× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 9d3ddb1eeba08704e844e916b13e7a862ca12a12b22bb12ac14bb6ef4f04e032
File name: 1689.exe
Detection ratio: 45 / 48
Analysis date: 2014-01-16 12:23:54 UTC ( 3 months ago )
Antivirus Result Update
AVG Agent3.CEJL 20140116
Ad-Aware Trojan.Agent.AWGS 20140116
Agnitum Worm.AutoRun!gQBuVWIa8M8 20140115
AntiVir TR/Crypt.XPACK.Gen 20140116
Avast Win32:Cridex-E [Wrm] 20140116
Baidu-International Trojan.Win32.Agent.aDmk 20131213
BitDefender Trojan.Agent.AWGS 20140116
Bkav W32.Bakecom.Trojan 20140116
CAT-QuickHeal Worm.Cridex 20140116
CMC Trojan.Win32.Agent!O 20140115
ClamAV WIN.Trojan.Agent-49162 20140116
Commtouch W32/Agent.CC.gen!Eldorado 20140116
Comodo UnclassifiedMalware 20140116
DrWeb Trojan.Necurs.20 20140116
ESET-NOD32 Win32/AutoRun.Spy.Banker.M 20140116
Emsisoft Trojan.Win32.Cridex (A) 20140116
F-Prot W32/Agent.CC.gen!Eldorado 20140116
F-Secure Trojan.Agent.AWGS 20140116
Fortinet W32/Cidex.QT!tr 20140116
GData Trojan.Agent.AWGS 20140116
Ikarus Worm.Win32.Cridex 20140116
Jiangmin Trojan/Generic.uznp 20140116
K7AntiVirus Trojan ( 003ea65c1 ) 20140115
K7GW Trojan ( 003ea65c1 ) 20140115
Kaspersky Trojan.Win32.Agent.ubqy 20140116
Kingsoft Win32.Troj.Undef.(kcloud) 20130829
Malwarebytes Trojan.Agent 20140116
McAfee PWS-Zbot 20140116
McAfee-GW-Edition PWS-Zbot 20140116
MicroWorld-eScan Trojan.Agent.AWGS 20140116
Microsoft Worm:Win32/Cridex.B 20140116
NANO-Antivirus Trojan.Win32.Necurs.bbuime 20140116
Norman Troj_Generic.CPCBP 20140116
Panda Generic Trojan 20140116
SUPERAntiSpyware Trojan.Agent/Gen-AutoRun 20140116
Sophos Mal/Bredo-S 20140116
Symantec Trojan.Gen 20140116
TheHacker Trojan/AutoRun.Spy.Banker.m 20140115
TotalDefense Win32/Cridex.CS 20140116
TrendMicro WORM_CRIDEX.C 20140116
TrendMicro-HouseCall WORM_CRIDEX.C 20140116
VBA32 Trojan.Agent 20140115
VIPRE Trojan.Win32.Generic!BT 20140116
ViRobot Trojan.Win32.Agent.64512.AQ 20140116
nProtect Trojan/W32.Agent.64512.WF 20140116
Antiy-AVL 20140116
ByteHero 20140114
Rising 20140116
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-02-27 23:56:08
Link date 12:56 AM 2/28/2012
Entry Point 0x00003370
Number of sections 4
PE sections
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2012:02:28 00:56:08+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
48128

LinkerVersion
8.0

EntryPoint
0x3370

InitializedDataSize
80384

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 76b2a3832ce39f81887fc3375af60fc5
SHA1 ad72776daa1cebffd3c52c4e6920c441cbe8a6f5
SHA256 9d3ddb1eeba08704e844e916b13e7a862ca12a12b22bb12ac14bb6ef4f04e032
ssdeep
1536:r79NzmMKOsruEhjlsCuLp21sW2VzetvIqi:7KOw1l2U92petxi

File size 63.0 KB ( 64512 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable (generic) (52.9%)
Generic Win/DOS Executable (23.5%)
DOS Executable Generic (23.4%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe

VirusTotal metadata
First submission 2012-06-27 17:43:20 UTC ( 1 year, 9 months ago )
Last submission 2013-09-21 17:34:56 UTC ( 6 months, 4 weeks ago )
File names KB00933303.exe
76b2a3832ce39f81887fc3375af60fc5
9d3ddb1eeba08704e844e916b13e7a862ca12a12b22bb12ac14bb6ef4f04e032
KB00714509.exe
sample_ad72776daa1cebffd3c52c4e6920c441cbe8a6f5
output.1774585.txt
output.1737918.txt
1689.exe
1689.exe
1774585
1737918
1689.exe
76b2a3832ce39f81887fc3375af60fc5.exe
76B2A3832CE39F81887FC3375AF60FC5.bin
1689.exe-LvmKz8
KB00149503.exe
KB00544284.exe
9d3ddb1eeba08704e844e916b13e7a862ca12a12b22bb12ac14bb6ef4f04e032.bin
1689.exe
file-4187700_exe
76B2A3832CE39F81887FC3375AF60FC5.EXE
test.txt
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!