro 20131103
VBA32 20131102
ViRobot 20131103
nProtect 20131101
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
Packers identified
PEiD PECompact 2.xx --> BitSum Technologies
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-11-02 15:06:20
Entry Point 0x0008A5F3
Number of sections 3
PE sections
PE imports
RegQueryValueExA
_TrackMouseEvent
ChooseFontA
UnrealizeObject
VirtualFree
LoadLibraryA
VirtualAlloc
GetProcAddress
SysFreeString
ShellExecuteExA
GetKeyboardType
VerQueryValueA
InternetReadFile
OpenPrinterA
PE exports
Number of PE resources by type
RT_STRING 17
RT_GROUP_CURSOR 7
RT_CURSOR 7
RT_RCDATA 3
RT_ICON 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 20
ENGLISH US 14
PORTUGUESE BRAZILIAN 2
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2013:11:02 16:06:20+01:00

FileType
Win32 DLL

PEType
PE32

CodeSize
438272

LinkerVersion
2.25

EntryPoint
0x8a5f3

InitializedDataSize
78848

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 cdb0ae783f66d37883f0431c6dd18954
SHA1 862a05226671ed1d12ee1a610130eafdc8b5496d
SHA256 906c30cf5403d56ac71f25896f21bcb96278e1f2c155c7166d77c45e39c33133
ssdeep
6144:rDH+f0r7/gP8YnyYDU8ueHmeIOEMIixkJ1:3+OgFyA9ueHoOJC

File size 198.0 KB ( 202752 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID Win32 EXE PECompact compressed (v2.x) (44.3%)
Win32 EXE PECompact compressed (generic) (31.1%)
Win 9x/ME Control Panel applet (11.6%)
Win32 Dynamic Link Library (generic) (4.9%)
Win32 Executable (generic) (3.3%)
Tags
pecompact pedll

VirusTotal metadata
First submission 2013-11-03 00:41:50 UTC ( 5 months, 2 weeks ago )
Last submission 2013-11-03 21:24:20 UTC ( 5 months, 2 weeks ago )
File names cdb0ae783f66d37883f0431c6dd18954_INF39EA.tmp
install_flashplayer11x32_aih_wxn2710.cpl
Advanced heuristic and reputation engines
ClamAV PUA
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: http://www.clamav.net/index.php?s=pua&lang=en .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!