× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: a7e62a16c47fede2772d4f4bf980cdb58b5d110887e001ab632d7f40159dfa13
File name: 160768_c497b4d6dfadd4609918282cf91c6f4e.exe
Detection ratio: 1 / 41
Analysis date: 2012-08-02 18:48:21 UTC ( 4 years, 9 months ago ) View latest
Antivirus Result Update
Kaspersky UDS:DangerousObject.Multi.Generic 20120802
AhnLab-V3 20120802
AntiVir 20120802
Antiy-AVL 20120802
Avast 20120802
AVG 20120802
BitDefender 20120802
ByteHero 20120801
CAT-QuickHeal 20120802
ClamAV 20120802
Commtouch 20120802
Comodo 20120802
DrWeb 20120802
Emsisoft 20120802
eSafe 20120802
ESET-NOD32 20120802
F-Prot 20120802
F-Secure 20120802
Fortinet 20120802
GData 20120802
Ikarus 20120802
Jiangmin 20120802
K7AntiVirus 20120802
McAfee 20120802
McAfee-GW-Edition 20120802
Microsoft 20120802
Norman 20120802
nProtect 20120802
Panda 20120802
Rising 20120802
Sophos 20120802
SUPERAntiSpyware 20120802
Symantec 20120802
TheHacker 20120801
TotalDefense 20120802
TrendMicro 20120802
TrendMicro-HouseCall 20120802
VBA32 20120802
VIPRE 20120802
ViRobot 20120802
VirusBuster 20120802
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
F-PROT UPX
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1992-06-19 22:22:17
Entry Point 0x000547D0
Number of sections 3
PE sections
PE imports
ChooseColorA
VirtualFree
ExitProcess
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
RegCloseKey
PatBlt
VariantCopy
VerQueryValueA
Number of PE resources by type
RT_STRING 8
RT_RCDATA 2
Number of PE resources by language
NEUTRAL 10
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
1992:06:19 23:22:17+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
159744

LinkerVersion
2.25

EntryPoint
0x547d0

InitializedDataSize
4096

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
184320

File identification
MD5 c497b4d6dfadd4609918282cf91c6f4e
SHA1 d186e8ebb104ba0d64ad6052107420debef3da00
SHA256 a7e62a16c47fede2772d4f4bf980cdb58b5d110887e001ab632d7f40159dfa13
ssdeep
3072:L6Y2AkmGWKSKtN7z9QrCnwtXEjgM9vFppgD3nTfn/vH/Wpx6uL2t:L2zmGWD6H9QrCnG2Nzpwjn/veZS

authentihash 71946782e24f4b6bc6c1f1fdfdae2077e643f351b69633166e650d7d9cbd67f4
imphash e6d2cab8b34d9ae803ae887a9cfa5efd
File size 157.0 KB ( 160768 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID UPX compressed Win32 Executable (41.1%)
Win32 EXE Yoda's Crypter (35.7%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Win16/32 Executable Delphi generic (2.7%)
Tags
peexe upx

VirusTotal metadata
First submission 2012-08-02 13:24:52 UTC ( 4 years, 9 months ago )
Last submission 2016-12-05 10:56:41 UTC ( 4 months, 3 weeks ago )
File names Packing_Virus.Win32.Trojan.AutoRun.Spy.Banker.R.exe
about.exe
d186e8ebb104ba0d64ad6052107420debef3da00.exe
w.php
readme.exe
160768_c497b4d6dfadd4609918282cf91c6f4e.exe
1344018262.contacts.exe
c497b4d6dfadd4609918282cf91c6f4e
KB00385258.exe
file
Virus.Win32.Trojan.AutoRun.Spy.Banker.R.exe
C497B4D6DFADD4609918282CF91C6F4E_100-about.exe
contacts.exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Created processes
Code injections in the following processes
Opened mutexes
Runtime DLLs