× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: bb74e510b5109335fe5042d76c81bd105c1e6723c4c8245372629d7dca7972ba
File name: xrBNtVeZFY.bmp
Detection ratio: 20 / 39
Analysis date: 2010-02-08 11:04:45 UTC ( 8 years, 9 months ago )
Antivirus Result Update
a-squared Backdoor.Win32.Refpron!IK 20100208
AntiVir BDS/Refpron.35840D.5 20100208
Avast Win32:Malware-gen 20100208
AVG BackDoor.Generic12.AESG 20100207
eSafe Win32.BackdoorRefpro 20100207
GData Win32:Malware-gen 20100208
Ikarus Backdoor.Win32.Refpron 20100208
K7AntiVirus Trojan.Win32.Malware.1 20100206
McAfee Refpron.gen.m 20100207
McAfee+Artemis Refpron.gen.m 20100207
McAfee-GW-Edition Heuristic.LooksLike.Trojan.Backdoor.Refpron.35840D.H 20100208
Microsoft Backdoor:Win32/Refpron.gen!D 20100208
Panda Trj/Downloader.MDW 20100207
PCTools Backdoor.Trojan 20100208
Prevx Medium Risk Malware 20100208
Rising Backdoor.Win32.Meb.b 20100208
Sophos AV Mal/Generic-A 20100208
Sunbelt Trojan.Win32.Generic!BT 20100207
VBA32 BScope.Trojan-Downloader.073 20100208
VirusBuster Backdoor.Refpron.CKN 20100207
AhnLab-V3 20100208
Antiy-AVL 20100208
Authentium 20100207
BitDefender 20100208
CAT-QuickHeal 20100208
ClamAV 20100208
Comodo 20100208
DrWeb 20100208
eTrust-Vet 20100208
F-Prot 20100207
Fortinet 20100208
Jiangmin 20100208
Kaspersky 20100208
NOD32 20100208
Norman 20100207
nProtect 20100208
TheHacker 20100208
TrendMicro 20100208
ViRobot 20100208
The file being studied is a Portable Executable file! More specifically, it is a unknown file.
PE header basic information
Number of sections 8
PE sections
PE imports
GetCurrentThreadId
MultiByteToWideChar
ExitProcess
UnhandledExceptionFilter
RtlUnwind
RaiseException
TlsSetValue
TlsGetValue
LocalAlloc
GetModuleHandleA
FreeLibrary
HeapFree
HeapReAlloc
HeapAlloc
GetProcessHeap
FreeLibrary
LoadLibraryA
GetProcAddress
SysFreeString
SysAllocStringLen
File identification
MD5 e203ab11df4c8e1c4030a410e03b97a9
SHA1 354d76c49c8405e821231e8fda21b0375b578d09
SHA256 bb74e510b5109335fe5042d76c81bd105c1e6723c4c8245372629d7dca7972ba
ssdeep
384:T6g/I/8UYWnfTJiww0VSwpCilJHSWmXp7kH1pS4rlJyPRSuBrmHtUAYsAIM8xrAj:2FxXk0Px8yPrlsPRSErXN6rAmm/

File size 35.0 KB ( 35840 bytes )
File type unknown
Magic literal

TrID Win32 Executable Borland Delphi 6 (92.2%)
Win32 Executable Generic (2.9%)
Win32 Dynamic Link Library (generic) (2.6%)
Win16/32 Executable Delphi generic (0.7%)
Generic Win/DOS Executable (0.7%)
VirusTotal metadata
First submission 2010-01-29 07:21:08 UTC ( 8 years, 9 months ago )
Last submission 2010-02-08 11:04:45 UTC ( 8 years, 9 months ago )
File names q9Jgy.wbs
xrBNtVeZFY.bmp
Behaviour characterization
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!