× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 9d276c2a96b8f04e3bd0dd3d316d170df58bc3f11692903e4de69df20f48a610
File name: unp_02e186f129f833c609b98433a1fa54e3
Detection ratio: 18 / 43
Analysis date: 2011-10-07 10:22:35 UTC ( 2 years, 6 months ago )
Antivirus Result Update
AVG SHeur3.BSBM 20111007
AhnLab-V3 Trojan/Win32.Zbot 20111007
AntiVir TR/Crypt.XPACK.Gen 20111007
BitDefender Trojan.Generic.5761339 20111007
ByteHero Trojan.Win32.Heur.Gen 20110923
Comodo Packed.Win32.MUPX.Gen 20111007
DrWeb Trojan.Packed.194 20111007
F-Secure Trojan.Generic.5761339 20111007
GData Trojan.Generic.5761339 20111007
Jiangmin Trojan/Generic.idfv 20111006
Kaspersky HEUR:Trojan.Win32.Generic 20111007
McAfee W32/Pinkslipbot.gen.am 20111007
McAfee-GW-Edition W32/Pinkslipbot.gen.am 20111007
Microsoft Trojan:Win32/Rimecud.A 20111007
NOD32 a variant of Win32/Kryptik.LWI 20111007
Norman W32/Kryptik.VG 20111007
Panda Suspicious file 20111006
VIPRE Trojan.Win32.Kryptik.mcf (v) 20111007
Antiy-AVL 20111007
Avast 20111007
CAT-QuickHeal 20111007
ClamAV 20111007
Commtouch 20111007
Emsisoft 20111007
F-Prot 20111006
Fortinet 20111007
Ikarus 20111007
K7AntiVirus 20111006
PCTools 20111007
Prevx 20111007
Rising 20110930
SUPERAntiSpyware 20111007
Sophos 20111007
Symantec 20111007
TheHacker 20111006
TrendMicro 20111007
TrendMicro-HouseCall 20111007
VBA32 20111007
ViRobot 20111007
VirusBuster 20111006
eSafe 20111006
eTrust-Vet 20111007
nProtect 20111007
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file.
Authenticode signature block
Copyright
Copyright (c) Qvsmpcekfc Jivgm 2000-2010

Publisher Qvsmpcekfc Jivgm
Product Qvsmpcekfc Irmlngfdn Lqyyxonuaw
Original name Qvsmpcekfc.exe
Internal name Qvsmpcekfc
File version 72, 93, 36, 110
Description Qvsmpcekfc Irmlngfdn Lqyyxonuaw
PE header basic information
Number of sections 3
PE sections
PE imports
GetProcAddress
SetThreadPriority
GetTempPathW
GetCurrentDirectoryW
MultiByteToWideChar
GetLastError
GetVersionExW
GetModuleHandleA
FlushFileBuffers
DeleteFileW
GetSystemDirectoryW
CloseHandle
SetFileAttributesW
SetEndOfFile
CreateFileMappingW
GetModuleFileNameW
WriteFile
GetSystemDefaultLCID
GetModuleHandleW
GetTickCount
LoadLibraryW
SetLastError
GetCurrentThreadId
GetComputerNameW
GetFileSize
GetWindowsDirectoryW
GetCurrentProcess
UnmapViewOfFile
CreateFileW
GetCurrentProcessId
GetComputerNameExW
MoveFileExW
ExitProcess
GetACP
SetFilePointer
CompareStringW
ReadFile
WideCharToMultiByte
GetFileAttributesW
FreeLibrary
LoadLibraryA
ProcessIdToSessionId
LocalAlloc
SetDCPenColor
CreateRectRgnIndirect
GetDIBits
ExcludeClipRect
StretchBlt
SetTextJustification
GetDIBColorTable
GetPixel
SetTextColor
CreatePen
LineTo
AddFontResourceExW
DPtoLP
GetDeviceCaps
SetBkMode
SetBkColor
CreateBrushIndirect
GetStockObject
CreateCompatibleDC
CreateSolidBrush
GetObjectW
MoveToEx
TextOutW
CreateBitmap
RealizePalette
Polygon
SelectObject
CreatePalette
CreatePolygonRgn
GetTextMetricsW
BitBlt
ExtTextOutW
CreateDIBSection
GdiFlush
RemoveFontResourceExW
Ellipse
GetObjectType
GetTextExtentPoint32W
DeleteDC
RoundRect
CreateCompatibleBitmap
DeleteObject
CreateFontIndirectW
Rectangle
DllInitialize
TranslateMessage
EndDeferWindowPos
RegisterClassExW
RemovePropW
SetPropW
InflateRect
IsMenu
GetPropW
GetWindowThreadProcessId
DrawIconEx
DispatchMessageW
GetTopWindow
DeferWindowPos
GetMessageW
GetSysColorBrush
BeginDeferWindowPos
IsWindowEnabled
AnimateWindow
FrameRect
GetIconInfo
SetWindowRgn
GetDlgCtrlID
GetMenuItemInfoW
File identification
MD5 f4fe0d82554a82d80c08169fe96b8fcd
SHA1 ca246148ab539f8b4656996b27df34b1748e7373
SHA256 9d276c2a96b8f04e3bd0dd3d316d170df58bc3f11692903e4de69df20f48a610
ssdeep
3072:QuaYf23QPWC1wOT8n90GC9rBb9vN97cHhQDWH33tSr98T93x:FamdPWCSOYn90l9xx7cB73P

File size 5.5 MB ( 5722112 bytes )
File type Win32 EXE
Magic literal

TrID UPX compressed Win32 Executable (39.5%)
Win32 EXE Yoda's Crypter (34.3%)
Win32 Executable Generic (11.0%)
Win32 Dynamic Link Library (generic) (9.8%)
Generic Win/DOS Executable (2.5%)
VirusTotal metadata
First submission 2011-10-07 10:22:35 UTC ( 2 years, 6 months ago )
Last submission 2011-10-07 10:22:35 UTC ( 2 years, 6 months ago )
File names unp_02e186f129f833c609b98433a1fa54e3
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!