× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: ba64acc4cf822561f3fe125a5ff013ea3039b0527b3528aa7f611dd5da1f9dc5
File name: VIRUS.WIN32.HERI.285.[RDR_1258474729].EXE
Detection ratio: 54 / 64
Analysis date: 2018-04-16 12:38:08 UTC ( 1 year, 1 month ago )
Antivirus Result Update
Ad-Aware Trojan.Generic.IS.104116 20180416
AegisLab Troj.Dropper.W32.Agent.biin!c 20180416
ALYac Trojan.Koobface.gen 20180416
Antiy-AVL Trojan[Dropper]/Win32.Agent 20180416
Arcabit Trojan.Generic.IS.D196B4 20180416
Avast Win32:MalOb-FE [Cryp] 20180416
AVG Win32:MalOb-FE [Cryp] 20180416
Avira (no cloud) TR/Drop.Koobface.MA 20180416
AVware Worm.Win32.Koobface.Gen.3 (v) 20180416
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9990 20180416
BitDefender Trojan.Generic.IS.104116 20180416
Bkav W32.OnlineGamezeHerG.Trojan 20180410
CMC Trojan-Dropper.Win32.Agent!O 20180416
Comodo TrojWare.Win32.TrojanDropper.Agent.APPR 20180416
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20170201
Cybereason malicious.c0a85b 20180225
Cylance Unsafe 20180416
Cyren W32/Agent.JYTS-4601 20180416
DrWeb Trojan.MulDrop.61535 20180416
Emsisoft Trojan.Generic.IS.104116 (B) 20180416
ESET-NOD32 Win32/Tinxy.AJ 20180416
F-Prot W32/Agent.IJN 20180416
F-Secure Trojan.Generic.IS.104116 20180416
Fortinet W32/PackKoobface.A!worm 20180416
GData Trojan.Generic.IS.104116 20180416
Ikarus Trojan-Dropper.Win32.Agent 20180416
Sophos ML heuristic 20180120
Jiangmin TrojanDropper.Agent.acbf 20180416
K7AntiVirus Trojan ( 004d0d7d1 ) 20180416
K7GW Trojan ( 004d0d7d1 ) 20180416
MAX malware (ai score=100) 20180416
McAfee W32/Koobface.worm.gen.d 20180416
McAfee-GW-Edition W32/Koobface.worm.gen.d 20180416
Microsoft TrojanDropper:Win32/Koobface.M 20180416
eScan Trojan.Generic.IS.104116 20180416
NANO-Antivirus Trojan.Win32.Agent.botig 20180416
Panda W32/Koobface.GF.worm 20180415
Qihoo-360 Win32/Trojan.b7f 20180416
Rising Worm.Win32.Koobface.he (CLASSIC) 20180416
SentinelOne (Static ML) static engine - malicious 20180225
Sophos AV W32/KoobFa-N 20180416
SUPERAntiSpyware Trojan.Agent/Gen-Koobface 20180416
Symantec Trojan.Dropper 20180416
Tencent Win32.Trojan-dropper.Agent.Amlt 20180416
TheHacker Trojan/Dropper.Agent.biin 20180415
TotalDefense Win32/Droplet.TU 20180416
TrendMicro WORM_PKOOBF.SMB 20180416
TrendMicro-HouseCall WORM_PKOOBF.SMB 20180416
VBA32 Malware-Cryptor.Inject.gen 20180414
VIPRE Worm.Win32.Koobface.Gen.3 (v) 20180416
ViRobot Dropper.Agent.92672 20180416
Webroot Trojan.Gen 20180416
Zillya Dropper.Agent.Win32.24999 20180413
ZoneAlarm by Check Point Trojan-Dropper.Win32.Agent.biin 20180416
AhnLab-V3 20180416
Alibaba 20180416
Avast-Mobile 20180416
CAT-QuickHeal 20180416
eGambit 20180416
Kingsoft 20180416
Malwarebytes 20180416
nProtect 20180416
Palo Alto Networks (Known Signatures) 20180416
Symantec Mobile Insight 20180411
Trustlook 20180416
WhiteArmor 20180408
Zoner 20180416
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (C) LogMeIn Inc. 2003-2008

Product Hamachi Uninstaller
Original name uninstall.exe
Internal name uninstaller
File version 1, 0, 3, 0
Description Hamachi Uninstaller
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2005-04-03 04:30:33
Entry Point 0x000010DF
Number of sections 4
PE sections
Overlays
MD5 f09f35a5637839458e462e6350ecbce4
File type ASCII text
Offset 92544
Size 128
Entropy 0.00
PE imports
HeapFree
GetStdHandle
LCMapStringW
SetHandleCount
FreeLibrary
LCMapStringA
HeapDestroy
ExitProcess
IsBadWritePtr
GetEnvironmentStringsW
GetModuleFileNameA
RtlUnwind
LoadLibraryA
FreeEnvironmentStringsA
GetStartupInfoA
GetEnvironmentStrings
GetCPInfo
UnhandledExceptionFilter
MultiByteToWideChar
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
WideCharToMultiByte
GetStringTypeA
GetModuleHandleA
WriteFile
GetCurrentProcess
GetACP
HeapReAlloc
GetStringTypeW
GetOEMCP
TerminateProcess
HeapCreate
VirtualFree
GetFileType
HeapAlloc
GetVersion
VirtualAlloc
Number of PE resources by type
RT_ICON 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 3
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2005:04:03 04:30:33+00:00

FileType
Win32 EXE

PEType
PE32

CodeSize
78336

LinkerVersion
7.1

FileTypeExtension
exe

InitializedDataSize
11776

SubsystemVersion
4.0

EntryPoint
0x10df

OSVersion
5.1

ImageVersion
5.1

UninitializedDataSize
14848

File identification
MD5 ea9173cc0a85b804e6d7b764deeb0bbf
SHA1 f993ec082306fb217208aefeb458607b1f4a8677
SHA256 ba64acc4cf822561f3fe125a5ff013ea3039b0527b3528aa7f611dd5da1f9dc5
ssdeep
1536:TS+nYNBrA230fRqq9miUadOZo+BKVxT19N+wnZjo4tIm8wqoBIux3:TBMG2kJ3OrZvEVxT/N+wZV60IS

authentihash dc4a2ac17d993d37839cbda755e2a192d0afcc95811f179aa5d722a570bb5106
imphash 803aa9ae1c8f91e14393d92c8f703a66
File size 90.5 KB ( 92672 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (64.5%)
Win32 Dynamic Link Library (generic) (13.6%)
Win32 Executable (generic) (9.3%)
OS/2 Executable (generic) (4.1%)
Generic Win/DOS Executable (4.1%)
Tags
peexe overlay

VirusTotal metadata
First submission 2009-11-16 22:35:57 UTC ( 9 years, 6 months ago )
Last submission 2018-04-16 12:38:08 UTC ( 1 year, 1 month ago )
File names 319534
319241
318609
319248
319323
319080
318835
320771
smona127117461534397121108
360098
318739
318991
318333
-jUKjD8
319507
f993ec082306fb217208aefeb458607b1f4a8677_index.ex
319136
318287
318723
318530
319643
319433
318924
319649
v2prx.exe.txt
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!