× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 96e5221c2a14adcecdca373f982ce3f0ec3a239b1ce8f3064c7f13b76222ce4f
File name: provisional respaldo .scr
Detection ratio: 53 / 56
Analysis date: 2017-01-21 01:57:50 UTC ( 2 years, 1 month ago ) View latest
Antivirus Result Update
Ad-Aware Win32.Worm.Brontok.BI 20170121
AegisLab W32.Sality.k!c 20170120
AhnLab-V3 HEUR/Fakon.mwf 20170120
ALYac Win32.Worm.Brontok.BI 20170121
Antiy-AVL Virus/Win32.Sality.k 20170121
Arcabit Win32.Worm.Brontok.BI 20170121
Avast Win32:Sality-O 20170121
AVG Win32/Sality 20170120
Avira (no cloud) W32/Sality.K 20170120
AVware Virus.Win32.Sality.k (v) 20170121
Baidu Win32.Virus.Sality.f 20170120
BitDefender Win32.Worm.Brontok.BI 20170121
CAT-QuickHeal W32.Sality.K 20170120
ClamAV Win.Worm.VB-556 20170120
CMC Virus.Win32.Sality!O 20170120
Comodo Virus.Win32.Sality.K 20170121
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20161024
Cyren W32/Sality.J 20170121
DrWeb Trojan.MulDrop.59624 20170121
Emsisoft Win32.Worm.Brontok.BI (B) 20170121
ESET-NOD32 Win32/Sality.NAC 20170121
F-Prot W32/Sality.J 20170121
F-Secure Win32.Worm.Brontok.BI 20170121
Fortinet W32/Sality.P 20170121
GData Win32.Worm.Brontok.BI 20170121
Ikarus Trojan.Win32.Agent 20170120
Sophos ML worm.win32.lightmoon.h 20170111
Jiangmin Win32/HLLP.Kuku.b 20170120
K7AntiVirus Virus ( 0008d6041 ) 20170120
K7GW EmailWorm ( 0040f8c11 ) 20170121
Kaspersky Virus.Win32.Sality.k 20170120
Kingsoft Win32.Sality.ka.260096 20170121
Malwarebytes Worm.AutoRun 20170120
McAfee W32/MoonLight.worm 20170121
McAfee-GW-Edition BehavesLike.Win32.MultiPlug.qc 20170121
Microsoft Virus:Win32/Sality.M 20170120
eScan Win32.Worm.Brontok.BI 20170121
NANO-Antivirus Virus.Win32.Sality.cchs 20170121
Panda W32/Sality.N 20170120
Qihoo-360 Virus.Win32.Sality.E 20170121
Rising Worm.VB.fa-ujezPjiSOTF (cloud) 20170121
Sophos AV W32/Kookoo-A 20170120
SUPERAntiSpyware Trojan.Agent/Gen-Pakon 20170121
Symantec ML.Relationship.HighConfidence [W32.Rontokbro@mm] 20170120
Tencent Win32.Virus.Sality.Agku 20170121
TheHacker W32/Sality(rp).k 20170117
TotalDefense Win32/Sality.I 20170120
VBA32 Win32.HLLP.Kuku.303b 20170120
VIPRE Virus.Win32.Sality.k (v) 20170121
ViRobot Win32.Sality.D[h] 20170121
Yandex Win32.Sality.M 20170120
Zillya Worm.VB.Win32.2 20170120
Zoner I-Worm.NoonLight.B 20170121
Alibaba 20170120
nProtect 20170121
TrendMicro 20170121
TrendMicro-HouseCall 20170121
Trustlook 20170121
WhiteArmor 20170120
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2004-03-08 01:57:36
Entry Point 0x0000118C
Number of sections 2
PE sections
PE imports
VirtualFree
LoadLibraryA
VirtualAlloc
GetProcAddress
Number of PE resources by type
RT_ICON 3
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 4
ENGLISH US 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

SubsystemVersion
4.0

MachineType
Intel 386 or later, and compatibles

TimeStamp
2004:03:08 02:57:36+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
73728

LinkerVersion
6.0

Warning
Error processing PE data dictionary

FileTypeExtension
exe

InitializedDataSize
20480

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

EntryPoint
0x118c

OSVersion
4.0

ImageVersion
1.0

UninitializedDataSize
0

File identification
MD5 7190dc6c799d0494d5a8cedcf5ef9aa3
SHA1 31bf0bb6bb4756f24beffea570d515bf67de0421
SHA256 96e5221c2a14adcecdca373f982ce3f0ec3a239b1ce8f3064c7f13b76222ce4f
ssdeep
768:IpUt1E/8mS+amkLFRccny45nHguULvjtgGeaJYQF91tZLmk8:IpO1Ek93yAgfbCAJV9r8k8

authentihash ea054deb5bc46f8823cd20447ac14a5d288f50fdd7cdfaf608c0b2ca4b88c61d
imphash 09d0478591d4f788cb3e5ea416c25237
File size 52.0 KB ( 53248 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable (generic) (42.7%)
OS/2 Executable (generic) (19.2%)
Generic Win/DOS Executable (18.9%)
DOS Executable Generic (18.9%)
Tags
peexe usb-autorun

VirusTotal metadata
First submission 2009-02-04 12:55:39 UTC ( 10 years ago )
Last submission 2016-05-06 13:29:25 UTC ( 2 years, 9 months ago )
File names 1CP .scr
sa-76400.exe
rrLA1UdbW.jpg
0 RUNA WAY .scr
55172188316l.exe
7190dc6c799d0494d5a8cedcf5ef9aa3.exe
tuxo30413z.exe
1960
sql.cmd
provisional respaldo .scr
Data DosenKu .exe
sql.cmd
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!