× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 99d2cbdee78f7d66d73e7545e6e03d0f20f2d731f9911fdd84c4c95f6ddea9b7
File name: eb3b44cee34ec09ec6c5917c5bd7cfb4
Detection ratio: 36 / 42
Analysis date: 2012-04-24 22:41:39 UTC ( 5 years, 5 months ago )
Antivirus Result Update
AhnLab-V3 Win-Trojan/Agent.61968 20120424
AntiVir TR/Dldr.Agent.ajvs 20120424
Antiy-AVL Trojan/Win32.Agent.gen 20120424
Avast Win32:Trojan-gen 20120424
AVG Downloader.Agent.ANLK 20120425
BitDefender Trojan.Downloader.Zlob.ACMZ 20120424
ClamAV Trojan.Downloader-58591 20120424
Commtouch W32/Downldr2.EUQV 20120424
Comodo TrojWare.Win32.TrojanDownloader.Zlob.CRQ0 20120424
DrWeb Trojan.DownLoad.6518 20120425
Emsisoft Trojan-Dropper.Agent!IK 20120424
F-Prot W32/Downldr2.EUQV 20120424
F-Secure Trojan.Downloader.Zlob.ACMZ 20120424
Fortinet W32/Agent.AJVR!tr.dldr 20120424
GData Trojan.Downloader.Zlob.ACMZ 20120424
Ikarus Trojan-Dropper.Agent 20120424
Jiangmin TrojanDownloader.Agent.aush 20120424
K7AntiVirus Trojan-Downloader 20120424
Kaspersky Trojan-Downloader.Win32.Agent.ajvr 20120424
McAfee generic!bg.gsa 20120424
McAfee-GW-Edition generic!bg.gsa 20120424
Microsoft TrojanDownloader:Win32/Zlob.AOJ 20120424
NOD32 Win32/TrojanDownloader.Zlob.CRQ 20120425
Norman W32/Agent.IXIQ 20120424
nProtect Trojan-Downloader/W32.Agent.61968 20120424
Panda Trj/Downloader.MDW 20120424
PCTools Trojan.Zlob!rem 20120424
Sophos AV Mal/Generic-L 20120424
Symantec Trojan.Zlob 20120424
TheHacker Trojan/Downloader.Agent.ajvr 20120424
TrendMicro TROJ_DOWNLOADER_0000288.TOMA 20120424
TrendMicro-HouseCall TROJ_DOWNLOADER_0000288.TOMA 20120424
VBA32 Trojan-Downloader.Win32.Agent.ajvr 20120422
VIPRE Trojan.Win32.Generic!BT 20120425
ViRobot Trojan.Win32.Downloader.61968 20120424
VirusBuster Trojan.DL.Agent!z3jldpFYwFo 20120423
ByteHero 20120424
CAT-QuickHeal 20120424
eSafe 20120424
eTrust-Vet 20120424
Rising 20120424
SUPERAntiSpyware 20120402
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2008-10-14 14:00:46
Entry Point 0x0000207D
Number of sections 5
PE sections
PE imports
GetTempFileNameW, GetFileSize, CreateProcessW, SetWaitableTimer, WaitForSingleObject, ReadFile, CreateFileW, GetTempPathW, CreateWaitableTimerW, CloseHandle, DeleteFileW, FlushFileBuffers, CreateFileA, WriteConsoleW, GetConsoleOutputCP, GetCommandLineA, GetStartupInfoA, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, GetCPInfo, InterlockedIncrement, InterlockedDecrement, GetACP, GetOEMCP, IsValidCodePage, GetModuleHandleW, GetProcAddress, TlsGetValue, TlsAlloc, TlsSetValue, TlsFree, SetLastError, GetCurrentThreadId, GetLastError, HeapFree, HeapAlloc, RaiseException, Sleep, ExitProcess, WriteFile, GetStdHandle, GetModuleFileNameA, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, WideCharToMultiByte, GetEnvironmentStringsW, SetHandleCount, GetFileType, DeleteCriticalSection, HeapCreate, VirtualFree, QueryPerformanceCounter, GetTickCount, GetCurrentProcessId, GetSystemTimeAsFileTime, LCMapStringA, MultiByteToWideChar, LCMapStringW, GetStringTypeA, GetStringTypeW, LeaveCriticalSection, EnterCriticalSection, GetLocaleInfoA, SetFilePointer, GetConsoleCP, GetConsoleMode, VirtualAlloc, HeapReAlloc, HeapSize, LoadLibraryA, InitializeCriticalSectionAndSpinCount, RtlUnwind, SetStdHandle, WriteConsoleA
wsprintfW, LoadStringW
CoCreateInstance, CoInitializeSecurity, CoInitializeEx
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2008:10:14 16:00:46+02:00

FileType
Win32 EXE

PEType
PE32

CodeSize
39424

LinkerVersion
9.0

EntryPoint
0x207d

InitializedDataSize
28672

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
0

File identification
MD5 eb3b44cee34ec09ec6c5917c5bd7cfb4
SHA1 5f9650372c2b50ae14800a7ca0e56ffd2ade792c
SHA256 99d2cbdee78f7d66d73e7545e6e03d0f20f2d731f9911fdd84c4c95f6ddea9b7
ssdeep
768:UBXF+wrzKvkRL/kHn2c1U4R86OWazwqw9/nOpN4/eAlyvjcHkp58dzAE0qYIG:UBV8vkRjkWwRkda9/nl2vjc+5gzAEs

File size 60.5 KB ( 61968 bytes )
File type Win32 EXE
Magic literal
MS-DOS executable PE for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
VirusTotal metadata
First submission 2008-10-20 00:38:33 UTC ( 8 years, 12 months ago )
Last submission 2012-04-24 22:41:39 UTC ( 5 years, 5 months ago )
File names eb3b44cee34ec09ec6c5917c5bd7cfb4
H3ajgGA.tiff
aa
TO5rHeUB9.wbs
Behaviour characterization
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!