× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: ac19d64b3249c8688d581eccfcb7e7baa96b8190e188dc1f6069fb0346588c11
File name: [Chest]_C__Users_PB_Desktop_Lov_588C11.ex
Detection ratio: 10 / 44
Analysis date: 2011-09-13 12:04:30 UTC ( 2 years, 10 months ago )
Antivirus Result Update
AhnLab-V3 Trojan/Win32.Menti 20110913
AntiVir TR/Fraud.Gen 20110913
Avast5 Win32:CripUnp [Susp] 20110913
BitDefender Trojan.Generic.KD.354999 20110913
Emsisoft Hoax.Win32.ArchSMS!IK 20110913
F-Secure Trojan.Generic.KD.354999 20110913
GData Trojan.Generic.KD.354999 20110913
Ikarus Hoax.Win32.ArchSMS 20110913
Microsoft VirTool:Win32/Obfuscator.SR 20110913
VIPRE Trojan.Win32.Generic.pak!cobra 20110913
AVG 20110913
Antiy-AVL 20110913
Avast 20110913
ByteHero 20110913
CAT-QuickHeal 20110913
ClamAV 20110912
Commtouch 20110913
Comodo 20110913
DrWeb 20110913
F-Prot 20110913
Fortinet 20110911
Jiangmin 20110912
K7AntiVirus 20110912
Kaspersky 20110913
McAfee 20110913
McAfee-GW-Edition 20110912
NOD32 20110913
Norman 20110913
PCTools 20110913
Panda 20110913
Prevx 20110913
Rising 20110909
SUPERAntiSpyware 20110913
Sophos 20110913
Symantec 20110913
TheHacker 20110910
TrendMicro 20110913
TrendMicro-HouseCall 20110913
VBA32 20110912
ViRobot 20110913
VirusBuster 20110912
eSafe 20110911
eTrust-Vet 20110913
nProtect 20110913
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file.
Packers identified
PEiD UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
PE header basic information
Number of sections 4
PE sections
PE imports
GetCurrentHwProfileW
LoadLibraryA
GetProcAddress
VirtualProtect
VirtualAlloc
VirtualFree
ExitProcess
File identification
MD5 1325e2a97a44399be7c8980f998c1a12
SHA1 73597ad1c2863a529633ec6baaa89882b0d7f0a6
SHA256 ac19d64b3249c8688d581eccfcb7e7baa96b8190e188dc1f6069fb0346588c11
ssdeep
98304:t97lIb/YglaDPPVSJjZyKYndx9hQS9+zMtkbK8ywrdJU2qb/Oyn/u+KGOIqp5Q:BgJjZLoxr9+kMoPb/Oy/uhIEQ

File size 5.5 MB ( 5771426 bytes )
File type Win32 EXE
Magic literal

TrID UPX compressed Win32 Executable (39.5%)
Win32 EXE Yoda's Crypter (34.3%)
Win32 Executable Generic (11.0%)
Win32 Dynamic Link Library (generic) (9.8%)
Generic Win/DOS Executable (2.5%)
Tags
upx

VirusTotal metadata
First submission 2011-09-13 12:04:30 UTC ( 2 years, 10 months ago )
Last submission 2011-09-13 12:04:30 UTC ( 2 years, 10 months ago )
File names [Chest]_C__Users_PB_Desktop_Lov_588C11.ex
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!