× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 9ae8f524f64bdab7d2d36b7692a67b3d326357209ac4cd5b9a520bfd83f40ce4
File name: VirusShare_06507bbebb072a89065c2015423935df
Detection ratio: 59 / 72
Analysis date: 2019-01-05 11:35:03 UTC ( 1 month, 1 week ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Kazy.31031 20190105
AegisLab Trojan.Win32.Agent.b!c 20190105
AhnLab-V3 Trojan/Win32.OnlineGameHack.R3058 20190104
ALYac Trojan.Dropper.OnlineGames.ub 20190105
Antiy-AVL Trojan[Dropper]/Win32.Agent 20190105
Arcabit Trojan.Kazy.D7937 20190105
Avast Win32:Dh-A [Heur] 20190105
AVG Win32:Dh-A [Heur] 20190105
Avira (no cloud) TR/ATRAPS.Gen2 20190104
AVware Trojan.Win32.Generic!BT 20180925
BitDefender Gen:Variant.Kazy.31031 20190105
Bkav W32.OnGameTNF6.Trojan 20190104
CAT-QuickHeal Trojan.Generic.19469 20190104
ClamAV Win.Dropper.Agent-201715 20190105
CMC Trojan-Dropper.Win32.Agent!O 20190104
Comodo TrojWare.Win32.PSW.Onlinegames.OQU.2@1qh28w 20190105
Cybereason malicious.ebb072 20180225
Cylance Unsafe 20190105
Cyren W32/OnlineGames.CW.gen!Eldorado 20190105
DrWeb Trojan.PWS.Wsgame.17203 20190105
eGambit Unsafe.AI_Score_92% 20190105
Emsisoft Gen:Variant.Kazy.31031 (B) 20190105
Endgame malicious (moderate confidence) 20181108
ESET-NOD32 Win32/PSW.OnLineGames.OQU 20190105
F-Prot W32/OnlineGames.CW.gen!Eldorado 20190105
F-Secure Trojan-PSW:W32/OnlineGames.TYA 20190105
Fortinet W32/Onlinegames.AAAB!tr 20190105
GData Win32.Trojan.OnLineGames.D@gen 20190105
Ikarus Trojan.Win32.VB 20190104
Sophos ML heuristic 20181128
Jiangmin Trojan/PSW.OnLineGames.bnmi 20190105
K7AntiVirus Password-Stealer ( 004c36071 ) 20190105
K7GW Password-Stealer ( 004c36071 ) 20190105
Kaspersky Trojan-Dropper.Win32.Agent.blbg 20190105
Kingsoft Win32.Troj.GameMPSY.(kcloud) 20190105
MAX malware (ai score=98) 20190105
McAfee Artemis!06507BBEBB07 20190105
McAfee-GW-Edition BehavesLike.Win32.PWSOnlineGames.mc 20190105
Microsoft PWS:Win32/OnLineGames 20190105
eScan Gen:Variant.Kazy.31031 20190105
NANO-Antivirus Trojan.Win32.OnLineGames.dqiscp 20190105
Panda Trj/CI.A 20190105
Qihoo-360 HEUR/Trojan.4b2 20190105
Rising Stealer.GameOL!1.6670 (CLOUD) 20190105
SentinelOne (Static ML) static engine - malicious 20181223
Sophos AV Troj/GamPass-X 20190105
Symantec Infostealer.Gampass 20190104
Tencent Win32.Infect.Patchloader.Eei 20190105
TheHacker Trojan/OnLineGames.vygt 20190104
TotalDefense Win32/Zuten!generic 20190104
Trapmine malicious.high.ml.score 20190103
TrendMicro-HouseCall TSPY_ONLING.SMXO 20190105
VBA32 BScope.Trojan-Dropper.OLGames.2512 20190104
VIPRE Trojan.Win32.Generic!BT 20190105
ViRobot Trojan.Win32.PSWIGames.22560.B 20190105
Webroot W32.Trojan.Trojan-PWS-OnlineGam 20190105
Yandex Trojan.PWS.OnLineGames!f/Sz2RY13Jk 20181229
Zillya Trojan.OnLineGames.Win32.43329 20190105
ZoneAlarm by Check Point Trojan-Dropper.Win32.Agent.blbg 20190105
Acronis 20181227
Alibaba 20180921
Avast-Mobile 20190104
Babable 20180918
Baidu 20190104
CrowdStrike Falcon (ML) 20180202
Malwarebytes 20190105
Palo Alto Networks (Known Signatures) 20190105
SUPERAntiSpyware 20190102
TACHYON 20190105
TrendMicro 20190105
Trustlook 20190105
Zoner 20190105
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
F-PROT UPX
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2010-01-12 19:17:54
Entry Point 0x0000EDA0
Number of sections 3
PE sections
Overlays
MD5 e8f89c579f843398b04128adc940c839
File type data
Offset 22016
Size 544
Entropy 1.03
PE imports
VirtualFree
ExitProcess
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
wsprintfA
Number of PE resources by type
UVB 1
Number of PE resources by language
CHINESE SIMPLIFIED 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

SubsystemVersion
4.0

MachineType
Intel 386 or later, and compatibles

TimeStamp
2010:01:12 20:17:54+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
20480

LinkerVersion
6.0

FileTypeExtension
exe

InitializedDataSize
4096

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

EntryPoint
0xeda0

OSVersion
4.0

ImageVersion
0.0

UninitializedDataSize
36864

File identification
MD5 06507bbebb072a89065c2015423935df
SHA1 a8d7065d528760aeeb7f510aedde0395a17cfd81
SHA256 9ae8f524f64bdab7d2d36b7692a67b3d326357209ac4cd5b9a520bfd83f40ce4
ssdeep
384:9PfPQ0k7PljgNY+diGf2aIYuLGFKCS2AxBw0+4Bo/0jw25i7Pzx0waupP1:9/QhhGc1CSI0+Yo/0jw2c7N0Fc

authentihash c50198bd95460737da286f449623727fe8b94c741b7b9a19e677ae5f2ef3270a
imphash a7763b6300995bdfb604b44d3fcfb1cb
File size 22.0 KB ( 22560 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (28.0%)
UPX compressed Win32 Executable (27.5%)
Win32 EXE Yoda's Crypter (27.0%)
Win32 Dynamic Link Library (generic) (6.6%)
Win32 Executable (generic) (4.5%)
Tags
peexe upx overlay

VirusTotal metadata
First submission 2010-01-19 13:07:33 UTC ( 9 years, 1 month ago )
Last submission 2019-01-05 11:35:03 UTC ( 1 month, 1 week ago )
File names 06507BBEBB072A89065C2015423935DF
06507bbebb072a89065c2015423935df
I0rWn.rtf
VirusShare_06507bbebb072a89065c2015423935df
RwZ2.js
aa
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!