× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 9b7bf20d6aca1e351e96f7b007de60481fc65e1e09fdd6c208ef24f97abd2380
File name: bcd13ff561372c5dd665597b7410559565163ba9.exe
Detection ratio: 12 / 41
Analysis date: 2010-07-06 17:37:55 UTC ( 4 years, 11 months ago ) View latest
Antivirus Result Update
Comodo UnclassifiedMalware 20100706
F-Secure Trojan-PSW:W32/OnlineGames.TKE 20100706
Ikarus Trojan.Generic 20100706
McAfee Artemis!22ACEFFBB101 20100706
McAfee-GW-Edition Heuristic.BehavesLike.Win32.Packed.A 20100705
PCTools Trojan.ADH 20100706
Prevx Medium Risk Malware 20100706
Symantec Trojan.ADH 20100706
TheHacker Trojan/Dropper.gen 20100705
a-squared Trojan.Generic!IK 20100706
eSafe Win32.PSWOnlineGames 20100706
nProtect Trojan/W32.Agent_Packed.267441 20100706
AVG 20100706
AhnLab-V3 20100705
AntiVir 20100706
Antiy-AVL 20100706
Authentium 20100706
Avast 20100706
Avast5 20100706
BitDefender 20100706
CAT-QuickHeal 20100630
ClamAV 20100706
DrWeb 20100706
F-Prot 20100705
Fortinet 20100704
GData 20100706
Jiangmin 20100706
Kaspersky 20100706
Microsoft 20100703
NOD32 20100706
Norman 20100706
Panda 20100706
Rising 20100706
Sophos 20100706
Sunbelt 20100706
TrendMicro 20100706
TrendMicro-HouseCall 20100706
VBA32 20100705
ViRobot 20100706
VirusBuster 20100706
eTrust-Vet 20100706
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Developer metadata
File version 3, 2, 12, 1
Packers identified
F-PROT UPX
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2008-06-12 08:51:05
Link date 9:51 AM 6/12/2008
Entry Point 0x00098CA0
Number of sections 3
PE sections
PE imports
RegCloseKey
ImageList_Create
LineTo
VirtualFree
ExitProcess
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
WNetUseConnectionW
GetActiveObject
DragFinish
VerQueryValueW
timeGetTime
GetSaveFileNameW
CoInitialize
Number of PE resources by type
RT_ICON 11
RT_STRING 6
RT_GROUP_ICON 4
RT_DIALOG 1
RT_MANIFEST 1
RT_MENU 1
RT_VERSION 1
Number of PE resources by language
ENGLISH UK 25
ExifTool file metadata
UninitializedDataSize
393216

LinkerVersion
8.0

ImageVersion
0.0

FileVersionNumber
3.2.12.1

LanguageCode
English (British)

FileFlagsMask
0x0017

CharacterSet
Unicode

InitializedDataSize
28672

MIMEType
application/octet-stream

FileVersion
3, 2, 12, 1

TimeStamp
2008:06:12 09:51:05+01:00

FileType
Win32 EXE

PEType
PE32

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

CompiledScript
AutoIt v3 Script : 3, 2, 12, 1

MachineType
Intel 386 or later, and compatibles

CodeSize
229376

FileSubtype
0

ProductVersionNumber
3.2.12.1

EntryPoint
0x98ca0

ObjectFileType
Unknown

File identification
MD5 22aceffbb101880832fd7a7f9038704f
SHA1 bcd13ff561372c5dd665597b7410559565163ba9
SHA256 9b7bf20d6aca1e351e96f7b007de60481fc65e1e09fdd6c208ef24f97abd2380
ssdeep
6144:yknN4CVUIm6uk06ZLYgvBA+8xmrxgmA+3cclptVopAYakQ6VKtMqdr:HnNhuBoY8SorxgmA+nlvVl3SVK+q

authentihash dd41655b596a3b8d0e5c5a956967c07bd83fd8e4dee710448d29ced802866906
imphash a47a8f374586a42b20d3b48a138e11e8
File size 261.2 KB ( 267441 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID UPX compressed Win32 Executable (42.3%)
Win32 EXE Yoda's Crypter (36.7%)
Win32 Dynamic Link Library (generic) (9.1%)
Win32 Executable (generic) (6.2%)
Generic Win/DOS Executable (2.7%)
Tags
peexe upx

VirusTotal metadata
First submission 2009-05-22 12:27:13 UTC ( 6 years ago )
Last submission 2015-03-08 21:11:42 UTC ( 2 months, 3 weeks ago )
File names extkmmht.exe
bcd13ff561372c5dd665597b7410559565163ba9.exe
86e32edeb1bbbab814be04d9fdd930007c0acc75.EXE
bcd13ff561372c5dd665597b741055956
Advanced heuristic and reputation engines
ClamAV PUA
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: http://www.clamav.net/doc/pua.html .

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!