× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 9b8cb3a0ea90bf54ea5f46d34eed716de50885bf06639416d226f9eb7856c014
File name: 9b8cb3a0ea90bf54ea5f46d34eed716de50885bf06639416d226f9eb7856c014.vir
Detection ratio: 41 / 56
Analysis date: 2016-01-12 22:15:57 UTC ( 11 months ago )
Antivirus Result Update
ALYac MemScan:Trojan.FakeAV.MQX 20160112
AVG Generic5.FMO 20160112
AVware Trojan.Win32.Generic!SB.0 20160111
Ad-Aware MemScan:Trojan.FakeAV.MQX 20160112
Yandex Adware.WintionalityCheck!iSEBWCN33cI 20160111
AhnLab-V3 Trojan/Win32.FakeAV 20160112
Antiy-AVL Trojan[:HEUR]/Win32.Unknown 20160113
Arcabit Trojan.FakeAV.MQX 20160113
Avast Win32:Evo-gen [Susp] 20160113
Avira (no cloud) TR/Fraud.Gen8 20160113
Baidu-International Adware.Win32.WintionalityChecker.AF 20160112
BitDefender MemScan:Trojan.FakeAV.MQX 20160112
Comodo UnclassifiedMalware 20160112
Cyren W32/FakeAlert.UW.gen!Eldorado 20160112
DrWeb Trojan.Siggen4.5501 20160112
ESET-NOD32 a variant of Win32/Adware.WintionalityChecker.AF 20160112
Emsisoft MemScan:Trojan.FakeAV.MQX (B) 20160112
F-Prot W32/FakeAlert.UW.gen!Eldorado 20160111
F-Secure MemScan:Trojan.FakeAV.MQX 20160112
Fortinet Riskware/WintionalityChecker 20160112
GData MemScan:Trojan.FakeAV.MQX 20160112
Ikarus Trojan.Win32.FakeAV 20160112
Jiangmin Trojan/Generic.afnnp 20160112
K7AntiVirus Backdoor ( 003b47da1 ) 20160112
K7GW Backdoor ( 003b47da1 ) 20160112
Kaspersky HEUR:Trojan.Win32.Generic 20160112
Malwarebytes Rogue.FakeAV 20160112
McAfee FakeAlert-PJ.gen.aw 20160112
McAfee-GW-Edition BehavesLike.Win32.Downloader.tc 20160112
eScan MemScan:Trojan.FakeAV.MQX 20160112
Microsoft Rogue:Win32/FakePAV 20160112
NANO-Antivirus Trojan.Win32.Siggen4.tacpf 20160112
Panda Trj/Genetic.gen 20160112
Qihoo-360 HEUR/Malware.QVM15.Gen 20160113
SUPERAntiSpyware Trojan.Agent/Gen-FakeProtector 20160112
Sophos Troj/FakeAV-FRZ 20160112
Symantec Trojan.Gen.2 20160112
Tencent Win32.Trojan.Generic.Wqxi 20160113
VIPRE Trojan.Win32.Generic!SB.0 20160112
Zillya Adware.WintionalityChecker.Win32.212 20160112
nProtect MemScan:Trojan.FakeAV.MQX 20160112
AegisLab 20160112
Alibaba 20160112
Bkav 20160112
ByteHero 20160113
CAT-QuickHeal 20160112
CMC 20160111
ClamAV 20160112
Rising 20160112
TheHacker 20160107
TotalDefense 20160112
TrendMicro 20160112
TrendMicro-HouseCall 20160112
VBA32 20160112
ViRobot 20160112
Zoner 20160112
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
F-PROT Aspack
PEiD ASProtect 1.33 - 2.1 Registered -> Alexey Solodovnikov
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-06-12 07:26:44
Entry Point 0x00001000
Number of sections 10
PE sections
PE imports
AdjustTokenPrivileges
FlatSB_GetScrollInfo
AbortDoc
GetProcAddress
GetModuleHandleA
LoadLibraryA
RaiseException
AlphaBlend
CoCreateGuid
GetActiveObject
VariantChangeTypeEx
ExtractIconA
SHGetFolderPathA
ActivateKeyboardLayout
GetFileVersionInfoA
InternetOpenA
PlaySoundW
ClosePrinter
PE exports
Number of PE resources by type
Struct(300) 37
RT_BITMAP 34
RT_RCDATA 26
Number of PE resources by language
NEUTRAL 58
RUSSIAN 38
ENGLISH US 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2012:06:12 08:26:44+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
2654208

LinkerVersion
5.0

EntryPoint
0x1000

InitializedDataSize
140288

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 65ee9d8cb2acb1f95cda5f66f4591918
SHA1 61d164cff3667f9b2416e7c921ab8e99a00f2d4c
SHA256 9b8cb3a0ea90bf54ea5f46d34eed716de50885bf06639416d226f9eb7856c014
ssdeep
24576:JgyuqVT2C2AStTtbdaZZ6f04Th/0eiPyYpkbQcpeSSUPDb1baC65pzvGenYEn:JvN2C2AcZx66/SlVwo2PDbFPQppnYw

authentihash 583ee171852fd38976f4989eeb5a4ce72388715778c65ba53fe28a940b53b7c4
imphash a6b3d04f217de54fc436772ec1247949
File size 1.9 MB ( 1940992 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Windows screen saver (60.5%)
Win32 Executable (generic) (20.8%)
Generic Win/DOS Executable (9.2%)
DOS Executable Generic (9.2%)
VXD Driver (0.1%)
Tags
peexe asprotect aspack

VirusTotal metadata
First submission 2012-06-12 18:30:16 UTC ( 4 years, 6 months ago )
Last submission 2016-01-12 22:15:57 UTC ( 11 months ago )
File names 9b8cb3a0ea90bf54ea5f46d34eed716de50885bf06639416d226f9eb7856c014.vir
Protector-qtrx.exe
65ee9d8cb2acb1f95cda5f66f4591918
sample.exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
HTTP requests
DNS requests
TCP connections
UDP communications