× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: b883c1b316527365bf6991efc913af20a9f79b503ad77364c6475b936e837ea0
File name: VirusShare_022201f028b6e77c02440e6b5f1d99dc
Detection ratio: 63 / 67
Analysis date: 2018-07-27 09:24:06 UTC ( 3 weeks ago )
Antivirus Result Update
Ad-Aware Trojan.Generic.4097795 20180727
AegisLab Troj.Spy.W32.SCKeyLog.au!c 20180727
AhnLab-V3 Unwanted/Win32.Keylogger.R1230 20180727
ALYac Trojan.Generic.4097795 20180727
Antiy-AVL Trojan[Spy]/Win32.SCKeyLog 20180726
Arcabit Trojan.Generic.D3E8703 20180727
Avast Win32:Spyware-gen [Spy] 20180727
AVG Win32:Spyware-gen [Spy] 20180727
Avira (no cloud) TR/SCKeylog.H 20180727
AVware Trojan.Win32.Generic!SB.0 20180727
Baidu Win32.Trojan-Spy.Agent.m 20180726
BitDefender Trojan.Generic.4097795 20180727
Bkav W32.SCKeylogH.Trojan 20180726
CAT-QuickHeal TrojanSpy.SCKey.A4 20180725
ClamAV Win.Spyware.202-2 20180727
CMC Trojan-Spy.Win32.SCKeyLog!O 20180727
Comodo TrojWare.Win32.Spy.SCKeyLog.O 20180727
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20180723
Cybereason malicious.028b6e 20180225
Cylance Unsafe 20180727
Cyren W32/SCkeylogger.IHYA-9115 20180727
DrWeb Trojan.SCKeyLog.20 20180727
Emsisoft Trojan.Generic.4097795 (B) 20180727
Endgame malicious (high confidence) 20180710
ESET-NOD32 Win32/Spy.SCKeyLog.O 20180727
F-Prot W32/SCkeylogger.D 20180727
F-Secure Trojan.Generic.4097795 20180727
Fortinet W32/Sckeylog.O!tr 20180727
GData Trojan.Generic.4097795 20180727
Sophos ML heuristic 20180717
Jiangmin TrojanSpy.SCKeyLog.ef 20180727
K7AntiVirus Spyware ( 0000b10d1 ) 20180727
K7GW Spyware ( 0000b10d1 ) 20180727
Kaspersky Trojan-Spy.Win32.SCKeyLog.au 20180727
Kingsoft Win32.Troj.SCKeyLog.ax.(kcloud) 20180727
Malwarebytes Trojan.KeyLogger 20180727
MAX malware (ai score=100) 20180727
McAfee Keylog-SClog 20180727
McAfee-GW-Edition BehavesLike.Win32.PWSOnlineGames.pm 20180727
Microsoft TrojanSpy:Win32/SCKeyLog.O 20180727
eScan Trojan.Generic.4097795 20180727
NANO-Antivirus Trojan.Win32.SCKeyLog.epgf 20180727
Palo Alto Networks (Known Signatures) generic.ml 20180727
Panda Trj/Genetic.gen 20180726
Qihoo-360 Malware.Radar01.Gen 20180727
Rising Trojan.Spy.ScrSaver.a (CLOUD) 20180727
SentinelOne (Static ML) static engine - malicious 20180701
Sophos AV Troj/SCKeyLog-O 20180727
SUPERAntiSpyware Trojan.Agent/Gen-Dropper[IEFav] 20180727
Symantec Spyware.SCKeyLogger 20180727
TACHYON Trojan-Spy/W32.SCKeyLog.44757 20180727
Tencent Trojan.Win32.SCKeyLog.aaa 20180727
TheHacker Trojan/Spy.SCKeyLog.au 20180726
TotalDefense Win32/SCKeylog.M 20180727
TrendMicro TSPY_SCKEYLOG.P 20180727
TrendMicro-HouseCall TSPY_SCKEYLOG.P 20180727
VBA32 OScope.Trojan-Spy.Win32.SCKeyLog.d 20180726
VIPRE Trojan.Win32.Generic!SB.0 20180727
ViRobot Trojan.Win32.A.SCKeyLog.29184 20180727
Webroot System.Monitor.Sc.Keylogger 20180727
Yandex TrojanSpy.SCKeyLog!MYQVzWmqzaA 20180725
ZoneAlarm by Check Point Trojan-Spy.Win32.SCKeyLog.au 20180727
Zoner Spyware.SCKeyLog 20180726
Alibaba 20180713
Avast-Mobile 20180727
Babable 20180725
eGambit 20180727
Trustlook 20180727
Zillya 20180726
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
PEiD Armadillo v1.71
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2004-09-15 07:59:51
Entry Point 0x0000862E
Number of sections 4
PE sections
Overlays
MD5 4967928685705284129dedf5f6bd5071
File type application/x-ms-dos-executable
Offset 29184
Size 15573
Entropy 5.39
PE imports
SetSecurityDescriptorDacl
RegCloseKey
GetUserNameA
InitializeSecurityDescriptor
RegSetValueExA
RegDeleteValueA
RegCreateKeyExA
RegOpenKeyExA
GetLastError
GetFileAttributesA
WaitForSingleObject
FreeLibrary
GetVersionExA
LoadLibraryA
GetModuleFileNameA
GetStartupInfoA
GetPrivateProfileStringA
GetFileSize
SetFileTime
DeleteFileA
GetProcAddress
GetFileTime
GetTempPathA
CreateThread
GetModuleHandleA
FindFirstFileA
WriteFile
CloseHandle
GetTempFileNameA
GetComputerNameA
FindNextFileA
GetSystemDirectoryA
SetFileAttributesA
CreateProcessA
CreateEventA
FindClose
Sleep
CreateFileA
OpenEventA
__p__fmode
malloc
_mbsnbcpy
??0exception@@QAE@ABV0@@Z
rand
??1type_info@@UAE@XZ
fread
??0exception@@QAE@ABQBD@Z
strcat
__dllonexit
memset
fopen
strlen
_except_handler3
_itoa
_mbsrchr
??2@YAPAXI@Z
fwrite
fseek
_mbscmp
fclose
_onexit
fputs
ftell
isalpha
exit
_XcptFilter
_ftol
__setusermatherr
__p__commode
localtime
_acmdln
_mbsicmp
_CxxThrowException
??1exception@@UAE@XZ
_adjust_fdiv
??3@YAXPAX@Z
free
_msize
_mbsinc
_mbschr
atoi
_mbsstr
__getmainargs
realloc
_exit
sprintf
__CxxFrameHandler
_mbsrev
difftime
memmove
memcpy
strcpy
_mbsnbcmp
time
_initterm
_controlfp
_EH_prolog
strftime
__set_app_type
SHGetPathFromIDListA
SHGetSpecialFolderLocation
SHGetMalloc
MessageBoxA
gethostname
socket
closesocket
inet_addr
send
WSACleanup
WSAStartup
gethostbyname
connect
htons
recv
WSAGetLastError
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2004:09:15 07:59:51+00:00

FileType
Win32 EXE

PEType
PE32

CodeSize
18944

LinkerVersion
6.0

EntryPoint
0x862e

InitializedDataSize
10240

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 022201f028b6e77c02440e6b5f1d99dc
SHA1 b3bd629e5e83d35ab4f935467dfe470411c243ff
SHA256 b883c1b316527365bf6991efc913af20a9f79b503ad77364c6475b936e837ea0
ssdeep
768:3PJadenAqtYQnaXH96rV2kllriFqR7Atmqfvfj7sMC72ZWzFwKF/Kppla:3PnAClrVLTrEqNAxvXsf7rzV/KpXa

authentihash 2493dff7542bd81ee9f4e231c61ae48c96cf936dbb6891680e2dfbfba3f79fe7
imphash d3f4a309051d3a10e862d10883816727
File size 43.7 KB ( 44757 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (50.8%)
Windows screen saver (21.3%)
Win32 Dynamic Link Library (generic) (10.7%)
Win32 Executable (generic) (7.3%)
OS/2 Executable (generic) (3.3%)
Tags
peexe armadillo overlay

VirusTotal metadata
First submission 2010-08-16 23:25:29 UTC ( 8 years ago )
Last submission 2018-07-27 09:24:06 UTC ( 3 weeks ago )
File names 1039801
b3bd629e5e83d35ab4f935467dfe470411c243ff.bin
aa
VirusShare_022201f028b6e77c02440e6b5f1d99dc
VuLanpro.com
VirusShare_022201f028b6e77c02440e6b5f1d99dc
2hsk.txt
ODLeln.xlt
022201F028B6E77C02440E6B5F1D99DC
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!