× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: b2a11a712d57bf24bc093174f04b86ca2eef6ce9c43198c5ff36a6577f028c45
File name: c3fb8af71b35d2f001bd12810028f1b8
Detection ratio: 9 / 41
Analysis date: 2010-01-30 07:01:21 UTC ( 4 years, 2 months ago ) View latest
Antivirus Result Update
AntiVir TR/Killwin.SE 20100129
Antiy-AVL Trojan/Win32.KillWin.gen 20100128
F-Secure Suspicious:W32/Riskware!Online 20100129
Fortinet W32/KillWin.SE!tr 20100130
Kaspersky Trojan.Win32.KillWin.se 20100130
McAfee-GW-Edition Trojan.Killwin.SE 20100130
Symantec Supicious.Insight 20100130
TheHacker Trojan/KillWin.se 20100130
VBA32 Trojan.Win32.KillWin.se 20100129
AVG 20100129
AhnLab-V3 20100129
Authentium 20100130
Avast 20100130
BitDefender 20100130
CAT-QuickHeal 20100130
ClamAV 20100130
Comodo 20100130
DrWeb 20100130
F-Prot 20100129
GData 20100130
Ikarus 20100130
Jiangmin 20100128
K7AntiVirus 20100129
McAfee 20100129
McAfee+Artemis 20100129
Microsoft 20100130
NOD32 20100130
Norman 20100129
PCTools 20100130
Panda 20100129
Prevx 20100130
Rising 20100130
Sophos 20100130
Sunbelt 20100130
TrendMicro 20100130
ViRobot 20100130
VirusBuster 20100129
a-squared 20100129
eSafe 20100128
eTrust-Vet 20100129
nProtect 20100129
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2010-01-17 15:50:56
Link date 4:50 PM 1/17/2010
Entry Point 0x00001500
Number of sections 16
PE sections
PE imports
GetLastError
EnterCriticalSection
FreeLibrary
QueryPerformanceCounter
GetTickCount
VirtualProtect
LoadLibraryA
GetModuleFileNameA
DeleteCriticalSection
GetCurrentProcess
GetCurrentProcessId
UnhandledExceptionFilter
GetProcAddress
GetModuleHandleA
SetUnhandledExceptionFilter
GetStartupInfoA
GetSystemTimeAsFileTime
TerminateProcess
InitializeCriticalSection
VirtualQuery
TlsGetValue
Sleep
GetCurrentThreadId
LeaveCriticalSection
MessageBoxA
__lconv_init
malloc
__dllonexit
_cexit
abort
fprintf
_fmode
_amsg_exit
raise
strlen
_lock
_onexit
__initenv
exit
sprintf
__setusermatherr
_acmdln
_unlock
free
__getmainargs
calloc
_exit
signal
memcpy
_initterm
__set_app_type
_iob
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

TimeStamp
2010:01:17 16:50:56+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
19968

LinkerVersion
2.56

FileAccessDate
2014:03:24 15:51:36+01:00

EntryPoint
0x1500

InitializedDataSize
24576

SubsystemVersion
4.0

ImageVersion
1.0

OSVersion
4.0

FileCreateDate
2014:03:24 15:51:36+01:00

UninitializedDataSize
1536

File identification
MD5 c3fb8af71b35d2f001bd12810028f1b8
SHA1 f7af52bc971fe00b19485c28f56346890105c72a
SHA256 b2a11a712d57bf24bc093174f04b86ca2eef6ce9c43198c5ff36a6577f028c45
ssdeep
1536:5jwQrrK4zjd9VSr6SfDamNSsDVBOiVCU73nboKZVGs6hmi1XaB/k0:5jONzjBn73nb4/hmQXaxk0

imphash 10d72153e9f91439bf0b5a7e8452bb1c
File size 92.6 KB ( 94774 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win64 Executable (generic) (64.6%)
Win32 Dynamic Link Library (generic) (15.3%)
Win32 Executable (generic) (10.5%)
Generic Win/DOS Executable (4.6%)
DOS Executable Generic (4.6%)
Tags
peexe

VirusTotal metadata
First submission 2010-01-19 10:12:03 UTC ( 4 years, 3 months ago )
Last submission 2012-02-07 04:17:51 UTC ( 2 years, 2 months ago )
File names 4.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!