× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: a96f8e4d1c2c55843f88af88f105bb95710a483e998ee1a571336bf3c0af733a
File name: 4cb42b00ad06acca13401809d108aa30.exe
Detection ratio: 48 / 49
Analysis date: 2014-02-19 20:26:40 UTC ( 2 months ago )
Antivirus Result Update
AVG DDoS.AC 20140219
Ad-Aware Trojan.Generic.6183570 20140219
Agnitum Trojan.ServStart!vLNwwofEcoA 20140219
AhnLab-V3 Trojan/Win32.Kryptik 20140219
AntiVir TR/Downloader.Gen2 20140219
Antiy-AVL Trojan/Win32.Servstar 20140219
Avast Win32:ServStart-C [Trj] 20140219
Baidu-International Trojan.Win32.Servstar.AeU 20140219
BitDefender Trojan.Generic.6183570 20140219
Bkav W32.TencentFamQKR.Trojan 20140219
CAT-QuickHeal Trojan.ServStart.A4 20140219
CMC Trojan.Win32.Servstar!O 20140213
ClamAV Win.Trojan.Servstart-113 20140219
Commtouch W32/OnlineGames.A.gen!GSA 20140219
Comodo TrojWare.Win32.TrojanDownloader.Small.CO 20140219
DrWeb Trojan.DownLoad.64314 20140219
ESET-NOD32 a variant of Win32/ServStart.AD 20140219
Emsisoft Trojan.Generic.6183570 (B) 20140219
F-Prot W32/OnlineGames.A.gen!GSA 20140219
F-Secure Trojan.Generic.6183570 20140219
Fortinet W32/ServStart.AS!tr 20140219
GData Trojan.Generic.6183570 20140219
Ikarus Trojan.Win32.ServStart 20140219
Jiangmin Trojan/Generic.ebon 20140219
K7AntiVirus Trojan ( 002cb8e21 ) 20140219
K7GW Trojan ( 002cb8e21 ) 20140219
Kaspersky Trojan.Win32.Servstar.gf 20140219
Kingsoft Win32.Malware.Heur_Generic.B.(kcloud) 20140219
Malwarebytes Trojan.ServStart 20140219
McAfee Scar.gen.y 20140219
McAfee-GW-Edition Scar.gen.y 20140219
MicroWorld-eScan Trojan.Generic.6183570 20140219
Microsoft TrojanProxy:Win32/Cidate.A 20140219
NANO-Antivirus Trojan.Win32.Cidate.ckvbg 20140219
Norman Nitol.A 20140219
Panda Generic Trojan 20140219
Rising PE:Trojan.Win32.Generic.12828149!310542665 20140219
SUPERAntiSpyware Adware.Tencent 20140219
Sophos Troj/Luiha-S 20140219
Symantec Backdoor.Nitol 20140219
TheHacker Trojan/ServStart.ad 20140218
TotalDefense Win32/Cidate.A 20140219
TrendMicro TROJ_SERVSTAR.AQ 20140219
TrendMicro-HouseCall TROJ_SERVSTAR.AQ 20140219
VBA32 BScope.Trojan.TDSS 20140219
VIPRE Trojan.Win32.OnlineGames 20140219
ViRobot Trojan.Win32.A.Servstar.73728.G 20140219
nProtect Trojan/W32.Agent.73728.AZK 20140219
ByteHero 20140219
Qihoo-360 20140217
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block
Copyright
Copyright ? 2010 Tencent. All Rights Reserved

Publisher Tencent
Product Tencent QQ2010
Original name QQExternal.exe
Internal name QQ2010
File version 1.60.2010.0
Description QQ2010
Packers identified
PEiD Armadillo v1.71
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2011-03-24 01:25:59
Link date 2:25 AM 3/24/2011
Entry Point 0x0000679F
Number of sections 4
PE sections
PE imports
CreateToolhelp32Snapshot
GetLastError
HeapFree
GetStdHandle
LCMapStringW
Process32First
lstrcmpiA
DeviceIoControl
WaitForSingleObject
FreeLibrary
LCMapStringA
HeapDestroy
ExitProcess
FlushFileBuffers
GetEnvironmentStringsW
GetVersionExA
LoadLibraryA
RtlUnwind
GetModuleFileNameA
Process32Next
GetACP
FreeEnvironmentStringsA
HeapAlloc
GetCurrentProcess
GetEnvironmentStrings
SetThreadPriority
LocalAlloc
lstrcatA
WideCharToMultiByte
UnhandledExceptionFilter
MultiByteToWideChar
GetShortPathNameA
FreeEnvironmentStringsW
GetCPInfo
GetCommandLineA
GetProcAddress
GetCurrentThread
OpenMutexA
SetStdHandle
SetFilePointer
GetTempPathA
RaiseException
ExitThread
GetStringTypeA
GetModuleHandleA
InterlockedExchange
lstrcpyA
GetStartupInfoA
CloseHandle
GetComputerNameA
GlobalMemoryStatusEx
GetSystemDirectoryA
HeapReAlloc
GetStringTypeW
SetPriorityClass
GetOEMCP
MoveFileA
TerminateProcess
ResumeThread
CreateProcessA
SetHandleCount
GetEnvironmentVariableA
HeapCreate
WriteFile
VirtualFree
Sleep
GetFileType
CreateFileA
GetTickCount
GetVersion
GetLocaleInfoW
VirtualAlloc
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
CHINESE SIMPLIFIED 1
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
6.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.60.2010.0

UninitializedDataSize
0

LanguageCode
Chinese (Simplified)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
32768

FileOS
Windows NT 32-bit

MIMEType
application/octet-stream

LegalCopyright
Copyright ? 2010 Tencent. All Rights Reserved

FileVersion
1.60.2010.0

TimeStamp
2011:03:24 02:25:59+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
QQ2010

FileAccessDate
2014:02:19 21:27:08+01:00

ProductVersion
1.60.2010.0

FileDescription
QQ2010

OSVersion
4.0

FileCreateDate
2014:02:19 21:27:08+01:00

OriginalFilename
QQExternal.exe

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Tencent

CodeSize
40960

ProductName
Tencent QQ2010

ProductVersionNumber
1.60.2010.0

EntryPoint
0x679f

ObjectFileType
Executable application

File identification
MD5 4cb42b00ad06acca13401809d108aa30
SHA1 449549eaa1a975ce32e565602dfe565c0ec41ed8
SHA256 a96f8e4d1c2c55843f88af88f105bb95710a483e998ee1a571336bf3c0af733a
ssdeep
1536:6cKkAnLCPD5IHbK4n0ncsdr6bUPOQzggpsYsvtUyHd:6cQLCPD50K3csdrgSp8tUyHd

imphash 2d15e57de3cb34b8e04faef971332ab3
File size 72.0 KB ( 73728 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe armadillo

VirusTotal metadata
First submission 2011-03-26 10:22:25 UTC ( 3 years ago )
Last submission 2014-02-19 20:26:40 UTC ( 2 months ago )
File names A474235C00D0D4DB203401E7818E6300E56AC9AD.exe
cdt.exe
4cb42b00ad06acca13401809d108aa30
file-2022098_exe
QQExternal.exe
QQ2010
800369
1512262809.malware.sample
smona130649749680407420304
4cb42b00ad06acca13401809d108aa30.exe
4cb42b00ad06acca13401809d108aa30449549eaa1a975ce32e565602dfe565c0ec41ed873728.exe
cdt.exe-1wisrR
4cb42b00ad06acca13401809d108aa30.vir
Behaviour characterization
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!