× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 94c08cde892b49e2b13a61e2e933556581548f0f5408b614091a73cd94ff3aa6
File name: 01E2F92FB20A30FC32F694D0036F30D9
Detection ratio: 38 / 42
Analysis date: 2012-06-09 11:17:33 UTC ( 6 years, 4 months ago )
Antivirus Result Update
AhnLab-V3 Dropper/Agent.37376.AW 20120608
AntiVir TR/Spy.Delf.24576 20120609
Avast Win32:Small-NEQ [Drp] 20120609
AVG Agent2.AERJ 20120609
BitDefender Trojan.Generic.2953867 20120609
ClamAV PUA.Win32.Packer.MasmTasm 20120609
Commtouch W32/Dropper.AYSV 20120609
Comodo TrojWare.Win32.TrojanDropper.Agent.bkjx0 20120609
DrWeb Trojan.Click.41375 20120609
Emsisoft Trojan-Dropper.Agent!IK 20120609
eSafe Win32.Horse 20120607
F-Prot W32/Dropper.AYSV 20120609
F-Secure Trojan.Generic.2953867 20120609
Fortinet W32/Agent.BKJX!tr 20120609
GData Trojan.Generic.2953867 20120609
Ikarus Trojan-Dropper.Agent 20120609
Jiangmin TrojanDropper.Agent.ailh 20120609
K7AntiVirus Trojan 20120608
Kaspersky Trojan-Dropper.Win32.Agent.bkjx 20120609
McAfee Artemis!01E2F92FB20A 20120609
McAfee-GW-Edition Artemis!01E2F92FB20A 20120609
Microsoft TrojanDropper:Win32/Witkinat.A 20120607
NOD32 a variant of Win32/Agent.QOO 20120608
Norman W32/Malware.KVZK 20120607
nProtect Trojan-Dropper/W32.Agent.37376.AO 20120609
Panda Trj/Downloader.MDW 20120609
PCTools Trojan.Generic 20120609
Rising Trojan.Win32.Generic.11EE211B 20120608
Sophos AV Troj/Mdrop-CJW 20120609
Symantec Trojan Horse 20120609
TheHacker Trojan/Dropper.Agent.bkjx 20120608
TotalDefense Win32/Zirit.AL 20120608
TrendMicro TROJ_CRICAPU.SMF 20120609
TrendMicro-HouseCall TROJ_CRICAPU.SMF 20120608
VBA32 TrojanDropper.Agent.bkjx 20120608
VIPRE Trojan.Win32.Witkinat.a (v) 20120609
ViRobot Dropper.Agent.37376.G 20120609
VirusBuster Trojan.DR.Witkinat.Gen 20120608
Antiy-AVL 20120609
ByteHero 20120606
CAT-QuickHeal 20120609
SUPERAntiSpyware 20120609
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2010-01-06 01:06:17
Entry Point 0x00000898
Number of sections 3
PE sections
PE imports
GetTopWindow, MessageBeep, DialogBoxParamA, LoadIconA, ArrangeIconicWindows, CharUpperA, IsIconic, SetFocus, CharNextA, DestroyIcon, FlashWindow, GetSystemMetrics, RegisterWindowMessageA, ShowWindow, LoadCursorA, GetDC, KillTimer, GetSysColorBrush, SetTimer, ShowCursor, SetWindowTextA, GetMenuItemCount, ReleaseDC
EndPage, GdiFlush, CreateSolidBrush
GetProcAddress, GetLastError, lstrcatA, GetConsoleOutputCP, GetConsoleCP, LoadLibraryA, FreeLibrary, lstrlenA
SHFreeNameMappings, ShellExecuteA, ShellAboutA
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2010:01:06 02:06:17+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
2560

LinkerVersion
6.0

EntryPoint
0x0898

InitializedDataSize
33792

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 01e2f92fb20a30fc32f694d0036f30d9
SHA1 f5ceb1f5b976ac63641e99ed303527307a1d0027
SHA256 94c08cde892b49e2b13a61e2e933556581548f0f5408b614091a73cd94ff3aa6
ssdeep
768:yq7MFdTUbtPZR/4uHv8WH2Ey0N7xIsOwvbn:f7gO1FP2+Og

File size 36.5 KB ( 37376 bytes )
File type Win32 EXE
Magic literal
MS-DOS executable PE for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
VirusTotal metadata
First submission 2010-01-07 07:12:24 UTC ( 8 years, 9 months ago )
Last submission 2012-06-09 11:17:33 UTC ( 6 years, 4 months ago )
File names 01E2F92FB20A30FC32F694D0036F30D9
tEwn.zip
aa
36EQKTWp4y.doc
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!