× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: a83df1ceae13952776087bba4308598f05f4a6c11a3bbb546e51d7074cfa098f
File name: smona131284134437529543689
Detection ratio: 25 / 43
Analysis date: 2011-08-08 22:10:29 UTC ( 2 years, 8 months ago ) View latest
Antivirus Result Update
AVG Downloader.Generic9.BACE 20110808
AhnLab-V3 Win-Trojan/Agent.57344.WS 20110808
AntiVir TR/Agent.57344.CG 20110808
Antiy-AVL Trojan/win32.agent.gen 20110808
CAT-QuickHeal (Suspicious) - DNAScan 20110808
Emsisoft Riskware.Keygen.InternetDownloadManager!IK 20110808
Ikarus not-a-virus.Keygen.InternetDownloadManager 20110808
Jiangmin Trojan/Keygen.n 20110808
K7AntiVirus Trojan 20110802
McAfee Generic.dx!tqk 20110808
McAfee-GW-Edition Generic.dx!tqk 20110808
Microsoft HackTool:Win32/Keygen 20110808
NOD32 a variant of Win32/Keygen.AS 20110808
Norman W32/Suspicious_Gen.BAUO 20110808
PCTools Trojan.Gen 20110808
Rising Trojan.Win32.Generic.1232E12C 20110808
Sophos Mal/Generic-L 20110808
Symantec Trojan.Gen.2 20110809
TrendMicro CRCK_KEYGEN 20110808
TrendMicro-HouseCall CRCK_KEYGEN 20110808
VIPRE Trojan.Keygen.GJ (fs) 20110808
VirusBuster Backdoor.Agent!zbDOMFD4Q2w 20110808
eSafe Win32.MassDown 20110808
eTrust-Vet Win32/Tnega.WKX 20110808
nProtect Trojan/W32.Agent.57344.ABM 20110808
Avast 20110808
Avast5 20110808
BitDefender 20110808
ClamAV 20110808
Commtouch 20110808
Comodo 20110808
DrWeb 20110808
F-Prot 20110808
F-Secure 20110808
Fortinet 20110808
GData 20110808
Kaspersky 20110808
Panda 20110808
Prevx 20110809
SUPERAntiSpyware 20110808
TheHacker 20110807
VBA32 20110808
ViRobot 20110808
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
F-PROT UPX
PEiD UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1992-06-19 22:22:17
Link date 11:22 PM 6/19/1992
Entry Point 0x0005A890
Number of sections 3
PE sections
PE imports
VirtualFree
ExitProcess
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
RegCloseKey
InitCommonControls
SetBkMode
SysFreeString
SetFocus
waveOutOpen
Number of PE resources by type
RT_STRING 5
RT_DIALOG 2
RT_RCDATA 2
RT_ICON 2
RT_BITMAP 2
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 14
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
1992:06:19 23:22:17+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
53248

LinkerVersion
2.25

FileAccessDate
2014:04:20 18:38:42+01:00

EntryPoint
0x5a890

InitializedDataSize
4096

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

FileCreateDate
2014:04:20 18:38:42+01:00

UninitializedDataSize
315392

PE resource-wise parents
Compressed bundles
File identification
MD5 dde8f7926ed11f0b11f616b7fb11ebaa
SHA1 521fd521c360a8d83bdb68884175ea48999581a2
SHA256 a83df1ceae13952776087bba4308598f05f4a6c11a3bbb546e51d7074cfa098f
ssdeep
768:9yg8Oazj1sWXmt2oYNURAuie0yD6jTM6NWdZl9sSZcUuEnMM6NqTtQ1XG:9yLzrXmt2oYv9z8z9sGRuEMqWX

imphash a30aa46a9a50d061d8dc24495aa3c01a
File size 56.0 KB ( 57344 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 EXE Yoda's Crypter (60.7%)
Win32 Dynamic Link Library (generic) (15.0%)
Win32 Executable (generic) (10.3%)
Win16/32 Executable Delphi generic (4.7%)
Generic Win/DOS Executable (4.5%)
Tags
peexe upx

VirusTotal metadata
First submission 2008-12-03 10:18:01 UTC ( 5 years, 4 months ago )
Last submission 2014-04-20 17:38:14 UTC ( 8 hours, 21 minutes ago )
File names vt-upload-CgjJC
output.1844380.txt
Keygen for IDM.exe
Patch7.exe
521fd521c360a8d83bdb68884175ea48999581a2
Keygen.exe
Mp3.exe
2.EXE
Keygen.exe
idm.exe
0.exe
KEYGEN.EXE
2 Keygen.exe
vt-upload-E6rnO
Keygen.ex1
Joygame E-Pin GeneratöR.exe
Keygen.exe
1844380
msn.exe
K.exe
Keygen.exe
1.exe
vcxds.exe
keygen.exe
2. Keygen.exe
Advanced heuristic and reputation engines
ClamAV PUA
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: http://www.clamav.net/index.php?s=pua&lang=en .

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!