× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 9b8cb3a0ea90bf54ea5f46d34eed716de50885bf06639416d226f9eb7856c014
File name: sample.exe
Detection ratio: 45 / 55
Analysis date: 2014-09-10 19:46:56 UTC ( 10 months, 3 weeks ago )
Antivirus Result Update
AVG Generic5.FMO 20140910
AVware Trojan.Win32.Generic!SB.0 20140910
Ad-Aware MemScan:Trojan.FakeAV.MQX 20140910
Agnitum Adware.WintionalityCheck!iSEBWCN33cI 20140910
AhnLab-V3 Trojan/Win32.FakeAV 20140910
Antiy-AVL Trojan[:HEUR]/Win32.Unknown 20140910
Avast Win32:FakeAV-DML [Trj] 20140910
Avira TR/Fraud.Gen8 20140910
Baidu-International Trojan.Win32.Generic.aH 20140910
BitDefender MemScan:Trojan.FakeAV.MQX 20140910
Bkav HW32.Paked.8AF0 20140910
Comodo UnclassifiedMalware 20140910
Cyren W32/FakeAlert.UW.gen!Eldorado 20140910
DrWeb Trojan.Siggen4.5501 20140910
ESET-NOD32 a variant of Win32/Adware.WintionalityChecker.AF 20140910
Emsisoft MemScan:Trojan.FakeAV.MQX (B) 20140910
F-Prot W32/FakeAlert.UW.gen!Eldorado 20140910
F-Secure MemScan:Trojan.FakeAV.MQX 20140910
Fortinet Riskware/WintionalityChecker 20140910
GData MemScan:Trojan.FakeAV.MQX 20140910
Ikarus Trojan.Win32.FakeAV 20140910
Jiangmin Trojan/Generic.aijfh 20140910
K7AntiVirus Backdoor ( 003b47da1 ) 20140910
K7GW Backdoor ( 003b47da1 ) 20140910
Kaspersky HEUR:Trojan.Win32.Generic 20140910
Kingsoft Win32.Troj.Undef.(kcloud) 20140910
Malwarebytes Rogue.FakeAV 20140910
McAfee FakeAlert-PJ.gen.aw 20140910
McAfee-GW-Edition FakeAlert-PJ.gen.aw 20140910
MicroWorld-eScan MemScan:Trojan.FakeAV.MQX 20140910
Microsoft Rogue:Win32/FakePAV 20140910
NANO-Antivirus Trojan.Win32.Siggen4.tacpf 20140910
Norman FakeAV.BCRH 20140910
Panda Trj/Thed.B 20140910
Qihoo-360 HEUR/Malware.QVM15.Gen 20140910
Rising PE:Trojan.Win32.Generic.12DAF61B!316339739 20140910
SUPERAntiSpyware Trojan.Agent/Gen-FakeProtector 20140910
Sophos Troj/FakeAV-FRZ 20140910
Symantec Trojan.Gen.2 20140910
Tencent Win32.Trojan.Agent.Wqxi 20140910
TrendMicro TROJ_SPNR.16FG12 20140910
TrendMicro-HouseCall TROJ_SPNR.16FG12 20140910
VIPRE Trojan.Win32.Generic!SB.0 20140910
Zillya Adware.WintionalityChecker.Win32.212 20140910
nProtect MemScan:Trojan.FakeAV.MQX 20140910
AegisLab 20140910
ByteHero 20140910
CAT-QuickHeal 20140910
CMC 20140908
ClamAV 20140910
TheHacker 20140910
TotalDefense 20140910
VBA32 20140910
ViRobot 20140910
Zoner 20140910
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
F-PROT Aspack
PEiD ASProtect 1.33 - 2.1 Registered -> Alexey Solodovnikov
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-06-12 07:26:44
Link date 8:26 AM 6/12/2012
Entry Point 0x00001000
Number of sections 10
PE sections
PE imports
AdjustTokenPrivileges
FlatSB_GetScrollInfo
AbortDoc
RaiseException
AlphaBlend
CoCreateGuid
VariantChangeTypeEx
ExtractIconA
SHGetFolderPathA
ActivateKeyboardLayout
GetFileVersionInfoA
InternetOpenA
PlaySoundW
ClosePrinter
PE exports
Number of PE resources by type
Struct(300) 37
RT_BITMAP 34
RT_RCDATA 26
Number of PE resources by language
NEUTRAL 58
RUSSIAN 38
ENGLISH US 1
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2012:06:12 09:26:44+02:00

FileType
Win32 EXE

PEType
PE32

CodeSize
2654208

LinkerVersion
5.0

EntryPoint
0x1000

InitializedDataSize
140288

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 65ee9d8cb2acb1f95cda5f66f4591918
SHA1 61d164cff3667f9b2416e7c921ab8e99a00f2d4c
SHA256 9b8cb3a0ea90bf54ea5f46d34eed716de50885bf06639416d226f9eb7856c014
ssdeep
24576:JgyuqVT2C2AStTtbdaZZ6f04Th/0eiPyYpkbQcpeSSUPDb1baC65pzvGenYEn:JvN2C2AcZx66/SlVwo2PDbFPQppnYw

imphash a6b3d04f217de54fc436772ec1247949
File size 1.9 MB ( 1940992 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Windows Screen Saver (60.5%)
Win32 Executable (generic) (20.8%)
Generic Win/DOS Executable (9.2%)
DOS Executable Generic (9.2%)
VXD Driver (0.1%)
Tags
peexe asprotect aspack

VirusTotal metadata
First submission 2012-06-12 18:30:16 UTC ( 3 years, 1 month ago )
Last submission 2014-09-10 19:46:56 UTC ( 10 months, 3 weeks ago )
File names Protector-qtrx.exe
65ee9d8cb2acb1f95cda5f66f4591918
sample.exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: http://www.clamav.net/doc/pua.html .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
HTTP requests
DNS requests
TCP connections
UDP communications