× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: b681f8b3eb0a9bcd860d99d5e0c44ab2e7d5efa25d0fe4497b71ad243779ce95
File name: mal
Detection ratio: 20 / 48
Analysis date: 2013-10-02 03:51:05 UTC ( 5 years, 3 months ago ) View latest
Antivirus Result Update
AhnLab-V3 Spyware/Win32.Zbot 20131001
AntiVir TR/Kryptik.53248.101 20131001
Avast Win32:Malware-gen 20131002
BitDefender Trojan.GenericKD.1307546 20131002
Bkav HW32.CDB.Aa0f 20130927
Emsisoft Trojan.GenericKD.1307546 (B) 20131002
ESET-NOD32 a variant of Win32/Injector.ANPQ 20131002
F-Secure Trojan.GenericKD.1307546 20131002
Fortinet W32/Tepfer.AAX!tr.pws 20131002
GData Trojan.GenericKD.1307546 20131002
Kaspersky HEUR:Trojan.Win32.Generic 20131002
Kingsoft Win32.Troj.Generic.a.(kcloud) 20130829
Malwarebytes Trojan.Agent 20131002
McAfee PWS-Zbot-FAQD!310AE9B86A2E 20131002
McAfee-GW-Edition Heuristic.BehavesLike.Win32.ModifiedUPX.C 20131002
Microsoft Worm:Win32/Gamarue 20131002
eScan Trojan.GenericKD.1307546 20131002
Sophos AV Troj/Agent-ADBJ 20131002
TheHacker Posible_Worm32 20131001
TotalDefense Win32/Inject.C2!generic 20131001
Yandex 20131001
Antiy-AVL 20131001
AVG 20131001
Baidu-International 20131001
ByteHero 20130920
CAT-QuickHeal 20131001
ClamAV 20131001
Commtouch 20131002
Comodo 20131001
DrWeb 20131002
F-Prot 20131002
Ikarus 20131002
Jiangmin 20130903
K7AntiVirus 20131001
K7GW 20131001
NANO-Antivirus 20131002
Norman 20131001
nProtect 20131001
Panda 20131001
PCTools 20131001
Rising 20130930
SUPERAntiSpyware 20131002
Symantec 20131002
TrendMicro 20131002
TrendMicro-HouseCall 20131002
VBA32 20131001
VIPRE 20131002
ViRobot 20131001
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
PEiD UPX 2.93 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-09-30 17:46:20
Entry Point 0x00009D40
Number of sections 3
PE sections
Overlays
MD5 4b4f981f3a4276db1a3690a677faf5f2
File type data
Offset 13824
Size 20597
Entropy 7.99
PE imports
VirtualFree
ExitProcess
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
RevokeDragDrop
RemovePropA
Number of PE resources by type
RT_ICON 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
BULGARIAN DEFAULT 1
ENGLISH US 1
ENGLISH *unknown* 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2013:09:30 18:46:20+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
12288

LinkerVersion
2.5

Warning
Possibly corrupt Version resource

FileTypeExtension
exe

InitializedDataSize
4096

SubsystemVersion
4.0

EntryPoint
0x9d40

OSVersion
4.0

ImageVersion
0.0

UninitializedDataSize
28672

File identification
MD5 50e073712917e5cc1c53005dc377bdb0
SHA1 e1014370ded83a76686c768f37094978563b82b4
SHA256 b681f8b3eb0a9bcd860d99d5e0c44ab2e7d5efa25d0fe4497b71ad243779ce95
ssdeep
768:7AiIhBWC+AqhnbcuyD7Up4GYW71LASt7hk8b:7AiUkAqhnouy8pNfhLt9db

authentihash f6b1af74faca63abe8426c1197876858c0d9f62ac491ebb66bf68ceab12305b9
imphash ee1017efd46e2bec714ce92b11261019
File size 33.6 KB ( 34421 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 EXE Yoda's Crypter (63.7%)
Win32 Dynamic Link Library (generic) (15.7%)
Win32 Executable (generic) (10.8%)
Generic Win/DOS Executable (4.8%)
DOS Executable Generic (4.7%)
Tags
peexe upx overlay

VirusTotal metadata
First submission 2013-10-02 03:51:05 UTC ( 5 years, 3 months ago )
Last submission 2013-10-02 03:51:05 UTC ( 5 years, 3 months ago )
File names mal
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created processes
Terminated processes
Opened mutexes
Runtime DLLs