× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: b12c7d57507286bbbe36d7acf9b34c22c96606ffd904e3c23008399a4a50c047
File name: b12c7d57507286bbbe36d7acf9b34c22c96606ffd904e3c23008399a4a50c047
Detection ratio: 45 / 55
Analysis date: 2014-11-27 01:04:26 UTC ( 4 years, 1 month ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.Generic.5794011 20141127
Yandex Trojan.Agent!j/SokBmzvPs 20141126
AhnLab-V3 Trojan/Win32.Regin 20141126
Antiy-AVL Trojan/Win32.SGeneric 20141126
Avast Win32:Regin-A [Rtk] 20141127
AVG Generic24.AAIO 20141127
Avira (no cloud) TR/Agent.12608.1 20141127
AVware Trojan.Win32.Generic!BT 20141121
Baidu-International Trojan.WinNT.Regin.cA 20141126
BitDefender Trojan.Generic.5794011 20141127
CAT-QuickHeal Trojan.Regin.r4 20141126
Comodo UnclassifiedMalware 20141127
Cyren W32/Trojan.YYPC-4729 20141126
DrWeb Trojan.Regin 20141127
Emsisoft Trojan.Generic.5794011 (B) 20141127
ESET-NOD32 a variant of Win32/Regin.A 20141127
F-Prot W32/Regin.A.gen!Eldorado 20141126
F-Secure Rootkit:W32/Regin.A 20141127
Fortinet W32/Regin!tr 20141127
GData Trojan.Generic.5794011 20141127
Ikarus Backdoor.Regin 20141126
Jiangmin Rootkit.Regin.a 20141126
K7AntiVirus Riskware ( 0015e4f01 ) 20141126
K7GW Riskware ( 0015e4f01 ) 20141126
Kaspersky HEUR:Trojan.Win32.Regin.gen 20141126
Malwarebytes Backdoor.Agent.RE 20141126
McAfee Regin!sys 20141127
McAfee-GW-Edition Regin!sys 20141126
Microsoft Trojan:WinNT/Regin.A 20141127
eScan Trojan.Generic.5794011 20141127
NANO-Antivirus Trojan.Win32.Agent.vohdv 20141127
Norman Suspicious_Gen2.MYPYI 20141126
nProtect Trojan.Generic.5794011 20141126
Panda Bck/Regin.A 20141126
Qihoo-360 Trojan.Generic 20141127
Rising PE:Trojan.Regin!1.9FF9 20141126
Sophos AV Troj/Regin-Fam 20141127
Symantec Backdoor.Regin 20141127
Tencent Win32.Trojan.Agent.Eibg 20141127
TotalDefense Win32/ProRat.SG 20141126
TrendMicro TROJ_REGIN.A 20141126
TrendMicro-HouseCall TROJ_REGIN.A 20141127
VBA32 Trojan.Regin 20141126
VIPRE Trojan.Win32.Generic!BT 20141127
ViRobot Trojan.Win32.Regin.12608 20141126
AegisLab 20141127
Bkav 20141120
ByteHero 20141127
ClamAV 20141127
CMC 20141126
Kingsoft 20141127
SUPERAntiSpyware 20141127
TheHacker 20141124
Zillya 20141126
Zoner 20141125
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Native subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2008-07-03 11:38:01
Entry Point 0x000003D4
Number of sections 4
PE sections
PE imports
KeQueryPerformanceCounter
strncmp
KeQuerySystemTime
ZwOpenKey
ZwQuerySystemInformation
ZwCreateFile
RtlTimeToTimeFields
RtlAnsiStringToUnicodeString
RtlUnwind
strncpy
strchr
wcslen
_snprintf
strrchr
ExAllocatePoolWithTag
ZwQueryInformationFile
NtBuildNumber
ZwQueryValueKey
atoi
ExSystemTimeToLocalTime
ExFreePool
RtlFreeUnicodeString
RtlInitAnsiString
wcscpy
_strnicmp
ZwClose
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Native

MachineType
Intel 386 or later, and compatibles

TimeStamp
2008:07:03 12:38:01+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
10496

LinkerVersion
7.1

ImageFileCharacteristics
Executable, No line numbers, No symbols, 32-bit

FileTypeExtension
exe

InitializedDataSize
1504

SubsystemVersion
4.0

EntryPoint
0x03d4

OSVersion
4.0

ImageVersion
4.0

UninitializedDataSize
0

Overlay parents
Compressed bundles
File identification
MD5 ffb0b9b5b610191051a7bdf0806e1e47
SHA1 75a9af1e34dc0bb2f7fcde9d56b2503072ac35dd
SHA256 b12c7d57507286bbbe36d7acf9b34c22c96606ffd904e3c23008399a4a50c047
ssdeep
192:jIhG67ccuvuj7CJj5VQOLX0G1Qc/9HdPvlw3+KHsuyB95oTGB3Mm7:lEg1VJLPV/9HVvlwO6s59yTWJ

authentihash 09c1e731c864b32369bda42203c778fd177ca236061dd9939b5ea296bcef293b
imphash 3f243f8268f79d4c3bb161fd3cd38b5c
File size 12.3 KB ( 12608 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (native) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe via-tor native

VirusTotal metadata
First submission 2009-03-18 11:20:17 UTC ( 9 years, 10 months ago )
Last submission 2018-10-16 13:37:13 UTC ( 3 months ago )
File names FFB0B9B5B610191051A7BDF0806E1E47
b12c7d57507286bbbe36d7acf9b34c22c96606ffd904e3c23008399a4a50c047
b12c7d57507286bbbe36d7acf9b34c22c96606ffd904e3c23008399a4a50c047
pciclass.sys
Regin_22.exe
b12c7d57507286bbbe36d7acf9b34c22c96606ffd904e3c23008399a4a50c047
b12c7d57507286bbbe36d7acf9b34c22c96606ffd904e3c23008399a4a50c047.exe
14.exe
r1.exe
b12c7d57507286bbbe36d7acf9b34c22c96606ffd904e3c23008399a4a50c047.log
ecec.exe
ecec.exe
b12c7d57507286bbbe36d7acf9b34c22c96606ffd904e3c23008399a4a50c047.bin_000156685_.bin
b12c7d57507286bbbe36d7acf9b34c22c96606ffd904e3c23008399a4a50c047.bin
vti-rescan
file-7777442_
FFB0B9B5B610191051A7BDF0806E1E47
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!