× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: b7707af20c0e34801592b44945a96de4c726893e9a39e6a9ce8e1c22208664e0
File name: VirusShare_2e899f619c9582e79621912524a0bafb
Detection ratio: 48 / 56
Analysis date: 2015-10-26 22:33:53 UTC ( 3 months, 1 week ago )
Antivirus Result Update
ALYac Trojan.Encpk.Gen.4 20151027
AVG SHeur4.BQSN 20151026
AVware TrojanPWS.Win32.Fareit.aa (v) 20151026
Ad-Aware Trojan.Encpk.Gen.4 20151027
Agnitum Trojan.DL.Agent!yJpF1cSJ+Uk 20151026
AhnLab-V3 Spyware/Win32.Zbot 20151026
Antiy-AVL Trojan[Downloader]/Win32.Agent 20151027
Arcabit Trojan.Encpk.Gen.4 20151027
Avast Win32:Zbot-RWZ [Trj] 20151027
Avira BDS/Androm.vmba 20151027
Baidu-International Adware.Win32.Agent.Elnx 20151026
BitDefender Trojan.Encpk.Gen.4 20151027
CAT-QuickHeal TrojanDownloader.Agent.r3 20151027
Comodo TrojWare.Win32.Ransom.Blocker.CMMB 20151027
Cyren W32/S-3593c4f6!Eldorado 20151027
DrWeb Trojan.Winlock.8004 20151027
ESET-NOD32 a variant of Win32/Injector.ANHW 20151027
Emsisoft Trojan.Encpk.Gen.4 (B) 20151027
F-Prot W32/S-3593c4f6!Eldorado 20151027
F-Secure Trojan.Encpk.Gen.4 20151027
Fortinet W32/Tepfer.AAX!tr.pws 20151026
GData Trojan.Encpk.Gen.4 20151027
Ikarus Trojan-Downloader.Win32.Karagany 20151027
Jiangmin TrojanDownloader.Agent.fjmv 20151026
K7AntiVirus Riskware ( 0040eff71 ) 20151026
K7GW Riskware ( 0040eff71 ) 20151026
Kaspersky Trojan-Downloader.Win32.Agent.hdor 20151027
Malwarebytes Trojan.ModUPX 20151026
McAfee Artemis!2E899F619C95 20151027
McAfee-GW-Edition PWS-Zbot-FAQD!8B89AF47B2E7 20151027
MicroWorld-eScan Trojan.Encpk.Gen.4 20151027
Microsoft VirTool:Win32/Injector.CL 20151027
NANO-Antivirus Trojan.Win32.Agent.ddbemi 20151026
Panda Generic Malware 20151026
Qihoo-360 HEUR/Malware.QVM18.Gen 20151027
Rising PE:Malware.Generic/QRS!1.9E2D [F] 20151026
Sophos Troj/Agent-ADBJ 20151027
Symantec Trojan.Gen 20151026
Tencent Trojan.Win32.Qudamah.Gen.6 20151027
TheHacker Posible_Worm32 20151026
TotalDefense Win32/Inject.C2!generic 20151026
TrendMicro TROJ_SPNR.14J713 20151027
TrendMicro-HouseCall TROJ_SPNR.14J713 20151027
VBA32 BScope.Malware-Cryptor.MTA.2113 20151026
VIPRE TrojanPWS.Win32.Fareit.aa (v) 20151027
ViRobot Trojan.Win32.S.Zbot.41612[h] 20151026
Zillya Downloader.Agent.Win32.180872 20151026
nProtect Trojan.Encpk.Gen.4 20151026
AegisLab 20151026
Alibaba 20151026
Bkav 20151026
ByteHero 20151027
CMC 20151026
ClamAV 20151027
SUPERAntiSpyware 20151027
Zoner 20151026
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
PEiD UPX 2.93 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-09-24 18:44:30
Link date 7:44 PM 9/24/2013
Entry Point 0x0000B2A0
Number of sections 3
PE sections
Overlays
MD5 e9f2266116a828f2c980e1890281cfcf
File type data
Offset 14848
Size 26764
Entropy 7.97
PE imports
GetStockObject
VirtualFree
ExitProcess
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
RevokeDragDrop
MessageBoxA
Number of PE resources by type
RT_ICON 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ARABIC SAUDI ARABIA 1
ENGLISH US 1
ENGLISH *unknown* 1
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2013:09:24 19:44:30+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
12288

LinkerVersion
2.5

Warning
Possibly corrupt Version resource

FileTypeExtension
exe

InitializedDataSize
4096

SubsystemVersion
4.0

EntryPoint
0xb2a0

OSVersion
4.0

ImageVersion
0.0

UninitializedDataSize
32768

Compressed bundles
File identification
MD5 2e899f619c9582e79621912524a0bafb
SHA1 e68864b12de248e03cf250c872f7c8a808d5173e
SHA256 b7707af20c0e34801592b44945a96de4c726893e9a39e6a9ce8e1c22208664e0
ssdeep
768:vYvuyrOpbnbcuyD7U23g5GrWkA7iNDv58sj+iVI6E6D:7Nbnouy8CNpJiUJVXE6D

authentihash d9a88f6695a9e4e7ee68faebc5dfb8244cd84c5490e739866f2439243250e156
imphash 1c0f4de5231513bd930ec9a23a16ca68
File size 40.6 KB ( 41612 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 EXE Yoda's Crypter (75.6%)
Win32 Executable (generic) (12.8%)
Generic Win/DOS Executable (5.7%)
DOS Executable Generic (5.6%)
VXD Driver (0.0%)
Tags
peexe upx overlay

VirusTotal metadata
First submission 2013-09-25 22:08:51 UTC ( 2 years, 4 months ago )
Last submission 2014-01-01 20:04:19 UTC ( 2 years, 1 month ago )
File names 15477391
IEUpdate.exe
output.15477391.txt
VirusShare_2e899f619c9582e79621912524a0bafb
Trojan-Downloader.Win32.Agent.hdor.exe
ChromeUpdate.exe
FirefoxUpdate.exe
file-6013513_
VirusShare_2e899f619c9582e79621912524a0bafb
4806950ffd3662158327c43a593018f429abdbf1
b7707af20c0e34801592b44945a96de4c726893e9a39e6a9ce8e1c22208664e0
VirusShare_2e899f619c9582e79621912524a0bafb
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: http://www.clamav.net/doc/pua.html .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!