× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 921599d9e1fa45eff7b8ddc8c66cfd0d5b54a37c76baed9f6b66cbf994c3d8f8
File name: 004999779
Detection ratio: 53 / 57
Analysis date: 2016-05-27 17:05:10 UTC ( 2 years, 8 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.Generic.550844 20160527
AegisLab Troj.W32.VB.avk!c 20160527
AhnLab-V3 HEUR/Fakon.mwf 20160527
ALYac Trojan.Generic.550844 20160527
Antiy-AVL Trojan/Win32.VB 20160527
Arcabit Trojan.Generic.D867BC 20160527
Avast Win32:Malware-gen 20160527
AVG Generic17.BOVT 20160527
Avira (no cloud) TR/Keylogger.avk 20160527
AVware Trojan.Win32.Generic!BT 20160527
Baidu-International Trojan.Win32.VB.avk 20160527
BitDefender Trojan.Generic.550844 20160527
Bkav W32.VBKlog.Worm 20160527
CAT-QuickHeal (Suspicious) - DNAScan 20160527
ClamAV Win.Trojan.VB-2741 20160527
CMC Generic.Win32.0036f9b979!CMCRadar 20160523
Comodo TrojWare.Win32.Spy.KeyLogger.NBV 20160527
Cyren W32/Trojan.TUKZ-7987 20160527
DrWeb Trojan.Keylog.110 20160527
Emsisoft Trojan.Generic.550844 (B) 20160527
ESET-NOD32 Win32/Spy.KeyLogger.NBV 20160527
F-Prot W32/Trojan2.ABJU 20160527
F-Secure Trojan.Generic.550844 20160527
Fortinet W32/VB.AVK!tr.spy 20160527
GData Trojan.Generic.550844 20160527
Ikarus Email-Worm.Win32.Indor 20160527
Jiangmin Trojan/VB.rxx 20160527
K7AntiVirus Spyware ( 0002459e1 ) 20160527
K7GW Spyware ( 0002459e1 ) 20160527
Kaspersky Trojan.Win32.VB.avk 20160527
Malwarebytes Backdoor.Agent 20160527
McAfee Generic.nb 20160527
McAfee-GW-Edition BehavesLike.Win32.SoftPulse.ch 20160527
Microsoft TrojanSpy:Win32/Vwealer.XL 20160527
eScan Trojan.Generic.550844 20160527
NANO-Antivirus Trojan.Win32.VB.dxnwad 20160527
nProtect Trojan/W32.Agent.112008.B 20160527
Panda Generic Malware 20160527
Qihoo-360 Malware.Radar01.Gen 20160527
Rising Trjoan.Generic-jmtSe4XS6zV (Cloud) 20160527
Sophos AV Mal/Behav-043 20160527
Symantec W32.SillyFDC 20160527
Tencent Win32.Trojan.Vb.Bdu 20160527
TheHacker Trojan/VB.avk 20160526
TotalDefense Win32/Bancos.IFR 20160527
TrendMicro TSPY_INFOSTEA.BI 20160527
TrendMicro-HouseCall TSPY_INFOSTEA.BI 20160527
VBA32 Trojan.VBRA.06453 20160527
VIPRE Trojan.Win32.Generic!BT 20160527
ViRobot Trojan.Win32.VB.112008[h] 20160527
Yandex TrojanSpy.Vwealer!0lBkZVf7ic4 20160526
Zillya Trojan.VB.Win32.100738 20160527
Zoner Trojan.KeyLogger.NBV 20160527
Alibaba 20160527
Baidu 20160527
Kingsoft 20160527
SUPERAntiSpyware 20160527
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Product UserInit
Original name Copia de explorer.exe
Internal name Copia de explorer
File version 0.00.0051
Packers identified
PEiD PEtite v2.2
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2007-06-03 17:27:03
Entry Point 0x00033042
Number of sections 4
PE sections
PE imports
Ord(581)
VirtualProtect
LoadLibraryA
ExitProcess
GetProcAddress
wsprintfA
MessageBoxA
Number of PE resources by type
RT_ICON 13
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 14
SPANISH MODERN 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2007:06:03 19:27:03+02:00

FileType
Win32 EXE

PEType
PE32

CodeSize
118784

LinkerVersion
6.0

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

EntryPoint
0x33042

InitializedDataSize
86016

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 0036f9b979aecc3c9e0bcf50b477579b
SHA1 a3ecd595effdc8cd0af0f2bbaedc08f07dca7fec
SHA256 921599d9e1fa45eff7b8ddc8c66cfd0d5b54a37c76baed9f6b66cbf994c3d8f8
ssdeep
768:PqboqK0bg+kY3ojp8+74h1kseiLOxiKofyK8owba0OMCED4z7VP7LdGSu2HyTAzD:PqW0bhoa+2HEK8zW0OMCE454vTgzQG

authentihash f0eaa6604f86f2ccb6b679bd0b60a0e4675a9911fe5224491c69e1cf2c5db418
imphash e8bfbe5244042b47607aa7a4c4b24f1a
File size 109.4 KB ( 112008 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Petite compressed Win32 executable (61.5%)
Win64 Executable (generic) (23.7%)
Win32 Dynamic Link Library (generic) (5.6%)
Win32 Executable (generic) (3.8%)
OS/2 Executable (generic) (1.7%)
Tags
peexe petite

VirusTotal metadata
First submission 2007-07-10 22:46:14 UTC ( 11 years, 7 months ago )
Last submission 2018-12-19 03:07:51 UTC ( 2 months ago )
File names aa
1nck.zip
dXsqZ.xlsx
0036f9b979aecc3c9e0bcf50b477579b
0036F9B979AECC3C9E0BCF50B477579B
0036f9b979aecc3c9e0bcf50b477579b
VirusShare_0036f9b979aecc3c9e0bcf50b477579b
Copia de explorer.exe
Copia de explorer
004999779
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!