× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: a3c5b0d088f5639496d122938804acebe63625673adbdcc1c33066578eedbd15
Detection ratio: 40 / 43
Analysis date: 2010-09-21 01:49:58 UTC ( 7 years, 11 months ago )
Antivirus Result Update
AhnLab-V3 Dropper/Win32.OnlineGameHack 20100920
AntiVir TR/Spy.Gen 20100920
Antiy-AVL Trojan/Win32.OnLineGames.gen 20100921
Authentium W32/OnlineGames.A.gen!GSA 20100921
Avast Win32:Lolyda-B 20100920
Avast5 Win32:Lolyda-B 20100920
AVG PSW.OnlineGames3.AQXU 20100921
BitDefender Trojan.Generic.4562828 20100921
CAT-QuickHeal Win32.PWS.Dozmot.D.3 20100920
ClamAV Trojan.Spy-73885 20100921
Comodo TrojWare.Win32.PSW.OnLineGames.~Bnjz 20100921
DrWeb Trojan.PWS.Gamania.27844 20100920
Emsisoft Trojan-GameThief.Win32.WOW!IK 20100920
eTrust-Vet Win32/Dozmot.E 20100921
F-Prot W32/OnlineGames.A.gen!GSA 20100920
F-Secure Trojan.Generic.4562828 20100921
Fortinet W32/Onlinegames.BNJZ!tr.pws 20100920
GData Trojan.Generic.4562828 20100921
Ikarus Trojan-GameThief.Win32.WOW 20100921
Jiangmin Trojan/PSW.OnLineGames.btvs 20100920
K7AntiVirus Riskware 20100920
Kaspersky Trojan-GameThief.Win32.OnLineGames.bnjz 20100921
McAfee Artemis!CEED3A7D61AC 20100921
McAfee-GW-Edition Artemis!CEED3A7D61AC 20100921
Microsoft PWS:Win32/Dozmot.D 20100920
NOD32 a variant of Win32/TrojanDropper.Agent.ORH 20100920
Norman W32/Suspicious_Gen2.DAMHH 20100920
nProtect Trojan-PWS/W32.WebGame.18984.CZ 20100920
Panda Trj/CI.A 20100920
PCTools Trojan-PSW.Gampass 20100921
Rising Trojan.PSW.Win32.GameOL.tje 20100920
Sophos AV Troj/PWS-BLG 20100921
Sunbelt BehavesLike.Win32.Malware.dah (mx-v) 20100921
SUPERAntiSpyware Trojan.Downloader-Gen/Suspicious 20100921
Symantec Infostealer.Gampass 20100921
TheHacker Trojan/OnLineGames.bnjz 20100920
TrendMicro TSPY_LOLYDA.SMF 20100920
TrendMicro-HouseCall TSPY_LOLYDA.SMF 20100921
VBA32 TrojanGameThief.OnLineGames.bnjz 20100920
VirusBuster Trojan.PWS.OnLineGames.CIWH 20100920
eSafe 20100920
Prevx 20100921
ViRobot 20100920
The file being studied is a Portable Executable file! More specifically, it is a unknown file.
Packers identified
PEiD Crypto-Lock v2.02 (Eng) -> Ryan Thian
PE header basic information
Number of sections 3
PE sections
PE imports
RegEnumKeyA
LoadLibraryA
GetProcAddress
VirtualProtect
VirtualAlloc
VirtualFree
ExitProcess
memmove
wsprintfA
File identification
MD5 ceed3a7d61ac160a9c085686eb5f8342
SHA1 ab2a188fc959ec6aef22168d4243649ec16123fc
SHA256 a3c5b0d088f5639496d122938804acebe63625673adbdcc1c33066578eedbd15
ssdeep
384:y/l7E4+Sz8aTp5a5uGWTn1idEUiCfoYxWsZTTMP9FHmrPWMYsxCz:ya4bz8aTp5a5CUEUXcyQzHMiV

File size 18.5 KB ( 18984 bytes )
File type unknown
Magic literal

TrID UPX compressed Win32 Executable (39.5%)
Win32 EXE Yoda's Crypter (34.3%)
Win32 Executable Generic (11.0%)
Win32 Dynamic Link Library (generic) (9.8%)
Generic Win/DOS Executable (2.5%)
VirusTotal metadata
First submission 2010-09-21 01:49:58 UTC ( 7 years, 11 months ago )
Last submission 2010-09-21 01:49:58 UTC ( 7 years, 11 months ago )
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!