× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: a8a3d2b2392107bff85de03bef306031f3b8b7027cd04c8bfbfb58c00e6ee33f
File name: 4955fb7d93ea5d48cc011a1eb7bad250
Detection ratio: 33 / 44
Analysis date: 2013-08-10 23:45:32 UTC ( 4 years, 8 months ago )
Antivirus Result Update
Yandex Suspicious!SA 20130810
AhnLab-V3 Win32/ExprPacked.suspicious 20130810
AntiVir TR/Crypt.XPACK.Gen 20130810
Avast Win32:Dropper-GBV [Drp] 20130810
AVG Hosts 20130810
BitDefender Packer.Expressor.B 20130810
ByteHero Virus.Win32.Heur.c 20130724
Commtouch W32/GenBl.D7B40564!Olympus 20130810
Comodo Backdoor.Win32.Hupigon.~d023 20130810
DrWeb BackDoor.IRC.Bot.861 20130811
Emsisoft Packer.Expressor.B (B) 20130811
ESET-NOD32 a variant of Win32/AutoRun.IRCBot.HR 20130810
F-Prot W32/Heuristic-210!Eldorado 20130811
GData Packer.Expressor.B 20130810
Ikarus Packer.Expressor 20130810
Jiangmin Trojan/PSW.OnLineGames.aayp 20130810
K7GW Riskware 20130809
Kaspersky HEUR:Trojan.Win32.Generic 20130810
McAfee Generic Malware.dq 20130811
McAfee-GW-Edition Heuristic.LooksLike.Win32.Suspicious.F 20130810
Microsoft Trojan:Win32/Malex.gen!E 20130810
eScan Packer.Expressor.B 20130810
NANO-Antivirus Trojan.Win32.Injector.cjcee 20130810
Norman Hupigon.gen83 20130810
nProtect Trojan/W32.Agent.17247 20130809
Panda Trj/Genetic.gen 20130810
PCTools Trojan.IRCBot 20130810
Symantec W32.IRCBot.Gen 20130810
TheHacker Trojan/AutoRun.IRCBot.hr 20130810
TrendMicro TROJ_SPNR.07FT11 20130811
TrendMicro-HouseCall TROJ_SPNR.07FT11 20130810
VBA32 Malware-Cryptor.Inject.gen 20130809
VIPRE BehavesLike.Win32.Malware.spi (mx-v) 20130810
Antiy-AVL 20130810
CAT-QuickHeal 20130808
ClamAV 20130810
Fortinet 20130811
K7AntiVirus 20130809
Kingsoft 20130723
Malwarebytes 20130810
Rising 20130809
SUPERAntiSpyware 20130810
TotalDefense 20130809
ViRobot 20130810
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
F-PROT Expr
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2011-01-01 01:03:12
Entry Point 0x0000C4B2
Number of sections 3
PE sections
PE imports
RegSetValueExA
GetLastError
LoadLibraryExA
GetModuleHandleA
CreateMutexA
VirtualFree
ExitProcess
LocalFree
VirtualProtect
GetProcAddress
VirtualAlloc
GetModuleFileNameA
__getmainargs
ShellExecuteA
MessageBoxA
VkKeyScanA
Ord(52)
CoInitialize
URLDownloadToFileA
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2011:01:01 02:03:12+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
0

LinkerVersion
0.0

EntryPoint
0xc4b2

InitializedDataSize
5424

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 d7b405641540fe9c8946dbac274429ef
SHA1 d2bc9bf0af10fd41f74d317e157407b665cde567
SHA256 a8a3d2b2392107bff85de03bef306031f3b8b7027cd04c8bfbfb58c00e6ee33f
ssdeep
384:ST+sHAZ3pjDFH3sXYhtKJl+JzVc+VDTooAkCXpsZqE24f7ffKJ49o5:7sw3pjDFXsX4tCMzBCkKpbZ4f7fAco

File size 16.8 KB ( 17247 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe

VirusTotal metadata
First submission 2011-05-03 00:44:32 UTC ( 6 years, 11 months ago )
Last submission 2011-06-01 02:12:48 UTC ( 6 years, 10 months ago )
File names t8b9zFcsJJ.js
aa
d7b405641540fe9c8946dbac274429ef
817BED665FA89B4943910010B5CFB20008384625.exe
file-2281667_swat
d2bc9bf0af10fd41f74d317e157407b665cde567
852590
sa.exe
4955fb7d93ea5d48cc011a1eb7bad250-4955fb7d93ea5d48cc011a1eb7bad250-1304383482
4955fb7d93ea5d48cc011a1eb7bad250
IR1_NqE5m.jar
d7b405641540fe9c8946dbac274429ef.exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!