× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 96837c8b6e03c1706102e82cdff45d01e765e9be0809199bf618200229996a05
File name: a8603b28d6ee88f63b85ab4428aa1123.virus
Detection ratio: 35 / 55
Analysis date: 2016-06-15 19:36:31 UTC ( 1 year, 8 months ago )
Antivirus Result Update
Ad-Aware Trojan.Bredolab.BV 20160615
AegisLab Packer.W32.Krap.li1W 20160615
AhnLab-V3 Trojan/Win32.Bredlab 20160615
ALYac Worm.Email.Waledac 20160615
Avast Win32:MalOb-IJ [Cryp] 20160615
Avira (no cloud) TR/Crypt.XPACK.Gen 20160615
AVware Trojan.Win32.Generic.pak!cobra 20160615
Baidu Win32.Trojan.WisdomEyes.151026.9950.9985 20160615
BitDefender Trojan.Bredolab.BV 20160615
Comodo TrojWare.Win32.Krap.SW 20160615
Cyren W32/Bredolab.W.gen!Eldorado 20160615
DrWeb Trojan.Sniff.123 20160615
Emsisoft Trojan.Bredolab.BV (B) 20160615
ESET-NOD32 a variant of Win32/Kryptik.FAF 20160615
F-Prot W32/Bredolab.W.gen!Eldorado 20160615
F-Secure Trojan.Bredolab.BV 20160615
GData Trojan.Bredolab.BV 20160615
Ikarus Packer.Win32.Krap 20160615
Jiangmin Backdoor/Bredolab.cfu 20160615
Kaspersky Packed.Win32.Krap.x 20160615
Malwarebytes Trojan.Dropper 20160615
McAfee Generic Dropper.lr 20160615
McAfee-GW-Edition BehavesLike.Win32.FakeAlert.dc 20160615
eScan Trojan.Bredolab.BV 20160615
nProtect Trojan.Bredolab.BV 20160615
Panda Bck/Bredolab.AZ 20160615
Qihoo-360 Win32/Trojan.753 20160615
Sophos AV Mal/EncPk-QY 20160615
Symantec Suspicious.Cloud.9 20160615
Tencent Win32.Packed.Krap.Lmua 20160615
TrendMicro TROJ_KRAP.SMXD 20160615
TrendMicro-HouseCall TROJ_KRAP.SMXD 20160615
VBA32 Malware-Cryptor.Hlux 20160615
VIPRE Trojan.Win32.Generic.pak!cobra 20160615
Yandex Trojan.Bredolab!yepKo52+GcM 20160614
Alibaba 20160615
Antiy-AVL 20160615
Arcabit 20160615
AVG 20160615
Baidu-International 20160614
CAT-QuickHeal 20160615
ClamAV 20160615
CMC 20160614
Fortinet 20160615
K7AntiVirus 20160615
K7GW 20160615
Kingsoft 20160615
Microsoft 20160615
NANO-Antivirus 20160615
SUPERAntiSpyware 20160615
TheHacker 20160614
TotalDefense 20160615
ViRobot 20160615
Zillya 20160614
Zoner 20160615
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2010-05-03 10:59:10
Entry Point 0x00001095
Number of sections 4
PE sections
PE imports
LocalFree
GetStartupInfoA
GetStdHandle
GlobalFree
Sleep
lstrlenA
GetModuleHandleA
lstrcatA
GetLastError
GlobalAlloc
FreeLibrary
lstrcpyA
GetTickCount
CloseHandle
GetVersionExA
GetProcAddress
GetFileSize
LoadLibraryA
SetFocus
LoadIconA
GetWindowRect
DispatchMessageA
BeginPaint
MessageBoxA
TranslateMessage
GetSysColor
Number of PE resources by type
RT_ICON 2
RT_DIALOG 1
RT_GROUP_ICON 1
Number of PE resources by language
RUSSIAN 4
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2010:05:03 11:59:10+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
8192

LinkerVersion
6.1

FileTypeExtension
exe

InitializedDataSize
240640

SubsystemVersion
4.0

EntryPoint
0x1095

OSVersion
4.0

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 a8603b28d6ee88f63b85ab4428aa1123
SHA1 331979e302e18b2b9853c86c2ec2b7bea057b557
SHA256 96837c8b6e03c1706102e82cdff45d01e765e9be0809199bf618200229996a05
ssdeep
6144:eNkfdhkhMrCzQTKpeh+aI0Mbuj3fmXKpsD1rix:GkfESrgrpehMXbYdA9

authentihash 759aa472caa787bbe68c787f7864faf1d3b99e83a71b469d3ea398997f2e44ca
imphash b9656de46a18c68b23c651508a5bf71f
File size 244.0 KB ( 249856 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Tags
peexe

VirusTotal metadata
First submission 2016-06-15 19:36:31 UTC ( 1 year, 8 months ago )
Last submission 2016-06-15 19:36:31 UTC ( 1 year, 8 months ago )
File names a8603b28d6ee88f63b85ab4428aa1123.virus
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created mutexes
Opened service managers
Opened services
Runtime DLLs
DNS requests
UDP communications