× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: a2fb6a8a699a326a272a828bb4f416d63f304a1193bb8408e911704c6ecf8679
File name: 005124238
Detection ratio: 50 / 56
Analysis date: 2015-07-27 16:53:05 UTC ( 1 month ago )
Antivirus Result Update
ALYac Trojan.FakeAlert.DFX 20150727
AVG Crypt.BPNO 20150727
AVware Trojan.Win32.Winwebsec.mda (v) 20150727
Ad-Aware Trojan.FakeAlert.DFX 20150727
Agnitum Trojan.PWS.Tepfer!gALFhy+pDSQ 20150727
AhnLab-V3 Trojan/Win32.Tepfer 20150727
Antiy-AVL Trojan[PSW]/Win32.Tepfer 20150727
Arcabit Trojan.FakeAlert.DFX 20150727
Avast Win32:LockScreen-SL [Trj] 20150727
Avira TR/Winwebsec.403456 20150727
Baidu-International Trojan.Win32.Katusha.FE 20150727
BitDefender Trojan.FakeAlert.DFX 20150727
CAT-QuickHeal Trojan.Urausy.C 20150727
Comodo TrojWare.Win32.Kryptik.AVZX 20150727
Cyren W32/Trojan.UNNU-1049 20150727
DrWeb Trojan.Packed.24465 20150727
ESET-NOD32 Win32/PSW.Fareit.A 20150727
Emsisoft Trojan.FakeAlert.DFX (B) 20150727
F-Prot W32/Trojan3.EWX 20150727
F-Secure Trojan.FakeAlert.DFX 20150727
Fortinet W32/Tepfer.A!tr.pws 20150727
GData Trojan.FakeAlert.DFX 20150727
Ikarus Trojan.Win32.FakeAlert 20150727
Jiangmin Trojan/PSW.Tepfer.bmkn 20150726
K7AntiVirus Trojan ( 0040f2c01 ) 20150727
K7GW Trojan ( 0040f2c01 ) 20150727
Kaspersky Trojan-PSW.Win32.Tepfer.gtsq 20150727
Malwarebytes Trojan.LameShield 20150727
McAfee BackDoor-FJW 20150727
McAfee-GW-Edition BehavesLike.Win32.Downloader.ch 20150726
MicroWorld-eScan Trojan.FakeAlert.DFX 20150727
Microsoft PWS:Win32/Fareit 20150727
NANO-Antivirus Trojan.Win32.Tepfer.bkpoqz 20150727
Panda Trj/OCJ.D 20150727
Qihoo-360 Win32/Trojan.e03 20150727
Rising PE:Trojan.Win32.Generic.1437BAAD!339196589 20150722
SUPERAntiSpyware Trojan.Agent/Gen-LockScreen 20150727
Sophos Troj/Zbot-ECS 20150727
Symantec W32.Qakbot 20150727
Tencent Win32.Trojan-qqpass.Qqrob.Swku 20150727
TheHacker Trojan/Kryptik.awec 20150723
TotalDefense Win32/Fareit.LM 20150727
TrendMicro TROJ_MOSERAN.BMC 20150727
TrendMicro-HouseCall TROJ_FAKEAV.SMCC 20150727
VBA32 OScope.Trojan.Hlux.01732 20150727
VIPRE Trojan.Win32.Winwebsec.mda (v) 20150727
ViRobot Trojan.Win32.S.PSW-Tepfer.137216.P[h] 20150727
Zillya Trojan.Tepfer.Win32.39871 20150727
Zoner Trojan.Fareit.A 20150727
nProtect Trojan-PWS/W32.Tepfer.137216 20150727
AegisLab 20150727
Alibaba 20150727
Bkav 20150727
ByteHero 20150727
ClamAV 20150727
Kingsoft 20150727
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-01-23 18:07:22
Link date 7:07 PM 1/23/2013
Entry Point 0x00001174
Number of sections 4
PE sections
PE imports
RegCloseKey
??1CIniW@@QAE@XZ
??_FCIniW@@QAEXXZ
??_FCIniA@@QAEXXZ
??1CIniA@@QAE@XZ
EnterCriticalSection
lstrlenA
GlobalFree
GetEnvironmentStringsW
GetTickCount
VirtualProtect
LoadLibraryA
RemoveDirectoryA
GetStartupInfoA
GetFileSize
CreateDirectoryA
DeleteFileA
CreateDirectoryW
GetCommandLineA
OpenMutexA
CloseHandle
GetModuleFileNameA
TlsGetValue
Sleep
SetLastError
ReadConsoleW
CreateFileA
OpenSemaphoreW
WriteConsoleW
SetFocus
DrawTextA
IsWindow
GetWindowLongA
DispatchMessageA
FindWindowW
CallWindowProcA
PeekMessageA
DestroyMenu
IsWindowEnabled
GetClassInfoA
GetSysColor
Number of PE resources by type
RT_ICON 1
Number of PE resources by language
RUSSIAN 1
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2013:01:23 19:07:22+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
5120

LinkerVersion
12.0

EntryPoint
0x1174

InitializedDataSize
131072

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
0

File identification
MD5 5f0084494777bc4f76f6919e284c6aa9
SHA1 a810eed6460bf09bd3c56a57e862dedc89bec20f
SHA256 a2fb6a8a699a326a272a828bb4f416d63f304a1193bb8408e911704c6ecf8679
ssdeep
1536:aFxWRD3K6W9744UlXPvYwZ0YPmSOYGfkmM4L8JnjtnfdtMiCZ6/35to0+50FAjm:anj7CPvGtLkmMzR1tM3GJt/+50F

authentihash 64b4120cc90edc451cc12629626f73fa5120901a09c9ff4ea8115bbd1355c1f8
imphash 897221df38be70226bb5d9452ec5b523
File size 134.0 KB ( 137216 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Generic Win/DOS Executable (49.9%)
DOS Executable Generic (49.8%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)
Tags
peexe

VirusTotal metadata
First submission 2013-03-06 19:45:13 UTC ( 2 years, 5 months ago )
Last submission 2015-06-12 10:23:26 UTC ( 2 months, 3 weeks ago )
File names Scan0{DIGIT[3]}.exe
5f0084494777bc4f76f6919e284c6aa9
005124238
possible-virus.exe
5f0084494777bc4f76f6919e284c6aa9.exe
file-5227478_exe
5f0084494777bc4f76f6919e284c6aa9
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!