× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: b1897fdb21060ee58003c2d33656944e3780df763879c132b642645bb17bc092
File name: fc0a6c36738e40760b53d66934fad39a
Detection ratio: 35 / 54
Analysis date: 2014-06-21 05:15:27 UTC ( 3 years, 12 months ago )
Antivirus Result Update
Ad-Aware Gen:Trojan.Heur2.JP.GuX@a4ohlAoi 20140621
Yandex Trojan.Injector!WBZTOzjf/9g 20140620
AhnLab-V3 Trojan/Win32.ADH 20140620
AntiVir TR/Spy.531996 20140620
Antiy-AVL Trojan/Win32.Agent 20140619
Avast Win32:Malware-gen 20140621
AVG BackDoor.Generic13.BMDN 20140621
Baidu-International Trojan.Win32.Injector.V 20140620
BitDefender Gen:Trojan.Heur2.JP.GuX@a4ohlAoi 20140621
CMC Packed.Win32.Zcrypt.3!O 20140621
Commtouch W32/Rbot.A.gen!Eldorado 20140621
Comodo UnclassifiedMalware 20140621
DrWeb Trojan.Click2.1703 20140621
Emsisoft Gen:Trojan.Heur2.JP.GuX@a4ohlAoi (B) 20140621
ESET-NOD32 probably a variant of Win32/Injector.V 20140621
F-Prot W32/Rbot.A.gen!Eldorado 20140621
F-Secure Gen:Trojan.Heur2.JP.GuX@a4ohlAoi 20140621
Fortinet W32/BDoor.EIO!tr.bdr 20140621
GData Gen:Trojan.Heur2.JP.GuX@a4ohlAoi 20140621
Ikarus Gen.Trojan.Heur 20140621
Jiangmin Trojan/Genome.apms 20140621
Kingsoft Win32.Troj.Genome.(kcloud) 20140621
McAfee BackDoor-EIO 20140621
McAfee-GW-Edition Heuristic.BehavesLike.Win32.Suspicious-BAY.G 20140621
eScan Gen:Trojan.Heur2.JP.GuX@a4ohlAoi 20140621
NANO-Antivirus Trojan.Win32.531996.cuxyn 20140621
Norman Suspicious_Gen2.MFEEN 20140620
Panda Trj/Genetic.gen 20140620
Sophos AV Mal/Generic-S 20140621
Symantec WS.Reputation.1 20140621
Tencent Win32.Trojan.Agent.drlq 20140621
TheHacker Trojan/Genome.tfds 20140617
VBA32 Trojan.Genome.tf 20140620
VIPRE Trojan.Win32.Generic.pak!cobra 20140621
Zillya Trojan.Genome.Win32.129859 20140620
AegisLab 20140620
Bkav 20140620
ByteHero 20140621
CAT-QuickHeal 20140620
ClamAV 20140621
K7AntiVirus 20140620
K7GW 20140620
Kaspersky 20140620
Malwarebytes 20140621
Microsoft 20140621
nProtect 20140620
Qihoo-360 20140621
Rising 20140620
SUPERAntiSpyware 20140620
TotalDefense 20140620
TrendMicro 20140621
TrendMicro-HouseCall 20140621
ViRobot 20140621
Zoner 20140616
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2011-05-18 19:39:32
Entry Point 0x00001000
Number of sections 5
PE sections
PE imports
GetCurrentHwProfileA
InitCommonControls
HeapFree
WriteProcessMemory
VirtualAllocEx
FreeLibrary
HeapDestroy
HeapAlloc
LoadLibraryA
GetModuleFileNameA
GetCurrentProcessId
ReadProcessMemory
GetCommandLineA
GetProcAddress
GetThreadContext
SetFilePointer
GetTempPathA
GetModuleHandleA
ReadFile
WriteFile
CloseHandle
HeapReAlloc
SetThreadContext
TerminateProcess
ResumeThread
CreateProcessA
InitializeCriticalSection
HeapCreate
CreateFileA
ExitProcess
GetCurrentThreadId
GetFileSize
strncmp
memset
free
_strdup
sprintf
_strnicmp
strlen
memcpy
strncpy
CoInitialize
URLDownloadToFileA
GetWindowThreadProcessId
GetForegroundWindow
EnableWindow
IsWindowVisible
EnumWindows
MessageBoxA
IsWindowEnabled
InternetGetConnectedState
Number of PE resources by type
RT_ICON 10
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 13
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
2.5

ImageVersion
0.0

FileVersionNumber
0.0.0.0

LanguageCode
Neutral

FileFlagsMask
0x0000

CharacterSet
Unicode

InitializedDataSize
517632

MIMEType
application/octet-stream

TimeStamp
2011:05:18 20:39:32+01:00

FileType
Win32 EXE

PEType
PE32

FileAccessDate
2014:06:21 06:15:03+01:00

SubsystemVersion
4.0

OSVersion
4.0

FileCreateDate
2014:06:21 06:15:03+01:00

FileOS
Unknown (0)

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
12288

FileSubtype
0

ProductVersionNumber
0.0.0.0

EntryPoint
0x1000

ObjectFileType
Unknown

File identification
MD5 fc0a6c36738e40760b53d66934fad39a
SHA1 d3ac60c916b5049bc69484fb74fd7719b1fcaabb
SHA256 b1897fdb21060ee58003c2d33656944e3780df763879c132b642645bb17bc092
ssdeep
6144:FImSZkHulU5ATBqc4neXFgdn46vWC411alt8CIHLpEQYsATBMPWneXFz:FI3IATsHneF24ZaDTIVEP/1jneFz

imphash c87c561c595643ff7cae40277275c63c
File size 519.5 KB ( 531996 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID UPX compressed Win32 Executable (29.9%)
Win64 Executable (generic) (27.1%)
Win32 EXE Yoda's Crypter (26.0%)
Win32 Dynamic Link Library (generic) (6.4%)
Win32 Executable (generic) (4.4%)
Tags
peexe

VirusTotal metadata
First submission 2011-05-22 03:32:11 UTC ( 7 years ago )
Last submission 2014-06-21 05:15:27 UTC ( 3 years, 12 months ago )
File names bJVoNW2p.png
fc0a6c36738e40760b53d66934fad39a
file-2272958_exe
aa
Iy8LOSQc.tar.bz2
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
HTTP requests
DNS requests
TCP connections