× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 9b7bf20d6aca1e351e96f7b007de60481fc65e1e09fdd6c208ef24f97abd2380
File name: bcd13ff561372c5dd665597b7410559565163ba9.exe
Detection ratio: 12 / 41
Analysis date: 2010-07-06 17:37:55 UTC ( 3 years, 9 months ago ) View latest
Antivirus Result Update
Comodo UnclassifiedMalware 20100706
F-Secure Trojan-PSW:W32/OnlineGames.TKE 20100706
Ikarus Trojan.Generic 20100706
McAfee Artemis!22ACEFFBB101 20100706
McAfee-GW-Edition Heuristic.BehavesLike.Win32.Packed.A 20100705
PCTools Trojan.ADH 20100706
Prevx Medium Risk Malware 20100706
Symantec Trojan.ADH 20100706
TheHacker Trojan/Dropper.gen 20100705
a-squared Trojan.Generic!IK 20100706
eSafe Win32.PSWOnlineGames 20100706
nProtect Trojan/W32.Agent_Packed.267441 20100706
AVG 20100706
AhnLab-V3 20100705
AntiVir 20100706
Antiy-AVL 20100706
Authentium 20100706
Avast 20100706
Avast5 20100706
BitDefender 20100706
CAT-QuickHeal 20100630
ClamAV 20100706
DrWeb 20100706
F-Prot 20100705
Fortinet 20100704
GData 20100706
Jiangmin 20100706
Kaspersky 20100706
Microsoft 20100703
NOD32 20100706
Norman 20100706
Panda 20100706
Rising 20100706
Sophos 20100706
Sunbelt 20100706
TrendMicro 20100706
TrendMicro-HouseCall 20100706
VBA32 20100705
ViRobot 20100706
VirusBuster 20100706
eTrust-Vet 20100706
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block
File version 3, 2, 12, 1
Packers identified
F-PROT UPX
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2008-06-12 08:51:05
Entry Point 0x00098CA0
Number of sections 3
PE sections
PE imports
RegCloseKey
ImageList_Create
LineTo
VirtualFree
ExitProcess
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
WNetUseConnectionW
DragFinish
VerQueryValueW
timeGetTime
GetSaveFileNameW
CoInitialize
Number of PE resources by type
RT_ICON 11
RT_STRING 6
RT_GROUP_ICON 4
RT_DIALOG 1
RT_MANIFEST 1
RT_MENU 1
RT_VERSION 1
Number of PE resources by language
ENGLISH UK 25
ExifTool file metadata
UninitializedDataSize
393216

InitializedDataSize
28672

ImageVersion
0.0

FileVersionNumber
3.2.12.1

LanguageCode
English (British)

FileFlagsMask
0x0017

CharacterSet
Unicode

LinkerVersion
8.0

MIMEType
application/octet-stream

FileVersion
3, 2, 12, 1

TimeStamp
2008:06:12 09:51:05+01:00

FileType
Win32 EXE

PEType
PE32

FileAccessDate
2013:05:27 21:36:14+01:00

SubsystemVersion
4.0

OSVersion
4.0

FileCreateDate
2013:05:27 21:36:14+01:00

FileOS
Win32

Subsystem
Windows GUI

CompiledScript
AutoIt v3 Script : 3, 2, 12, 1

MachineType
Intel 386 or later, and compatibles

CodeSize
229376

FileSubtype
0

ProductVersionNumber
3.2.12.1

EntryPoint
0x98ca0

ObjectFileType
Unknown

Compressed bundles
File identification
MD5 22aceffbb101880832fd7a7f9038704f
SHA1 bcd13ff561372c5dd665597b7410559565163ba9
SHA256 9b7bf20d6aca1e351e96f7b007de60481fc65e1e09fdd6c208ef24f97abd2380
ssdeep
6144:yknN4CVUIm6uk06ZLYgvBA+8xmrxgmA+3cclptVopAYakQ6VKtMqdr:HnNhuBoY8SorxgmA+nlvVl3SVK+q

File size 261.2 KB ( 267441 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID UPX compressed Win32 Executable (41.1%)
Win32 EXE Yoda's Crypter (35.7%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (8.7%)
Generic Win/DOS Executable (2.6%)
Tags
peexe upx

VirusTotal metadata
First submission 2009-05-22 12:27:13 UTC ( 4 years, 11 months ago )
Last submission 2013-05-27 20:36:08 UTC ( 11 months ago )
File names extkmmht.exe
bcd13ff561372c5dd665597b7410559565163ba9.exe
86e32edeb1bbbab814be04d9fdd930007c0acc75.EXE
bcd13ff561372c5dd665597b741055956
Advanced heuristic and reputation engines
ClamAV PUA
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: http://www.clamav.net/index.php?s=pua&lang=en .

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!