× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: b7707af20c0e34801592b44945a96de4c726893e9a39e6a9ce8e1c22208664e0
File name: VirusShare_2e899f619c9582e79621912524a0bafb
Detection ratio: 44 / 49
Analysis date: 2014-03-06 08:21:08 UTC ( 1 month, 1 week ago )
Antivirus Result Update
AVG SHeur4.BQSN 20140305
Ad-Aware Trojan.GenericKDV.1294028 20140306
Agnitum Trojan.DL.Agent!yJpF1cSJ+Uk 20140305
AntiVir TR/Crypt.ZPACK.1752 20140306
Antiy-AVL Trojan[Downloader]/Win32.Agent 20140306
Avast Win32:Zbot-RWZ [Trj] 20140306
Baidu-International Trojan.Win32.Injector.ANIP 20140306
BitDefender Trojan.GenericKDV.1294028 20140306
Bkav W32.GenericSirefefEC.Trojan 20140305
CAT-QuickHeal TrojanDownloader.Agent.hdor 20140306
Commtouch W32/Trojan.OPXX-6146 20140306
Comodo TrojWare.Win32.Ransom.Blocker.CMMB 20140306
DrWeb Trojan.Winlock.8004 20140306
ESET-NOD32 a variant of Win32/Injector.ANIP 20140306
Emsisoft Trojan.GenericKDV.1294028 (B) 20140306
F-Secure Trojan.GenericKDV.1294028 20140306
Fortinet W32/Tepfer.AAX!tr.pws 20140306
GData Trojan.GenericKDV.1294028 20140306
Ikarus Trojan-Downloader.Win32.Karagany 20140306
Jiangmin TrojanDownloader.Agent.fjmv 20140306
K7AntiVirus Riskware ( 0040eff71 ) 20140305
K7GW Riskware ( 0040eff71 ) 20140305
Kaspersky Trojan-Downloader.Win32.Agent.hdor 20140306
Kingsoft Win32.Troj.Generic.a.(kcloud) 20140306
Malwarebytes Trojan.ModifiedUPX 20140306
McAfee Artemis!2E899F619C95 20140306
McAfee-GW-Edition Heuristic.BehavesLike.Win32.ModifiedUPX.C 20140306
MicroWorld-eScan Trojan.GenericKDV.1294028 20140306
Microsoft VirTool:Win32/Injector.CL 20140306
NANO-Antivirus Trojan.Win32.Agent.cgropx 20140306
Norman Gamarue.BBP 20140306
Panda Generic Malware 20140305
Qihoo-360 Malware.QVM18.Gen 20140306
Rising PE:Trojan.Crypto!1.9C6D 20140305
Sophos Troj/Agent-ADBJ 20140306
Symantec Trojan.Gen 20140306
TheHacker Posible_Worm32 20140305
TotalDefense Win32/Inject.C2!generic 20140306
TrendMicro TROJ_SPNR.14J713 20140306
TrendMicro-HouseCall TROJ_SPNR.14J713 20140306
VBA32 TrojanDownloader.Agent 20140305
VIPRE TrojanPWS.Win32.Fareit.aa (v) 20140306
ViRobot Trojan.Win32.S.Zbot.41612 20140306
nProtect Trojan.GenericKDV.1294028 20140305
AhnLab-V3 20140305
ByteHero 20140306
CMC 20140228
ClamAV 20140305
F-Prot 20140306
SUPERAntiSpyware 20140306
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
PEiD UPX 2.93 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-09-24 18:44:30
Link date 7:44 PM 9/24/2013
Entry Point 0x0000B2A0
Number of sections 3
PE sections
PE imports
GetStockObject
VirtualFree
ExitProcess
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
RevokeDragDrop
MessageBoxA
Number of PE resources by type
RT_ICON 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ARABIC SAUDI ARABIA 1
ENGLISH US 1
ENGLISH *unknown* 1
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2013:09:24 19:44:30+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
12288

LinkerVersion
2.5

FileAccessDate
2014:03:06 09:22:33+01:00

Warning
Possibly corrupt Version resource

EntryPoint
0xb2a0

InitializedDataSize
4096

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

FileCreateDate
2014:03:06 09:22:33+01:00

UninitializedDataSize
32768

Compressed bundles
File identification
MD5 2e899f619c9582e79621912524a0bafb
SHA1 e68864b12de248e03cf250c872f7c8a808d5173e
SHA256 b7707af20c0e34801592b44945a96de4c726893e9a39e6a9ce8e1c22208664e0
ssdeep
768:vYvuyrOpbnbcuyD7U23g5GrWkA7iNDv58sj+iVI6E6D:7Nbnouy8CNpJiUJVXE6D

imphash 1c0f4de5231513bd930ec9a23a16ca68
File size 40.6 KB ( 41612 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 EXE Yoda's Crypter (75.6%)
Win32 Executable (generic) (12.8%)
Generic Win/DOS Executable (5.7%)
DOS Executable Generic (5.6%)
VXD Driver (0.0%)
Tags
peexe upx

VirusTotal metadata
First submission 2013-09-25 22:08:51 UTC ( 6 months, 3 weeks ago )
Last submission 2014-01-01 20:04:19 UTC ( 3 months, 2 weeks ago )
File names 15477391
IEUpdate.exe
output.15477391.txt
Trojan-Downloader.Win32.Agent.hdor.exe
ChromeUpdate.exe
FirefoxUpdate.exe
file-6013513_
VirusShare_2e899f619c9582e79621912524a0bafb
4806950ffd3662158327c43a593018f429abdbf1
b7707af20c0e34801592b44945a96de4c726893e9a39e6a9ce8e1c22208664e0
Advanced heuristic and reputation engines
ClamAV PUA
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: http://www.clamav.net/index.php?s=pua&lang=en .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!