× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 92730e5ab332946d037b8eee7767692c532d67cfabd049cf4bdc0b3513d237f6
File name: AA339ABCDFE63181C4493E09F9A77D0A
Detection ratio: 41 / 43
Analysis date: 2011-07-15 12:36:33 UTC ( 7 years, 6 months ago )
Antivirus Result Update
AhnLab-V3 Win-Trojan/Llac.282624.BR 20110715
AntiVir TR/Crypt.CFI.Gen 20110715
Avast Win32:Dropper-FJG [Trj] 20110715
Avast5 Win32:Dropper-FJG [Trj] 20110715
AVG PSW.Generic8.ISF 20110715
BitDefender Trojan.PWS.Delf.INE 20110715
CAT-QuickHeal Trojan.Agent.ATV 20110715
ClamAV Trojan.Agent-171451 20110714
Commtouch W32/Trojan2.JRCA 20110715
Comodo TrojWare.Win32.Llac.C 20110715
DrWeb BackDoor.Cybergate.1 20110715
Emsisoft Worm.Win32.Rebhip!IK 20110715
eSafe Win32.TRCrypt.Cfi 20110714
eTrust-Vet Win32/Rebhip.BD 20110715
F-Prot W32/Trojan2.JRCA 20110714
F-Secure Backdoor:W32/Spyrat.A 20110715
Fortinet W32/Llac.GFU!tr 20110715
GData Trojan.PWS.Delf.INE 20110715
Ikarus Worm.Win32.Rebhip 20110715
Jiangmin Trojan/Llac.v 20110714
K7AntiVirus Trojan 20110714
Kaspersky Trojan.Win32.Llac.bdm 20110715
McAfee Generic PWS.di 20110715
McAfee-GW-Edition Generic PWS.di 20110715
Microsoft Worm:Win32/Autorun.VW 20110715
NOD32 Win32/Spatet.A 20110715
Norman W32/Suspicious_Gen2.dam 20110715
nProtect Generic.Rebhip.53857687 20110715
Panda Trj/Spy.YM 20110715
PCTools Malware.Spyrat 20110713
Rising Worm.Win32.Undef.pg 20110715
Sophos AV Troj/Agent-LRO 20110715
SUPERAntiSpyware Trojan.Agent/Gen-FraudLoad 20110715
Symantec W32.Spyrat 20110715
TheHacker Trojan/Llac.bdm 20110715
TrendMicro TSPY_LLAC.SML 20110715
TrendMicro-HouseCall TSPY_LLAC.SML 20110715
VBA32 Trojan.Llac.bdm 20110715
VIPRE Worm.Win32.Rebhip.A (v) 20110715
ViRobot Trojan.Win32.S.Llac.282624.BQ 20110715
VirusBuster Worm.DR.Rebhip.Gen 20110714
Antiy-AVL 20110715
Prevx 20110715
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file.
Packers identified
PEiD UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
PE header basic information
Number of sections 3
PE sections
PE imports
LoadLibraryA
GetProcAddress
VirtualProtect
VirtualAlloc
VirtualFree
ExitProcess
LsaClose
CryptUnprotectData
CoTaskMemFree
SysFreeString
PStoreCreateInstance
RasEnumEntriesA
SHGetSpecialFolderPathA
ToAscii
File identification
MD5 aa339abcdfe63181c4493e09f9a77d0a
SHA1 f94cb9c481db667f068938208080393fa6dd0da6
SHA256 92730e5ab332946d037b8eee7767692c532d67cfabd049cf4bdc0b3513d237f6
ssdeep
6144:uk4qmVHY92Yay0E8ZR5eWS3L+7h23KK1mPE:x9JTa9Q2hbK

File size 276.0 KB ( 282624 bytes )
File type Win32 EXE
Magic literal

TrID UPX compressed Win32 Executable (38.5%)
Win32 EXE Yoda's Crypter (33.4%)
Win32 Executable Generic (10.7%)
Win32 Dynamic Link Library (generic) (9.5%)
Win16/32 Executable Delphi generic (2.6%)
Tags
upx

VirusTotal metadata
First submission 2010-03-14 12:20:22 UTC ( 8 years, 10 months ago )
Last submission 2011-07-15 12:36:33 UTC ( 7 years, 6 months ago )
File names fS0nE.7z
AA339ABCDFE63181C4493E09F9A77D0A
aa
8apjXBMoi.rar
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!