× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 9b40eb49eb15700a0d9c60c0b70b3cd917cc4f01ec1c052c5e112082a03e3782
File name: gigalan.txt
Detection ratio: 32 / 44
Analysis date: 2013-03-17 10:46:36 UTC ( 6 years ago )
Antivirus Result Update
Yandex Rootkit.Qhost!Zr/lZ5zNkFg 20130317
AhnLab-V3 Backdoor/Win32.Qhost 20130317
AntiVir TR/Virtool.Kelzef.A.12 20130317
Avast Win32:Rootkit-gen [Rtk] 20130317
AVG Dropper.Generic7.BMUK 20130317
BitDefender Trojan.Generic.KDV.870338 20130317
CAT-QuickHeal Trojan.Kelzef 20130316
Commtouch W32/Trojan.MSRK-9231 20130317
Comodo UnclassifiedMalware 20130317
DrWeb Trojan.Hosts.5268 20130317
Emsisoft VirTool.WinNT.Kelzef.AMN (A) 20130317
ESET-NOD32 a variant of Win32/Rootkit.Kryptik.TB 20130317
F-Secure Trojan.Generic.KDV.870338 20130317
Fortinet W32/Qhost.NS!tr.rkit 20130317
GData Trojan.Generic.KDV.870338 20130317
Ikarus VirTool.WinNT.Kelzef 20130317
K7AntiVirus Riskware 20130315
Kaspersky Rootkit.Win32.Qhost.ns 20130317
Malwarebytes Trojan.Banker 20130317
McAfee RDN/Qhost-Gen!d 20130317
McAfee-GW-Edition RDN/Qhost-Gen!d 20130317
Microsoft VirTool:WinNT/Kelzef.A 20130317
eScan Trojan.Generic.KDV.870338 20130317
Norman Suspicious_Gen4.CJNLU 20130316
nProtect Trojan.Generic.KDV.870338 20130317
Panda Trj/CI.A 20130317
Sophos AV Mal/Generic-S 20130317
Symantec WS.Reputation.1 20130317
TrendMicro TROJ_SPNR.0CC513 20130317
TrendMicro-HouseCall TROJ_SPNR.0CC513 20130317
VBA32 Rootkit.Qhost.ns 20130315
VIPRE Trojan.Win32.Generic!BT 20130317
Antiy-AVL 20130316
ByteHero 20130315
ClamAV 20130317
eSafe 20130313
F-Prot 20130317
Jiangmin 20130317
Kingsoft 20130311
NANO-Antivirus 20130317
PCTools 20130315
SUPERAntiSpyware 20130316
TheHacker 20130315
ViRobot 20130316
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Native subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2005-04-17 19:38:35
Entry Point 0x00002150
Number of sections 5
PE sections
PE imports
IoIsValidNameGraftingBuffer
Ke386SetIoAccessMap
CcMdlRead
PfxRemovePrefix
KeFlushEntireTb
IoIsOperationSynchronous
KeI386Call16BitFunction
PfxInitialize
ObDereferenceObject
IoIsWdmVersionAvailable
SeCloseObjectAuditAlarm
PsInitialSystemProcess
RtlGetGroupSecurityDescriptor
ZwCreateKey
RtlValidSecurityDescriptor
IoGetRequestorProcess
RtlAppendUnicodeToString
MmForceSectionClosed
ZwFreeVirtualMemory
IoCheckQuotaBufferValidity
IoDeleteSymbolicLink
NtQueryVolumeInformationFile
FsRtlDoesNameContainWildCards
wcscat
IoOpenDeviceInterfaceRegistryKey
MmSizeOfMdl
SeSetSecurityDescriptorInfoEx
MmUnsecureVirtualMemory
MmTrimAllSystemPagableMemory
DbgBreakPoint
KeQueryTickCount
PsGetCurrentProcessId
ZwSetValueKey
CcPurgeCacheSection
PoSetPowerState
RtlDeleteAtomFromAtomTable
ZwDuplicateObject
IoAttachDeviceByPointer
IoGetRequestorProcessId
Number of PE resources by type
RT_STRING 1
RT_VERSION 1
Number of PE resources by language
NEUTRAL 2
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Native

MachineType
Intel 386 or later, and compatibles

TimeStamp
2005:04:17 20:38:35+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
40576

LinkerVersion
5.12

EntryPoint
0x2150

InitializedDataSize
2592

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 8492dc313d3e7c3527a88cdb50f9e10c
SHA1 52f4886b9f04a1205578a5250cc4bd6591c3fa62
SHA256 9b40eb49eb15700a0d9c60c0b70b3cd917cc4f01ec1c052c5e112082a03e3782
ssdeep
192:d3zlAKgR+iI+F/v+tWYmnstbZMa8ffZ2mloyvIKVL6TCKYEihiI72IHIRHVD8dwP:d3iQmWvtbyXffZ2mD/vQTA2IYOdwX

File size 42.8 KB ( 43808 bytes )
File type Win32 EXE
Magic literal
MS-DOS executable PE for MS Windows (native) Intel 80386 32-bit

TrID Generic Win/DOS Executable (49.9%)
DOS Executable Generic (49.8%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)
Tags
peexe

VirusTotal metadata
First submission 2013-02-16 13:50:18 UTC ( 6 years, 1 month ago )
Last submission 2013-03-17 10:46:36 UTC ( 6 years ago )
File names file-5180899_dta
8492dc313d3e7c3527a88cdb50f9e10c
gigalan.txt
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!