× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: a9938920913ff41affda121f8920879c7f49262db143540d1ca1ed5f3d4545ac
File name: efa31d3cbd26934c5f0afb713d48c6d9
Detection ratio: 43 / 54
Analysis date: 2014-06-17 23:09:45 UTC ( 4 years, 10 months ago )
Antivirus Result Update
Ad-Aware Trojan.Generic.KD.85514 20140617
Yandex Trojan.PWS.Agent!ibcQdhso13g 20140614
AhnLab-V3 Trojan/Win32.VBKrypt 20140617
AntiVir TR/Spy.SpyEyes.dtd 20140617
Avast Win32:VB-YLY [Trj] 20140617
AVG Dropper.Small.IFT 20140617
BitDefender Trojan.Generic.KD.85514 20140617
Bkav W32.QringRS.Trojan 20140617
CAT-QuickHeal TrojanPSW.Agent.r2 20140617
Commtouch W32/Risk.BXAD-7385 20140617
Comodo TrojWare.Win32.Trojan.Agent.Gen 20140617
DrWeb Trojan.PWS.Stealer.189 20140617
Emsisoft Trojan.Generic.KD.85514 (B) 20140617
ESET-NOD32 a variant of Win32/Injector.DXD 20140617
F-Prot W32/MalwareF.TINX 20140617
F-Secure Trojan.Generic.KD.85514 20140617
Fortinet W32/Magania.IDPJ!tr 20140617
GData Trojan.Generic.KD.85514 20140617
Ikarus Trojan-PWS.Win32.Agent 20140617
Jiangmin Trojan/PSW.Agent.nag 20140617
K7AntiVirus Password-Stealer ( 001dc8f61 ) 20140617
K7GW Password-Stealer ( 001dc8f61 ) 20140617
Kaspersky Trojan-PSW.Win32.Agent.vie 20140617
Kingsoft Win32.PSWTroj.Agent.(kcloud) 20140618
Malwarebytes Worm.KoobFace 20140617
McAfee Generic.dx!EFA31D3CBD26 20140617
McAfee-GW-Edition Generic.dx!EFA31D3CBD26 20140617
Microsoft VirTool:Win32/VBInject.TE 20140617
eScan Trojan.Generic.KD.85514 20140617
Norman Suspicious_Gen2.FFZWW 20140617
nProtect Trojan-PWS/W32.Agent.115200.E 20140617
Panda Generic Trojan 20140617
Qihoo-360 Win32/Trojan.PSW.348 20140618
Rising PE:Trojan.Win32.Generic.12AEAFB3!313438131 20140617
Sophos AV Mal/VBCheMan-A 20140617
SUPERAntiSpyware Trojan.Agent/Gen-Falprod 20140617
Symantec Infostealer 20140617
Tencent Win32.Trojan-qqpass.Qqrob.Aosx 20140618
TheHacker Trojan/PSW.Agent.vie 20140617
VBA32 SScope.Trojan.VBRA.76 20140617
VIPRE LooksLike.Win32.Malware!vb (v) 20140617
ViRobot Trojan.Win32.A.PSW-Agent.115200.A 20140617
Zillya Trojan.Agent.Win32.120856 20140617
AegisLab 20140617
Antiy-AVL 20140617
Baidu-International 20140617
ByteHero 20140618
ClamAV 20140617
CMC 20140617
NANO-Antivirus 20140617
TotalDefense 20140617
TrendMicro 20140617
TrendMicro-HouseCall 20140617
Zoner 20140616
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Publisher G2iX2k
Product LWBfAWXvN
Original name JRoJPyjIWf6x4dQ4nb.exe
Internal name JRoJPyjIWf6x4dQ4nb
File version 16.432.0859
Packers identified
PEiD PECompact 2.xx --> BitSum Technologies
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2010-12-10 12:49:55
Entry Point 0x000010B8
Number of sections 2
PE sections
PE imports
VirtualFree
LoadLibraryA
VirtualAlloc
GetProcAddress
Number of PE resources by type
RT_CURSOR 2
RT_ICON 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 2
JAPANESE DEFAULT 1
ENGLISH US 1
MALTESE DEFAULT 1
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
6.0

ImageVersion
16.432

FileSubtype
0

FileVersionNumber
16.432.0.859

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

CharacterSet
Unicode

InitializedDataSize
94208

FileOS
Win32

MIMEType
application/octet-stream

FileVersion
16.432.0859

TimeStamp
2010:12:10 13:49:55+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
JRoJPyjIWf6x4dQ4nb

FileAccessDate
2014:06:18 00:10:25+01:00

ProductVersion
16.432.0859

SubsystemVersion
4.0

OSVersion
4.0

FileCreateDate
2014:06:18 00:10:25+01:00

OriginalFilename
JRoJPyjIWf6x4dQ4nb.exe

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
G2iX2k

CodeSize
73728

ProductName
LWBfAWXvN

ProductVersionNumber
16.432.0.859

EntryPoint
0x10b8

ObjectFileType
Executable application

File identification
MD5 efa31d3cbd26934c5f0afb713d48c6d9
SHA1 6cd6716a6dcc66685a257f1838aa41f7faa14d39
SHA256 a9938920913ff41affda121f8920879c7f49262db143540d1ca1ed5f3d4545ac
ssdeep
3072:4NYO/+Q0pD3gj+wZNpAkAdHkCfTJaW/LxdrQKHTX:gYlQ05ZONpAkQFTJaW/NxjT

imphash 09d0478591d4f788cb3e5ea416c25237
File size 112.5 KB ( 115200 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 EXE PECompact compressed (v2.x) (51.0%)
Win32 EXE PECompact compressed (generic) (35.9%)
Win32 Dynamic Link Library (generic) (5.6%)
Win32 Executable (generic) (3.8%)
Generic Win/DOS Executable (1.7%)
Tags
pecompact peexe mz

VirusTotal metadata
First submission 2010-12-10 20:18:24 UTC ( 8 years, 4 months ago )
Last submission 2014-06-17 23:09:45 UTC ( 4 years, 10 months ago )
File names efa31d3cbd26934c5f0afb713d48c6d9.exe
efa31d3cbd26934c5f0afb713d48c6d9_INF88E7.tmp
JRoJPyjIWf6x4dQ4nb
712815
efa31d3cbd26934c5f0afb713d48c6d9
712933
efa31d3cbd26934c5f0afb713d48c6d9.virus
711843
file-1628815_exe
efa31d3cbd26934c5f0afb713d48c6d9
getexe=za.ex
IPH-000003
za.exe
3FEF06390041704EC29901135C43C300C250EBAE.exe
JRoJPyjIWf6x4dQ4nb.exe
za[1]BADexe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!