× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 9f96e424ceb6d81054bb226d8393e7e7f292d436761dde73aae849b0d31efcdc
Detection ratio: 17 / 42
Analysis date: 2011-02-09 05:05:05 UTC ( 7 years, 11 months ago )
Antivirus Result Update
AntiVir DR/PcClient.eefn.27 20110208
Avast Win32:SpyBot-GFX 20110208
Avast5 Win32:SpyBot-GFX 20110208
AVG Dropper.Generic_c.JCP 20110209
Emsisoft Trojan-Dropper.SuspectCRC!IK 20110209
eTrust-Vet Win32/Susp.BHOPlugin_i 20110208
GData Win32:SpyBot-GFX 20110209
Ikarus Trojan-Dropper.SuspectCRC 20110209
Kaspersky Backdoor.Win32.PcClient.eefn 20110209
Norman W32/Delf.C!genr 20110208
nProtect Backdoor/W32.PcClient.1003704 20110202
Panda Trj/CI.AU 20110208
Prevx Medium Risk Malware 20110209
SUPERAntiSpyware Rogue.Installer[Partner] 20110209
Symantec WS.Reputation.1 20110209
VIPRE Trojan.Win32.Generic!BT 20110209
ViRobot Backdoor.Win32.S.PcClient.1003704.O 20110209
AhnLab-V3 20110206
Antiy-AVL 20110128
BitDefender 20110209
CAT-QuickHeal 20110209
ClamAV 20110209
Commtouch 20110209
DrWeb 20110209
eSafe 20110208
F-Prot 20110204
F-Secure 20110209
Fortinet 20110208
Jiangmin 20110208
K7AntiVirus 20110208
McAfee 20110209
McAfee-GW-Edition 20110208
Microsoft 20110208
NOD32 20110208
PCTools 20110208
Rising 20110209
Sophos AV 20110209
TheHacker 20110208
TrendMicro 20110209
TrendMicro-HouseCall 20110209
VBA32 20110208
VirusBuster 20110208
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file.
PE header basic information
Number of sections 4
PE sections
PE imports
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegCloseKey
RegCreateKeyExA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
SetFileSecurityA
SetFileSecurityW
1 more function(s) imported by ordinal)
CommDlgExtendedError
GetOpenFileNameA
GetSaveFileNameA
DeleteObject
CloseHandle
CompareStringA
CreateDirectoryA
CreateDirectoryW
CreateFileA
CreateFileW
DeleteFileA
DeleteFileW
DosDateTimeToFileTime
ExitProcess
ExpandEnvironmentStringsA
FileTimeToLocalFileTime
FileTimeToSystemTime
FindClose
FindFirstFileA
FindFirstFileW
FindNextFileA
FindNextFileW
FindResourceA
FreeLibrary
GetCPInfo
GetCommandLineA
GetCurrentDirectoryA
GetCurrentProcess
GetDateFormatA
GetFileAttributesA
GetFileAttributesW
GetFileType
GetFullPathNameA
GetLastError
GetLocaleInfoA
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
GetNumberFormatA
GetProcAddress
GetProcessHeap
GetStdHandle
GetSystemTime
GetTempPathA
GetTickCount
GetTimeFormatA
GetVersionExA
GlobalAlloc
HeapAlloc
HeapFree
HeapReAlloc
IsDBCSLeadByte
LoadLibraryA
LocalFileTimeToFileTime
MoveFileA
MoveFileExA
MultiByteToWideChar
ReadFile
SetCurrentDirectoryA
SetEndOfFile
SetEnvironmentVariableA
SetFileAttributesA
SetFileAttributesW
SetFilePointer
SetFileTime
SetLastError
Sleep
SystemTimeToFileTime
WaitForSingleObject
WideCharToMultiByte
WriteFile
lstrcmpiA
lstrlenA
CLSIDFromString
CoCreateInstance
CreateStreamOnHGlobal
OleInitialize
OleUninitialize
SHBrowseForFolderA
SHChangeNotify
SHFileOperationA
SHGetFileInfoA
SHGetMalloc
SHGetSpecialFolderLocation
ShellExecuteExA
SHGetPathFromIDListA
CharToOemA
CharToOemBuffA
CharUpperA
CopyRect
CreateWindowExA
DefWindowProcA
DestroyIcon
DestroyWindow
DialogBoxParamA
DispatchMessageA
EnableWindow
EndDialog
FindWindowExA
GetClassNameA
GetClientRect
GetDlgItem
GetDlgItemTextA
GetMessageA
GetParent
GetSysColor
GetSystemMetrics
GetWindow
GetWindowLongA
GetWindowRect
GetWindowTextA
IsWindow
IsWindowVisible
LoadBitmapA
LoadCursorA
LoadIconA
LoadStringA
MapWindowPoints
MessageBoxA
OemToCharA
OemToCharBuffA
PeekMessageA
PostMessageA
RegisterClassExA
SendDlgItemMessageA
SendMessageA
SetDlgItemTextA
SetFocus
SetMenu
SetWindowLongA
SetWindowPos
SetWindowTextA
ShowWindow
TranslateMessage
UpdateWindow
WaitForInputIdle
wsprintfA
wvsprintfA
File identification
MD5 e137932dcd50b02cf5d19822e100d22d
SHA1 49a1299cc87105922cd97a35708db9f6a42632e7
SHA256 9f96e424ceb6d81054bb226d8393e7e7f292d436761dde73aae849b0d31efcdc
ssdeep
24576:iI7v7uBGfIvG8nu9FniqXTUuOETqa0jEL0u:iIr7vwvyHniqTyS50QLf

File size 980.2 KB ( 1003704 bytes )
File type Win32 EXE
Magic literal

TrID WinRAR Self Extracting archive (95.7%)
Win32 Executable Generic (1.5%)
Win32 Dynamic Link Library (generic) (1.4%)
Win32 Executable Watcom C++ (generic) (0.4%)
Generic Win/DOS Executable (0.3%)
VirusTotal metadata
First submission 2010-04-30 12:37:59 UTC ( 8 years, 8 months ago )
Last submission 2011-02-09 05:05:05 UTC ( 7 years, 11 months ago )
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!