× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 9fa55f610b2ccddacc27491101fd09aaf5ced8f9ec22ea0c34f04629798fdd7f
File name: x2z8.exe
Detection ratio: 6 / 42
Analysis date: 2012-07-13 07:31:12 UTC ( 6 years, 9 months ago ) View latest
Antivirus Result Update
AntiVir TR/Ransom.Mbro.3 20120712
Comodo TrojWare.Win32.Trojan.Agent.Gen 20120713
DrWeb Trojan.MBRlock.30 20120713
Fortinet W32/Zbot.CGZF!tr 20120713
Kaspersky Trojan-Ransom.Win32.Mbro.nls 20120713
NOD32 a variant of Win32/Kryptik.AEUJ 20120712
AhnLab-V3 20120712
Antiy-AVL 20120712
Avast 20120713
AVG 20120712
BitDefender 20120713
ByteHero 20120613
CAT-QuickHeal 20120713
ClamAV 20120713
Commtouch 20120713
Emsisoft 20120713
eSafe 20120712
F-Prot 20120713
F-Secure 20120713
GData 20120713
Ikarus 20120713
Jiangmin 20120713
K7AntiVirus 20120712
McAfee 20120712
McAfee-GW-Edition 20120712
Microsoft 20120713
Norman 20120712
nProtect 20120713
Panda 20120712
PCTools 20120713
Rising 20120713
Sophos AV 20120713
SUPERAntiSpyware 20120713
Symantec 20120713
TheHacker 20120711
TotalDefense 20120712
TrendMicro 20120713
TrendMicro-HouseCall 20120713
VBA32 20120712
VIPRE 20120713
ViRobot 20120713
VirusBuster 20120712
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2009-03-05 18:01:32
Entry Point 0x0000103B
Number of sections 4
PE sections
PE imports
DhcpAcquireParametersByBroadcast
DeleteCriticalSection
GetCurrentProcess
TerminateProcess
TlsAlloc
EnterCriticalSection
SetUnhandledExceptionFilter
TlsFree
InitializeCriticalSection
GetCurrentProcessId
QueryPerformanceCounter
UnhandledExceptionFilter
GetTickCount
GetSystemTimeAsFileTime
TlsSetValue
Sleep
GetCurrentThreadId
LoadLibraryA
VirtualAlloc
GetProcAddress
LeaveCriticalSection
strncmp
malloc
_HUGE
sscanf
setlocale
realloc
fread
fclose
_finite
fprintf
strtoul
fflush
fopen
_except_handler3
clearerr
_errno
strtod
fwrite
fseek
fsetpos
ftell
exit
sprintf
strtol
_adjust_fdiv
gmtime
free
getenv
calloc
setbuf
fgetpos
_initterm
_Getdays
strstr
memmove
floor
time
strtok
_chsize
isxdigit
_iob
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2009:03:05 19:01:32+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
66048

LinkerVersion
7.1

FileTypeExtension
exe

InitializedDataSize
3584

SubsystemVersion
4.0

EntryPoint
0x103b

OSVersion
4.0

ImageVersion
0.0

UninitializedDataSize
65536

File identification
MD5 9a7ff0dbf3db72b91f00cfb189234f0c
SHA1 165296f69b043c0e9c1b54d3c7d27f35bae5a5f0
SHA256 9fa55f610b2ccddacc27491101fd09aaf5ced8f9ec22ea0c34f04629798fdd7f
ssdeep
384:5RmhGemDWP+p5QB6CO/hxu6X3DibkjWhNScCHFnotWCs:5gkeRUCO/hw6X3D2MwZCNWWC

authentihash 8b929336ff8283f78630a7904898a2d6ead83e60a0e52288c23285c9bb3ab985
imphash 56e3770909d4e422cb47db26b7293362
File size 21.0 KB ( 21504 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win16/32 Executable Delphi generic (34.1%)
Generic Win/DOS Executable (32.9%)
DOS Executable Generic (32.9%)
Tags
peexe

VirusTotal metadata
First submission 2012-07-12 16:50:11 UTC ( 6 years, 9 months ago )
Last submission 2016-01-23 17:41:53 UTC ( 3 years, 2 months ago )
File names aa
9a7ff0dbf3db72b91f00cfb189234f0c.exe
UpI30PT.tif
9a7ff0dbf3db72b91f00cfb189234f0c
x2z8.exe
9fa55f610b2ccddacc27491101fd09aaf5ced8f9ec22ea0c34f04629798fdd7f.vir
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Deleted files
Created processes
Runtime DLLs