× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: b508d025a38260c18936c1c6dc32764c0f0d3abcdba1e40285baccf16331d27f
File name: 1FFCB19BFFBE4AC87B20F69A6E4103DC
Detection ratio: 41 / 43
Analysis date: 2011-08-15 05:02:13 UTC ( 7 years, 8 months ago )
Antivirus Result Update
AhnLab-V3 Win-Trojan/Buzus.81408.P 20110814
AntiVir TR/Buzus.crtz 20110815
Avast Win32:Trojan-gen 20110815
Avast5 Win32:Trojan-gen 20110815
AVG Generic15.CLSD 20110814
BitDefender IRC-Worm.Generic.8837 20110815
CAT-QuickHeal Trojan.Buzus.crty 20110813
ClamAV Trojan.Buzus-7161 20110814
Commtouch W32/Trojan2.LPDZ 20110814
Comodo TrojWare.Win32.Buzus.crty 20110814
DrWeb Win32.HLLW.MyBot 20110815
Emsisoft Trojan.Buzus!IK 20110815
eSafe Win32.TRBuzus.Crtz 20110814
eTrust-Vet Win32/Pushbot.GZ 20110812
F-Prot W32/Trojan2.LPDZ 20110814
F-Secure IRC-Worm.Generic.8837 20110815
Fortinet W32/Injector.fam!tr 20110815
GData IRC-Worm.Generic.8837 20110815
Ikarus Trojan.Buzus 20110815
Jiangmin Trojan/Buzus.yes 20110814
K7AntiVirus Trojan 20110812
Kaspersky Trojan.Win32.Buzus.crty 20110815
McAfee BackDoor-DOQ.gen.z 20110815
McAfee-GW-Edition BackDoor-DOQ.gen.z 20110815
Microsoft VirTool:Win32/DelfInject.gen!BD 20110814
NOD32 Win32/TrojanClicker.VB.NJT 20110815
Norman W32/Buzus.AAGA 20110814
nProtect Trojan/W32.Buzus.81408.P 20110814
Panda W32/P2Pworm.FD 20110814
PCTools Trojan.IRCBot!rem 20110815
Prevx High Risk System Back Door 20110815
Rising Trojan.Win32.Generic.11E7E5C1 20110812
Sophos AV Mal/Generic-L 20110815
Symantec W32.IRCBot 20110815
TheHacker Trojan/Buzus.crty 20110815
TrendMicro WORM_PALEVO.SMN 20110815
TrendMicro-HouseCall WORM_PALEVO.SMN 20110815
VBA32 Net-Worm.Win32.Kolab.ffo 20110813
VIPRE NetWorm.Win32.Kolab.ffo (v) 20110815
ViRobot Trojan.Win32.Buzus.100864 20110814
VirusBuster Trojan.Buzus!AEa02F9MNFY 20110814
Antiy-AVL 20110814
SUPERAntiSpyware 20110813
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file.
PE header basic information
Number of sections 8
PE sections
PE imports
RegQueryValueExA
RegOpenKeyExA
RegCloseKey
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
VirtualFree
VirtualAlloc
LocalFree
LocalAlloc
GetVersion
GetCurrentThreadId
WideCharToMultiByte
lstrlenA
lstrcpynA
LoadLibraryExA
GetThreadLocale
GetStartupInfoA
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
GetLocaleInfoA
GetCommandLineA
FreeLibrary
FindFirstFileA
FindClose
ExitProcess
WriteFile
UnhandledExceptionFilter
RtlUnwind
RaiseException
GetStdHandle
TlsSetValue
TlsGetValue
LocalAlloc
GetModuleHandleA
WriteFile
VirtualQuery
LoadLibraryExA
GetVersionExA
GetThreadLocale
GetStringTypeExA
GetStdHandle
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
GetLocaleInfoA
GetDiskFreeSpaceA
GetCPInfo
GetACP
EnumCalendarInfoA
SysFreeString
SysReAllocStringLen
GetKeyboardType
LoadStringA
MessageBoxA
CharNextA
MessageBoxA
LoadStringA
GetSystemMetrics
CharNextA
CharToOemA
File identification
MD5 1ffcb19bffbe4ac87b20f69a6e4103dc
SHA1 a7f5458cbb3bc3293374f25576f814d0644626e9
SHA256 b508d025a38260c18936c1c6dc32764c0f0d3abcdba1e40285baccf16331d27f
ssdeep
1536:P0ljZCpChVY8YIZZNt7on1ExvHGl5xIcFPPc7J1McWdymrTG3Kwh:sjZrhrG+xvHU5xDFsSd3r6lh

File size 79.5 KB ( 81408 bytes )
File type Win32 EXE
Magic literal

TrID Win32 Executable Generic (38.4%)
Win32 Dynamic Link Library (generic) (34.1%)
Win16/32 Executable Delphi generic (9.3%)
Generic Win/DOS Executable (9.0%)
DOS Executable Generic (9.0%)
VirusTotal metadata
First submission 2010-01-04 14:12:42 UTC ( 9 years, 3 months ago )
Last submission 2011-08-15 05:02:13 UTC ( 7 years, 8 months ago )
File names InThapSUv.wbs
1FFCB19BFFBE4AC87B20F69A6E4103DC
aa
3Nnuw6e.pps
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!