× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 959161c7bc1736e9f83b351f46b2cc92e22cfffde6bc38dd67e12e007d27cd01
File name: 8ed72a01f6dd01cf353091492d7e96c6
Detection ratio: 49 / 51
Analysis date: 2014-04-12 04:52:22 UTC ( 3 years, 6 months ago )
Antivirus Result Update
Ad-Aware Trojan.Generic.7874616 20140412
Yandex Adware.SystemSecurity!lWmDVHC1i50 20140411
AhnLab-V3 Win-Trojan/Winwebsec.401408 20140411
AntiVir TR/FakeAV.asu 20140412
Antiy-AVL Trojan[Ransom]/Win32.Agent 20140412
Avast Win32:MalOb-GE [Cryp] 20140412
AVG Generic28.CEFJ 20140411
Baidu-International Trojan.Win32.Ransom.aQ 20140411
BitDefender Trojan.Generic.7874616 20140412
Bkav W32.SmartFortressAA.Trojan 20140411
CAT-QuickHeal FraudTool.Security 20140411
ClamAV Win.Trojan.Fakeav-5397 20140412
CMC Packed.Win32.FakeAV-Crypter.6!O 20140411
Commtouch W32/FakeAlert.UQ.gen!Eldorado 20140412
Comodo TrojWare.Win32.Kryptik.AHSJ 20140412
DrWeb Trojan.Fakealert.32460 20140412
Emsisoft Trojan.Generic.7874616 (B) 20140412
ESET-NOD32 Win32/Adware.SystemSecurity.AL 20140412
F-Prot W32/FakeAlert.UQ.gen!Eldorado 20140412
F-Secure Trojan.Generic.7874616 20140412
Fortinet W32/FakeAV.KL!tr 20140412
GData Trojan.Generic.7874616 20140412
Ikarus Trojan-Ransom.Win32.Agent 20140412
Jiangmin Trojan/Agent.goog 20140412
K7AntiVirus Trojan ( 003e58dd1 ) 20140411
K7GW Trojan ( 003e58dd1 ) 20140411
Kaspersky Trojan-Ransom.Win32.Agent.hhe 20140411
Kingsoft Win32.Troj.Generic.(kcloud) 20140412
Malwarebytes Trojan.Lameshield 20140412
McAfee PWS-Zbot.gen.ahq 20140412
McAfee-GW-Edition Heuristic.LooksLike.Win32.Suspicious.B 20140412
Microsoft Rogue:Win32/Winwebsec 20140412
eScan Trojan.Generic.7874616 20140412
NANO-Antivirus Trojan.Win32.Agent2.vuyie 20140412
Norman FakeAV.BERQ 20140411
nProtect Trojan/W32.Agent.401408.PS 20140411
Panda Trj/Resdec.c 20140411
Qihoo-360 HEUR/Malware.QVM07.Gen 20140412
Rising PE:Malware.Obscure!1.9C59 20140411
Sophos AV Mal/FakeAV-KL 20140412
SUPERAntiSpyware Trojan.Agent/Gen-FakeAlert 20140412
Symantec Trojan.Fakeavlock 20140412
TheHacker Trojan/Agent.hhh 20140411
TotalDefense Win32/FakeAV.CG!generic 20140411
TrendMicro TROJ_FAKEAV.SMVS 20140412
TrendMicro-HouseCall TROJ_FAKEAV.SMVS 20140412
VBA32 Hoax.Agent 20140411
VIPRE Trojan.Win32.Winwebsec.l (v) 20140412
ViRobot Trojan.Win32.A.Agent.401408.R 20140412
AegisLab 20140412
ByteHero 20140412
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
PEiD Armadillo v1.71
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-07-12 12:06:36
Entry Point 0x00001953
Number of sections 4
PE sections
PE imports
HeapFree
GetStdHandle
LCMapStringW
VirtualAllocEx
SetEvent
LCMapStringA
HeapDestroy
ExitProcess
GetEnvironmentStringsW
LoadLibraryA
RtlUnwind
GetModuleFileNameA
FreeEnvironmentStringsA
GetStartupInfoA
GetEnvironmentStrings
SetHandleCount
GetCPInfo
UnhandledExceptionFilter
MultiByteToWideChar
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
RaiseException
WideCharToMultiByte
GetStringTypeA
GetModuleHandleA
InterlockedExchange
WriteFile
GetCurrentProcess
CloseHandle
GetACP
HeapReAlloc
GetStringTypeW
GetOEMCP
TerminateProcess
HeapCreate
VirtualFree
Sleep
GetFileType
CreateFileA
HeapAlloc
GetVersion
VirtualAlloc
ShowWindow
LoadImageA
LoadBitmapA
LoadIconA
mixerGetControlDetailsA
Number of PE resources by type
RT_BITMAP 3
RT_ICON 3
RT_MENU 1
RT_DIALOG 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 7
RUSSIAN 2
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2012:07:12 13:06:36+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
24576

LinkerVersion
6.0

FileAccessDate
2014:04:12 05:54:37+01:00

EntryPoint
0x1953

InitializedDataSize
372736

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

FileCreateDate
2014:04:12 05:54:37+01:00

UninitializedDataSize
0

File identification
MD5 8ed72a01f6dd01cf353091492d7e96c6
SHA1 a810430d6d26e97b1a8b48898d8effe4ed8a140e
SHA256 959161c7bc1736e9f83b351f46b2cc92e22cfffde6bc38dd67e12e007d27cd01
ssdeep
6144:1ZUbdvvdMzygLGVpPgJ2bZp1xuel/n8rNoumQUhPkbNvu+gqslpMZH4hJ:1ZYvGzyg6+J2rKoCUhPqRg1UZY

imphash c0e9aa47c61d4237c1a3f0d6c1a0cd01
File size 392.0 KB ( 401408 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe armadillo mz

VirusTotal metadata
First submission 2012-07-12 12:48:39 UTC ( 5 years, 3 months ago )
Last submission 2014-04-12 04:52:22 UTC ( 3 years, 6 months ago )
File names qQjcSEVHV.scr
8ed72a01f6dd01cf353091492d7e96c6
8ED72A01F6DD01CF353091492D7E96C6.bin
3.exe
B85E34FF0088879B20C906A3D1EE37008429C27C.exe
gvnvpfbu.exe
8ed72a01f6dd01cf353091492d7e96c6.exe
aa
setup.exe
8ED72A01F6DD01CF353091492D7E96C6
959161c7bc1736e9f83b351f46b2cc92e22cfffde6bc38dd67e12e007d27cd01
file-4229206_exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!