× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 9b11150b59bdefa9a27aa19cb2a74a8f588e20333996d8a8d7fae8cc60785210
File name: 000854919
Detection ratio: 52 / 56
Analysis date: 2016-03-01 07:37:24 UTC ( 1 year ago )
Antivirus Result Update
Ad-Aware Trojan.Dropper.BGKD 20160301
AegisLab W32.W.AutoRun.esn!c 20160301
Yandex Worm.AutoRun!H+p1c2mNADk 20160228
AhnLab-V3 Trojan/Win32.Small 20160229
ALYac Trojan.Dropper.BGKD 20160301
Antiy-AVL Worm/Win32.AutoRun 20160301
Arcabit Trojan.Dropper.BGKD 20160301
Avast Win32:Malware-gen 20160301
AVG Generic_r.AM 20160301
Avira (no cloud) TR/Drop.BGKD.1 20160301
AVware Worm.Win32.AutoRun.esn 20160301
Baidu-International Worm.Win32.AutoRun.esn 20160229
BitDefender Trojan.Dropper.BGKD 20160301
Bkav W32.Clodc6d.Trojan.b61e 20160229
CAT-QuickHeal Worm.AutoRun.rw4 20160301
ClamAV Worm.Waledac-10 20160301
CMC Generic.Win32.3ee4f3efab!CMCRadar 20160225
Comodo Worm.Win32.AutoRun.~XK 20160301
Cyren W32/Injector.F.gen!Eldorado 20160301
DrWeb Win32.HLLW.Siggen.68 20160301
Emsisoft Trojan.Dropper.BGKD (B) 20160229
ESET-NOD32 Win32/AutoRun.Agent.GN 20160301
F-Prot W32/EmailWorm.OVN 20160301
F-Secure Trojan.Dropper.BGKD 20160301
Fortinet W32/Waledac.AA!worm 20160301
GData Trojan.Dropper.BGKD 20160301
Ikarus Worm.Win32.AutoRun 20160229
Jiangmin Worm/AutoRun.fjq 20160301
K7AntiVirus P2PWorm ( 004d161a1 ) 20160229
K7GW P2PWorm ( 004d161a1 ) 20160301
Kaspersky Worm.Win32.AutoRun.esn 20160301
McAfee W32/Xirtem@MM 20160301
McAfee-GW-Edition BehavesLike.Win32.Downloader.fc 20160301
Microsoft Worm:Win32/Prolaco.gen!B 20160229
eScan Trojan.Dropper.BGKD 20160301
NANO-Antivirus Trojan.Win32.AutoRun.ghkj 20160301
nProtect Worm/W32.AutoRun.350208.D 20160229
Panda W32/Autorun.IPF 20160229
Qihoo-360 Malware.Radar01.Gen 20160301
Rising PE:Trojan.Win32.Nodef.dpr!1459263 [F] 20160225
Sophos Mal/CryptBox-A 20160301
Symantec W32.Ackantta@mm 20160229
Tencent Win32.Worm.Autorun.xvg 20160301
TheHacker W32/AutoRun.esn 20160227
TotalDefense Win32/Fruspam.E 20160229
TrendMicro WORM_PROLACO.SMS 20160301
TrendMicro-HouseCall WORM_PROLACO.SMS 20160301
VBA32 BScope.Trojan.871206 20160229
VIPRE Worm.Win32.AutoRun.esn 20160301
ViRobot Worm.Win32.Autorun.350208[h] 20160301
Zillya Worm.AutoRun.Win32.20964 20160301
Zoner I-Worm.AutoRun.Agent.GN 20160301
Alibaba 20160301
ByteHero 20160301
Malwarebytes 20160301
SUPERAntiSpyware 20160301
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
PEiD Armadillo v1.71
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2009-01-13 17:12:56
Entry Point 0x00001724
Number of sections 4
PE sections
PE imports
OpenMutexA
CreateMutexA
GetStartupInfoA
SizeofResource
GetModuleHandleA
LoadResource
LockResource
lstrcpyA
GetModuleFileNameA
FindResourceA
GetProcAddress
FreeResource
_except_handler3
__p__fmode
_acmdln
_exit
_adjust_fdiv
__p__commode
_itoa
__dllonexit
_onexit
exit
_XcptFilter
__getmainargs
_initterm
_controlfp
__setusermatherr
__set_app_type
Number of PE resources by type
RT_RCDATA 2
RT_ICON 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 4
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2009:01:13 18:12:56+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
2560

LinkerVersion
6.0

EntryPoint
0x1724

InitializedDataSize
346624

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 3ee4f3efab94bfce790a5fb93d1465c6
SHA1 3d1d5cf6dd898b81261495a3c7cfa01911af84d0
SHA256 9b11150b59bdefa9a27aa19cb2a74a8f588e20333996d8a8d7fae8cc60785210
ssdeep
6144:cl5ws6ZmiM48vDHTldGQ0li0yRNtlOLNzvVAsi3Vqy3aj5W6YPNhrsYchhNiokqr:irKpmzld70yRNtlOJvVxuVqy3aj1YPNQ

authentihash e6bab49d7cd157833e13a5e36987e52fd98afbbde7edbdddc528dca2da363254
imphash bfeb5046b34a4c1a3da0358c4731c6ca
File size 342.0 KB ( 350208 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Tags
peexe

VirusTotal metadata
First submission 2009-01-13 21:26:15 UTC ( 8 years, 2 months ago )
Last submission 2015-06-12 07:29:13 UTC ( 1 year, 9 months ago )
File names 3EE4F3EFAB94BFCE790A5FB93D1465C6
3ee4f3efab94bfce790a5fb93d1465c6
000854919
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!