× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: bb12fc4943857d8b8df1ea67eecc60a8791257ac3be12ae44634ee559da91bc0
File name: sopp.exe
Detection ratio: 18 / 46
Analysis date: 2013-01-15 08:13:17 UTC ( 6 years ago ) View latest
Antivirus Result Update
AntiVir TR/Downloader.Gen 20130115
Avast Win32:Malware-gen 20130115
AVG unknown virus Win32/DH{MSADYQ8eJCIl} 20130115
BitDefender Gen:Trojan.Heur.PT.emGfb0ss41ai 20130115
DrWeb DLOADER.Trojan 20130115
Emsisoft Gen:Trojan.Heur.PT.emGfb0ss41ai (B) 20130115
ESET-NOD32 probably unknown NewHeur_PE 20130114
F-Secure Gen:Trojan.Heur.PT.emGfb0ss41ai 20130115
GData Gen:Trojan.Heur.PT.emGfb0ss41ai 20130115
Kaspersky HEUR:Trojan.Win32.Generic 20130115
Microsoft Trojan:Win32/Malex.gen!E 20130115
eScan Gen:Trojan.Heur.PT.emGfb0ss41ai 20130115
Norman W32/Malware 20130114
Rising Suspicious 20130115
Sophos AV Mal/TinyDL-T 20130115
TheHacker Posible_Worm32 20130115
TrendMicro PAK_Generic.001 20130115
TrendMicro-HouseCall PAK_Generic.001 20130115
Yandex 20130114
AhnLab-V3 20130114
Antiy-AVL 20130114
ByteHero 20130114
CAT-QuickHeal 20130115
ClamAV 20130115
Commtouch 20130115
Comodo 20130115
eSafe 20130113
F-Prot 20130115
Fortinet 20130115
Ikarus 20130115
Jiangmin 20121221
K7AntiVirus 20130114
Kingsoft 20130115
Malwarebytes 20130115
McAfee 20130115
McAfee-GW-Edition 20130115
NANO-Antivirus 20130115
nProtect 20130115
Panda 20130114
PCTools 20130115
SUPERAntiSpyware 20130115
Symantec 20130115
TotalDefense 20130115
VBA32 20130114
VIPRE 20130115
ViRobot 20130115
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
F-PROT UPX
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-12-21 23:30:50
Entry Point 0x0002EBB0
Number of sections 3
PE sections
PE imports
VirtualFree
ExitProcess
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
ShellExecuteA
MessageBoxA
closesocket
URLDownloadToFileA
Number of PE resources by type
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2012:12:22 00:30:50+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
69632

LinkerVersion
10.0

ImageFileCharacteristics
Executable, 32-bit

EntryPoint
0x2ebb0

InitializedDataSize
4096

SubsystemVersion
5.1

ImageVersion
0.0

OSVersion
5.1

UninitializedDataSize
118784

Compressed bundles
File identification
MD5 a99d5d1652dfcda190c3d412828dcf6d
SHA1 7536f3f518825b4d66b5fa34bbb2782e5deb1038
SHA256 bb12fc4943857d8b8df1ea67eecc60a8791257ac3be12ae44634ee559da91bc0
ssdeep
1536:BzU0dCfLtTb1C67NOySIcz7wDn80mF8hyN1H+tLVHT5ew56abpeqE:1FdCfZHP7A9BSn8NBHyLpTZZbn

authentihash 658a4d7ff2b57d7d0c98d23a0a486fe2b5cba05aad707ec8fddad99e3ef679d1
imphash 4db1a1b4d911969b295c071dde216e7e
File size 69.5 KB ( 71168 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID UPX compressed Win32 Executable (38.2%)
Win32 EXE Yoda's Crypter (37.5%)
Win32 Dynamic Link Library (generic) (9.2%)
Win32 Executable (generic) (6.3%)
OS/2 Executable (generic) (2.8%)
Tags
peexe upx

VirusTotal metadata
First submission 2013-01-15 08:12:00 UTC ( 6 years ago )
Last submission 2016-08-18 12:10:01 UTC ( 2 years, 5 months ago )
File names a99d5d1652dfcda190c3d412828dcf6d
file-5181062_exe
sopp.exe
bb12fc4943857d8b8df1ea67eecc60a8791257ac3be12ae44634ee559da91bc0
vti-rescan
svchost.exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!