× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: a658b7ed5858b50b646627c1491952cdc2864500a001013e8112c705a65febaf
File name: kelihos
Detection ratio: 44 / 56
Analysis date: 2015-10-27 08:30:45 UTC ( 1 year, 4 months ago )
Antivirus Result Update
Ad-Aware Trojan.Zbot.IRH 20151027
Yandex Trojan.Injector!EJP9KdMoHTk 20151026
AhnLab-V3 Trojan/Win32.Inject 20151027
ALYac Trojan.Zbot.IRH 20151027
Antiy-AVL Trojan/Win32.TSGeneric 20151027
Arcabit Trojan.Zbot.IRH 20151027
Avast Win32:Malware-gen 20151027
AVG Zbot.AIDQ 20151027
Avira (no cloud) TR/Crypt.XPACK.Gen 20151027
AVware Trojan.Win32.Generic!BT 20151027
Baidu-International Trojan.Win32.Injector.CKFP 20151026
BitDefender Trojan.Zbot.IRH 20151027
CAT-QuickHeal TrojanDownloader.Waledac.r4 20151027
Comodo TrojWare.Win32.TrojanDownloader.Waledac.DW 20151027
Cyren W32/S-35700a9d!Eldorado 20151027
DrWeb Trojan.DownLoader17.6834 20151027
Emsisoft Trojan.Zbot.IRH (B) 20151027
ESET-NOD32 a variant of Win32/Injector.CKFP 20151027
F-Prot W32/S-35700a9d!Eldorado 20151027
F-Secure Trojan.Zbot.IRH 20151027
Fortinet W32/Injector.EBAF!tr 20151026
GData Trojan.Zbot.IRH 20151027
Ikarus Trojan.Win32.Injector 20151027
Jiangmin Trojan/Inject.ccpk 20151026
K7AntiVirus Trojan ( 004d3d491 ) 20151027
K7GW Trojan ( 004d3d491 ) 20151027
Kaspersky Trojan.Win32.Agent.igxa 20151027
McAfee Generic-FAWT!A324780E7D67 20151027
McAfee-GW-Edition Generic-FAWT!A324780E7D67 20151027
Microsoft TrojanDownloader:Win32/Waledac.AL 20151027
eScan Trojan.Zbot.IRH 20151027
NANO-Antivirus Trojan.Win32.DownLoader17.dxtyli 20151027
nProtect Trojan.Zbot.IRH 20151027
Panda Trj/Genetic.gen 20151026
Qihoo-360 HEUR/QVM20.1.Malware.Gen 20151027
Rising PE:Trojan.Win32.Generic.19228094!421691540 [F] 20151026
Symantec W32.Waledac 20151026
Tencent Win32.Trojan.Inject.Auto 20151027
TrendMicro TROJ_WALEDAC.WJL 20151027
TrendMicro-HouseCall TROJ_WALEDAC.WJL 20151027
VBA32 SScope.Malware-Cryptor.FCM.3913 20151026
VIPRE Trojan.Win32.Generic!BT 20151027
ViRobot Backdoor.Win32.S.Kelihos.102650[h] 20151027
Zillya Trojan.Agent.Win32.586629 20151026
AegisLab 20151026
Alibaba 20151027
Bkav 20151026
ByteHero 20151027
ClamAV 20151027
CMC 20151026
Malwarebytes 20151027
Sophos 20151030
SUPERAntiSpyware 20151027
TheHacker 20151026
TotalDefense 20151026
Zoner 20151027
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-06-17 07:36:37
Entry Point 0x00002162
Number of sections 4
PE sections
Overlays
MD5 ce6f53ef6dda66d3cdea4e3e7be135b4
File type data
Offset 95742
Size 6908
Entropy 7.54
Number of PE resources by type
RT_ICON 8
RT_DIALOG 2
RT_STRING 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
CHINESE SIMPLIFIED 12
GERMAN SWISS 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

FileFlagsMask
0x003f

MachineType
Intel 386 or later, and compatibles

FileOS
Win32

TimeStamp
2015:06:17 08:36:37+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
16785408

LinkerVersion
6.0

FileSubtype
0

ProductVersionNumber
1.0.0.1

FileTypeExtension
exe

InitializedDataSize
40960

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

FileVersionNumber
1.0.0.1

EntryPoint
0x2162

UninitializedDataSize
0

ObjectFileType
Executable application

File identification
MD5 a324780e7d679d9b16c92462dc58be1b
SHA1 dccfda3264bbb726da12657c187fb66f2ba3f67a
SHA256 a658b7ed5858b50b646627c1491952cdc2864500a001013e8112c705a65febaf
ssdeep
1536:2hf7UhQQjU8uj2/zwKjliRouGwBF4kN8JzhlaOcFmi:0zQ48uQw0limuGONUz5cIi

authentihash b6c98234693ad875f7c82bf17b09d2dedc6433ceff3a84cf8a4b2cabda4712df
File size 100.2 KB ( 102650 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
corrupt peexe overlay

VirusTotal metadata
First submission 2015-10-11 12:52:47 UTC ( 1 year, 5 months ago )
Last submission 2015-10-14 21:21:57 UTC ( 1 year, 5 months ago )
File names sample.kelihos.mmd
harsh02.exe
kelihos
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!