× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 947d1ed74bfcf7c253ae99c09cf2afee6c16da34a234f91c6d769199bb3af1aa
File name: 163.exe
Detection ratio: 34 / 41
Analysis date: 2009-10-07 17:14:07 UTC ( 8 years, 2 months ago ) View latest
Antivirus Result Update
a-squared Worm.Win32.AutoRun!IK 20091007
AntiVir Worm/Autorun.gss.4 20091007
Authentium W32/Rootkit-PX!Eldorado 20091007
Avast Win32:Viking-CD 20091007
AVG SHeur2.BEGD 20091004
BitDefender Generic.Malware.WBdld.C28C8E33 20091007
CAT-QuickHeal Worm.AutoRun.gss 20091007
Comodo TrojWare.Win32.Trojan.Agent.Gen 20091007
DrWeb Win32.HLLW.Autoruner.7609 20091007
eSafe Suspicious File 20091006
eTrust-Vet Win32/Emerleox.HQ 20091007
F-Prot W32/Rootkit-PX!Eldorado 20091007
F-Secure Worm.Win32.AutoRun.gss 20091007
Fortinet W32/Dropper.GSS!worm 20091007
GData Win32:Viking-CC 20091007
Ikarus Worm.Win32.AutoRun 20091007
Jiangmin Worm/AutoRun.lrl 20091007
K7AntiVirus Worm.Win32.AutoRun.gss 20091007
Kaspersky Worm.Win32.AutoRun.gss 20091007
McAfee W32/Autorun.worm.bx 20091006
McAfee+Artemis W32/Autorun.worm.bx 20091006
McAfee-GW-Edition Worm.Autorun.gss.4 20091007
Microsoft Worm:Win32/Viking.NA 20091007
NOD32 Win32/AutoRun.AntiAV.M 20091007
Norman W32/DLoader.ZBXK 20091007
Panda Generic Worm 20091006
Rising Trojan.DL.Win32.Nodef.agu 20090930
Sophos AV Mal/Generic-A 20091007
Sunbelt Trojan.Win32.Generic!BT 20091007
Symantec Downloader 20091007
TrendMicro WORM_STRAT.GEN-3 20091007
VBA32 Worm.Win32.AutoRun.gss 20091007
ViRobot Worm.Win32.Autorun.25600.BH 20091007
VirusBuster Worm.AutoRun.AASX 20091007
AhnLab-V3 20091006
Antiy-AVL 20091005
ClamAV 20091007
nProtect 20091007
PCTools 20091007
Prevx 20091007
TheHacker 20091006
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2009-09-30 15:39:39
Entry Point 0x00011AB0
Number of sections 3
PE sections
PE imports
RegCloseKey
VirtualFree
ExitProcess
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
PathFileExistsA
wsprintfA
Number of PE resources by type
FILE 1
Number of PE resources by language
CHINESE SIMPLIFIED 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2009:09:30 16:39:39+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
24576

LinkerVersion
9.0

EntryPoint
0x11ab0

InitializedDataSize
4096

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
45056

File identification
MD5 baca02113dfe7804f282a5b027b9ae92
SHA1 da33dbbf2f1c39066dff418c64406b9f462431ef
SHA256 947d1ed74bfcf7c253ae99c09cf2afee6c16da34a234f91c6d769199bb3af1aa
ssdeep
384:k6Kpjgj5zIs7qfjzgA2tb/mOEHkV54YFWDrteIp+2RVlS:k6aeB+vc7mOEHkYDrtes+u

authentihash 83e0fca71b75df54dee8828ab2cd0026d048319fdb1ad689a43432d40b04af16
imphash a78bb34fb7f46d03163eb0f661e2077f
File size 25.0 KB ( 25600 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (28.6%)
UPX compressed Win32 Executable (28.0%)
Win32 EXE Yoda's Crypter (27.5%)
Win32 Dynamic Link Library (generic) (6.8%)
Win32 Executable (generic) (4.6%)
Tags
peexe

VirusTotal metadata
First submission 2009-09-30 20:49:02 UTC ( 8 years, 2 months ago )
Last submission 2015-06-12 08:23:58 UTC ( 2 years, 6 months ago )
File names zjTKgji.sys
aa
DHQXXbj.tif
003434549
baca02113dfe7804f282a5b027b9ae92.25600
BACA02113DFE7804F282A5B027B9AE92
baca02113dfe7804f282a5b027b9ae92
test.txt
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!