× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 94c604e5cff7650f60049993405858dfc96f8ac5b77587523d37a8f8f3d9c1bc
File name: 94c604e5cff7650f60049993405858dfc96f8ac5b77587523d37a8f8f3d9c1bc
Detection ratio: 35 / 45
Analysis date: 2012-12-12 19:38:47 UTC ( 6 years, 3 months ago ) View latest
Antivirus Result Update
AhnLab-V3 Trojan/Win32.PornoAsset 20121212
AntiVir TR/Crypt.XPACK.Gen 20121212
Avast Win32:Kryptik-JWE [Trj] 20121212
AVG Agent_r.BNL 20121212
BitDefender Gen:Heur.PIF.4 20121212
ClamAV Win.Trojan.Agent-24040 20121212
Commtouch W32/Falab.F.gen!Eldorado 20121212
Comodo TrojWare.Win32.Kryptik.ALBY 20121212
DrWeb Trojan.FakeAV.13256 20121212
Emsisoft Gen:Heur.PIF.3 (B) 20121212
ESET-NOD32 a variant of Win32/Kryptik.ALEW 20121212
F-Prot W32/Falab.F.gen!Eldorado 20121212
F-Secure Gen:Heur.PIF.4 20121212
Fortinet W32/Yakes.AP!tr 20121212
GData Gen:Heur.PIF.4 20121212
Ikarus Trojan-Ransom.Win32.PornoAsset 20121212
Jiangmin Trojan/Generic.arrtz 20121212
K7AntiVirus Riskware 20121212
Kaspersky HEUR:Trojan.Win32.Generic 20121212
Kingsoft Win32.Troj.Undef.(kcloud) 20121210
Malwarebytes Trojan.Agent.VAGen1 20121212
McAfee PWS-Zbot.gen.als 20121212
McAfee-GW-Edition PWS-Zbot.gen.als 20121212
Microsoft VirTool:Win32/Obfuscator.PN 20121212
eScan Gen:Heur.PIF.4 20121212
NANO-Antivirus Trojan.Win32.XPACK.xvqao 20121212
Norman W32/Sinowal.KSY 20121212
Panda Trj/Genetic.gen 20121212
Sophos AV Mal/ZboCheMan-A 20121212
Symantec Infostealer.Dexter 20121212
TheHacker Trojan/Kryptik.alew 20121211
TotalDefense Win32/Zbot.AM!generic 20121212
TrendMicro TROJ_GEN.R47CDIH 20121212
TrendMicro-HouseCall TROJ_GEN.R47CDIH 20121212
VIPRE LooksLike.Win32.ZboCheman.a (v) 20121212
Yandex 20121212
Antiy-AVL 20121212
ByteHero 20121212
CAT-QuickHeal 20121212
eSafe 20121212
nProtect 20121212
Rising 20121212
SUPERAntiSpyware 20121212
VBA32 20121212
ViRobot 20121212
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2011-03-25 18:26:37
Entry Point 0x00002BB8
Number of sections 6
PE sections
PE imports
GetProcessHeap
GetKeyState
WaitMessage
IsCharAlphaA
PostQuitMessage
PE exports
Number of PE resources by type
RT_DIALOG 1
Number of PE resources by language
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2011:03:25 19:26:37+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
759808

LinkerVersion
10.0

ImageFileCharacteristics
Executable, 32-bit

EntryPoint
0x2bb8

InitializedDataSize
11264

SubsystemVersion
5.1

ImageVersion
0.0

OSVersion
5.1

UninitializedDataSize
0

Compressed bundles
File identification
MD5 2d48e927cdf97413523e315ed00c90ab
SHA1 6c090aa226a719d8d948ad5244252b8b0c5e0af2
SHA256 94c604e5cff7650f60049993405858dfc96f8ac5b77587523d37a8f8f3d9c1bc
ssdeep
1536:EAqThpaIRjRqLZRBm7N7wqoCuDCbhcHjp:VA/akolq7OqoCkDp

authentihash d212114aecf46a9e3d4b2cef3b7ba2e0dc6f847ec9ccaed263fc7a00320ac069
imphash 84662072396f278852cc762a3782f555
File size 50.0 KB ( 51200 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2012-09-13 14:19:17 UTC ( 6 years, 6 months ago )
Last submission 2018-11-10 05:17:17 UTC ( 4 months, 1 week ago )
File names 2d48e927cdf97413523e315ed00c90ab
2D48E927CDF97413523E315ED00C90AB.VIR
94c604e5cff7650f60049993405858dfc96f8ac5b77587523d37a8f8f3d9c1bc.exe
dexter_94c604e5cff7650f60049993405858dfc96f8ac5b77587523d37a8f8f3d9c1bc
6c090aa226a719d8d948ad5244252b8b0c5e0af2_file.ex
dexter_94c604e5cff7650f60049993405858dfc96f8ac5b77587523d37a8f8f3d9c1bc
005124965
94c604e5cff7650f60049993405858dfc96f8ac5b77587523d37a8f8f3d9c1bc_dexter.exe
vti-rescan
94c604e5cff7650f60049993405858dfc96f8ac5b77587523d37a8f8f3d9c1bc.bin
file-4878947_exe
94c604e5cff7650f60049993405858dfc96f8ac5b77587523d37a8f8f3d9c1bc.exe
2d48e927cdf97413523e315ed00c90ab
94c604e5cff7650f60049993405858dfc96f8ac5b77587523d37a8f8f3d9c1bc
samp_ (91)
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!