× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 98c347e106e1f7035d9e98b931be642b9ca2c41b0b2e9c0fc0b723326ede36f6
File name: a08.ex
Detection ratio: 46 / 51
Analysis date: 2014-03-30 14:15:32 UTC ( 4 years, 6 months ago )
Antivirus Result Update
Ad-Aware Trojan.Generic.5099285 20140330
Yandex Trojan.DR.Dozmot.Gen 20140329
AhnLab-V3 Dropper/Win32.OnlineGameHack 20140330
AntiVir TR/Spy.Gen 20140330
Antiy-AVL Trojan[:HEUR]/Win32.AGeneric 20140330
Avast Win32:Lolyda-B [Trj] 20140330
AVG PSW.OnlineGames3.ARMA 20140330
Baidu-International Trojan.Win32.OnLineGames.AHVk 20140330
BitDefender Trojan.Generic.5099285 20140330
Bkav W32.Umer.Trojan 20140329
CAT-QuickHeal Win32.Trojan-GameThief.OnLineGames.bnkb.4 20140330
CMC Trojan-GameThief.Win32.OnLineGames!O 20140328
Commtouch W32/OnlineGames.A.gen!GSA 20140330
Comodo TrojWare.Win32.Crypt.RA 20140330
DrWeb Trojan.PWS.Wow.1977 20140330
Emsisoft Trojan.Generic.5099285 (B) 20140330
ESET-NOD32 Win32/PSW.OnLineGames.NSU 20140330
F-Prot W32/OnlineGames.A.gen!GSA 20140330
F-Secure Trojan.Generic.5099285 20140330
Fortinet W32/Dropper.XW!tr 20140330
GData Trojan.Generic.5099285 20140330
Ikarus Trojan-GameThief.Win32.OnLineGames 20140330
K7GW Riskware ( 0015e4f11 ) 20140328
Kaspersky Trojan-GameThief.Win32.OnLineGames.bnkb 20140330
Kingsoft Win32.Troj.Generic.(kcloud) 20140330
Malwarebytes Spyware.Onlinegames 20140330
McAfee Artemis!B47B73F54B48 20140330
McAfee-GW-Edition Artemis!B47B73F54B48 20140329
Microsoft PWS:Win32/Dozmot.D 20140330
eScan Trojan.Generic.5099285 20140330
NANO-Antivirus Trojan.Win32.Magania.bpwxta 20140330
Norman Magania.GZ 20140330
nProtect Trojan-PWS/W32.WebGame.16424.AB 20140330
Panda Trj/Lineage.LNC 20140330
Qihoo-360 Win32/Trojan.GameThief.14d 20140330
Rising PE:Stealer.OnLineGames!1.64DE 20140330
Sophos AV Troj/PWS-BML 20140330
SUPERAntiSpyware Trojan.Agent/Gen-OnlineGames 20140329
Symantec Infostealer.Onlinegame 20140330
TheHacker Posible_Worm32 20140329
TotalDefense Win32/Onlinegames!generic 20140329
TrendMicro TROJ_GAMEHTI.SMI 20140330
TrendMicro-HouseCall TROJ_GAMEHTI.SMI 20140330
VBA32 Trojan-Dropper.Agent.11121 20140328
VIPRE BehavesLike.Win32.Malware.dah (mx-v) 20140330
ViRobot Trojan.Win32.PSWIGames.16424.N 20140330
AegisLab 20140330
ByteHero 20140330
ClamAV 20140330
Jiangmin 20140330
K7AntiVirus 20140328
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
Command UPX
F-PROT UPX
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2010-08-25 06:19:02
Entry Point 0x0000B660
Number of sections 3
PE sections
PE imports
RegEnumKeyA
VirtualFree
ExitProcess
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
wsprintfA
Number of PE resources by type
LODR 1
Number of PE resources by language
CHINESE SIMPLIFIED 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2010:08:25 07:19:02+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
16384

LinkerVersion
6.0

FileAccessDate
2014:03:30 15:12:59+01:00

EntryPoint
0xb660

InitializedDataSize
4096

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

FileCreateDate
2014:03:30 15:12:59+01:00

UninitializedDataSize
28672

File identification
MD5 b47b73f54b48b87de5a028b9e4926949
SHA1 92a120d013d842e4ac203d4f15a9f609801b7c15
SHA256 98c347e106e1f7035d9e98b931be642b9ca2c41b0b2e9c0fc0b723326ede36f6
ssdeep
384:Gajfomfc60xeWNGe15ElZ4X81C+rlpwk0vrDlivZl731AZtyF:GaToYR0xefeXEH4XerlpOdO

imphash 4864195dcadedd73903b4f2e4faab990
File size 16.0 KB ( 16424 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID UPX compressed Win32 Executable (30.6%)
Win64 Executable (generic) (27.6%)
Win32 EXE Yoda's Crypter (26.5%)
Win32 Dynamic Link Library (generic) (6.5%)
Win32 Executable (generic) (4.5%)
Tags
peexe upx

VirusTotal metadata
First submission 2010-08-26 12:24:15 UTC ( 8 years, 2 months ago )
Last submission 2014-03-30 14:15:32 UTC ( 4 years, 6 months ago )
File names a08.ex
smona130674256106990656162
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Behaviour characterization
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!