× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 9b8cb3a0ea90bf54ea5f46d34eed716de50885bf06639416d226f9eb7856c014
File name: 65ee9d8cb2acb1f95cda5f66f4591918
Detection ratio: 24 / 42
Analysis date: 2012-06-15 17:06:59 UTC ( 1 year, 10 months ago )
Antivirus Result Update
AVG Generic5.FMO 20120615
AhnLab-V3 Trojan/Win32.FakeAV 20120615
AntiVir TR/Fraud.Gen8 20120615
Avast Win32:Adware-gen [Adw] 20120615
BitDefender MemScan:Trojan.FakeAV.MQX 20120615
ByteHero Trojan.Win32.Heur.Gen 20120613
Comodo UnclassifiedMalware 20120615
Emsisoft Trojan.Win32.FakeAV!IK 20120615
F-Secure MemScan:Trojan.FakeAV.MQX 20120615
Fortinet Riskware/WintionalityChecker 20120615
GData MemScan:Trojan.FakeAV.MQX 20120615
Ikarus Trojan.Win32.FakeAV 20120615
K7AntiVirus Riskware 20120615
Kaspersky HEUR:Trojan.Win32.Generic 20120615
McAfee FakeAlert-PJ.gen.aw 20120615
Microsoft Rogue:Win32/FakePAV 20120615
NOD32 a variant of Win32/Adware.WintionalityChecker.AF 20120615
Norman W32/FakeAV.BCRH 20120615
PCTools Trojan.Gen 20120615
Panda Trj/CI.A 20120615
Sophos Troj/FakeAV-FRZ 20120615
Symantec Trojan.Gen.2 20120615
VIPRE Trojan.Win32.Generic!BT 20120615
nProtect MemScan:Trojan.FakeAV.MQX 20120615
Antiy-AVL 20120615
CAT-QuickHeal 20120615
ClamAV 20120615
Commtouch 20120615
DrWeb 20120615
F-Prot 20120615
Jiangmin 20120615
McAfee-GW-Edition 20120614
Rising 20120614
SUPERAntiSpyware 20120615
TheHacker 20120615
TotalDefense 20120615
TrendMicro 20120615
TrendMicro-HouseCall 20120615
VBA32 20120615
ViRobot 20120615
VirusBuster 20120615
eSafe 20120614
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
F-PROT Aspack
PEiD ASProtect 1.33 - 2.1 Registered -> Alexey Solodovnikov
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-06-12 07:26:44
Entry Point 0x00001000
Number of sections 10
PE sections
PE imports
AdjustTokenPrivileges
FlatSB_GetScrollInfo
AbortDoc
RaiseException
AlphaBlend
CoCreateGuid
VariantChangeTypeEx
ExtractIconA
SHGetFolderPathA
ActivateKeyboardLayout
GetFileVersionInfoA
InternetOpenA
PlaySoundW
ClosePrinter
PE exports
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2012:06:12 09:26:44+02:00

FileType
Win32 EXE

PEType
PE32

CodeSize
2654208

LinkerVersion
5.0

EntryPoint
0x1000

InitializedDataSize
140288

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 65ee9d8cb2acb1f95cda5f66f4591918
SHA1 61d164cff3667f9b2416e7c921ab8e99a00f2d4c
SHA256 9b8cb3a0ea90bf54ea5f46d34eed716de50885bf06639416d226f9eb7856c014
ssdeep
24576:JgyuqVT2C2AStTtbdaZZ6f04Th/0eiPyYpkbQcpeSSUPDb1baC65pzvGenYEn:JvN2C2AcZx66/SlVwo2PDbFPQppnYw

File size 1.9 MB ( 1940992 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Generic Win/DOS Executable (49.5%)
DOS Executable Generic (49.5%)
VXD Driver (0.7%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)
Tags
asprotect aspack

VirusTotal metadata
First submission 2012-06-12 18:30:16 UTC ( 1 year, 10 months ago )
Last submission 2012-06-15 17:06:59 UTC ( 1 year, 10 months ago )
File names Protector-qtrx.exe
65ee9d8cb2acb1f95cda5f66f4591918
Advanced heuristic and reputation engines
ClamAV PUA
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: http://www.clamav.net/index.php?s=pua&lang=en .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!