× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: a3a1396e3b9c991065788661482182654b930bdc22f651311380c6c3436da1ba
File name: temp.exe
Detection ratio: 48 / 57
Analysis date: 2015-09-29 05:13:54 UTC ( 1 year, 10 months ago )
Antivirus Result Update
Ad-Aware Trojan.Inject.ANQ 20150929
Yandex Trojan.Inject!g9W3mbTmRpI 20150928
AhnLab-V3 Trojan/Win32.Inject 20150928
ALYac Trojan.Inject.ANQ 20150929
Antiy-AVL Trojan/Win32.Inject 20150929
Arcabit Trojan.Inject.ANQ 20150929
Avast Win32:Downloader-TFX [Trj] 20150929
AVG Generic33.KKB 20150929
Avira (no cloud) WORM/Mooo.lkja 20150929
AVware Trojan.Win32.Generic!BT 20150929
Baidu-International Trojan.Win32.Agent.42 20150928
BitDefender Trojan.Inject.ANQ 20150929
Bkav W32.Clod175.Trojan.6a06 20150928
ClamAV WIN.Trojan.Inject-6165 20150929
Comodo TrojWare.Win32.Injector.AHIB 20150929
Cyren W32/Trojan.DVBG-2506 20150929
DrWeb BackDoor.Comet.644 20150929
Emsisoft Trojan.Inject.ANQ (B) 20150929
ESET-NOD32 Win32/Injector.AGKL 20150929
F-Prot W32/Trojan3.FGP 20150929
F-Secure Trojan.Inject.ANQ 20150929
Fortinet W32/Zbot.FAU!tr 20150929
GData Trojan.Inject.ANQ 20150929
Ikarus Trojan.Injector 20150929
Jiangmin TrojanDropper.Injector.bhrt 20150927
K7AntiVirus Riskware ( 0040eff71 ) 20150928
K7GW Riskware ( 0040eff71 ) 20150929
Kaspersky Trojan.Win32.Inject.fnxl 20150929
Kingsoft Win32.Troj.Inject.fn.(kcloud) 20150929
Malwarebytes Backdoor.Bot 20150929
McAfee PWS-Zbot-FBAR!EEAAF60DC728 20150929
McAfee-GW-Edition BehavesLike.Win32.Ransom.cc 20150929
Microsoft VirTool:Win32/CeeInject.gen!JP 20150929
eScan Trojan.Inject.ANQ 20150929
NANO-Antivirus Trojan.Win32.Inject.crqtij 20150929
nProtect Trojan.Inject.ANQ 20150925
Panda Trj/Genetic.gen 20150928
Qihoo-360 HEUR/Malware.QVM06.Gen 20150929
Rising PE:Trojan.Injector!6.AE9[F1] 20150928
Sophos AV Troj/DelfInj-BJ 20150928
Symantec Trojan.Zbot!gen43 20150928
Tencent Win32.Trojan.Inject.Aoji 20150929
TotalDefense Win32/Tnega.ASBS 20150929
TrendMicro BKDR_DORKBOT.NF 20150929
TrendMicro-HouseCall BKDR_DORKBOT.NF 20150929
VIPRE Trojan.Win32.Generic!BT 20150929
ViRobot Trojan.Win32.StartPage.119111[h] 20150929
Zillya Dropper.Injector.Win32.55080 20150928
AegisLab 20150928
Alibaba 20150927
ByteHero 20150929
CAT-QuickHeal 20150928
CMC 20150928
SUPERAntiSpyware 20150929
TheHacker 20150929
VBA32 20150928
Zoner 20150929
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
rrFXyoZFKZ

Publisher jNDaCatbML
Product JMdyakMSbl
Original name temp.exe
Internal name temp.exe
File version 4.9.4.3
Description nxvhFPXiep
Comments iMpnTdTtJz
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-05-09 23:31:05
Entry Point 0x000019A3
Number of sections 5
PE sections
Overlays
MD5 b21836e622db673f77160baaf270b8c4
File type application/zip
Offset 55808
Size 81811
Entropy 7.84
PE imports
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetStdHandle
EnterCriticalSection
SetStdHandle
SetHandleCount
GetModuleFileNameW
GetConsoleCP
GetOEMCP
QueryPerformanceCounter
IsDebuggerPresent
HeapAlloc
TlsAlloc
GetEnvironmentStringsW
FlushFileBuffers
GetModuleFileNameA
RtlUnwind
GetACP
IsProcessorFeaturePresent
HeapSetInformation
GetCurrentProcess
GetConsoleMode
GetStringTypeW
GetCurrentProcessId
LCMapStringW
LockResource
WideCharToMultiByte
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
GetStartupInfoW
FreeEnvironmentStringsW
GetCPInfo
GetCommandLineA
GetProcAddress
EncodePointer
HeapSize
LeaveCriticalSection
SetFilePointer
SetEndOfFile
WriteConsoleW
CreateThread
LoadLibraryW
TlsFree
GetModuleHandleA
DeleteCriticalSection
ReadFile
SetUnhandledExceptionFilter
WriteFile
CloseHandle
GetSystemTimeAsFileTime
ExitThread
HeapReAlloc
DecodePointer
GetModuleHandleW
GetProcessHeap
TerminateProcess
IsValidCodePage
LoadResource
CreateFileW
TlsGetValue
Sleep
GetFileType
GetTickCount
TlsSetValue
ExitProcess
GetCurrentThreadId
FindResourceA
HeapCreate
SetLastError
InterlockedIncrement
Number of PE resources by type
IGAPBO 2
RT_VERSION 1
Number of PE resources by language
NEUTRAL 3
PE resources
ExifTool file metadata
CodeSize
36352

SubsystemVersion
5.1

Comments
iMpnTdTtJz

InitializedDataSize
18432

ImageVersion
0.0

ProductName
JMdyakMSbl

FileVersionNumber
4.9.4.3

UninitializedDataSize
0

LanguageCode
Neutral

FileFlagsMask
0x003f

CharacterSet
Unicode

LinkerVersion
10.0

FileTypeExtension
exe

OriginalFileName
temp.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
4.9.4.3

TimeStamp
2013:05:10 00:31:05+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
temp.exe

ProductVersion
4.9.4.3

FileDescription
nxvhFPXiep

OSVersion
5.1

FileOS
Win32

LegalCopyright
rrFXyoZFKZ

MachineType
Intel 386 or later, and compatibles

CompanyName
jNDaCatbML

LegalTrademarks
NZaRJyUuEE

FileSubtype
0

ProductVersionNumber
4.9.4.3

EntryPoint
0x19a3

ObjectFileType
Executable application

AssemblyVersion
0.0.0.0

File identification
MD5 eeaaf60dc72827ac229bc0c30af5e758
SHA1 181cca6a1db08c056bf7be8afbd89ebccb9eaf2c
SHA256 a3a1396e3b9c991065788661482182654b930bdc22f651311380c6c3436da1ba
ssdeep
1536:DpBbhwdMaAlVOJujZpv87ZjBPU2qEPFRoOa3WYpnaFbVOjnJQbQnB7zqP1aF2bEW:DpBmg54tjK2qEPL/ay3ONQSXqDExu5

authentihash 172877179d1b3efafdeb9c6381890bdba8c697038bedcfa7b93c51b4cdf0a5e5
imphash 7b8e39a4c53347769422cec110484116
File size 134.4 KB ( 137619 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe overlay

VirusTotal metadata
First submission 2013-05-11 13:36:03 UTC ( 4 years, 2 months ago )
Last submission 2015-09-29 05:13:54 UTC ( 1 year, 10 months ago )
File names temp.exe
eeaaf60dc72827ac229bc0c30af5e758
aa
file-5782373_exe
181cca6a1db08c056bf7be8afbd89ebccb9eaf2c
a3a1396e3b9c991065788661482182654b930bdc22f651311380c6c3436da1ba
eeaaf60dc72827ac229bc0c30af5e758
7081.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!