× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: bb94e60c2f973cd85d92e4ef132bf1e9832ba8f4371bcefbb811217fbde58739
File name: VirusShare_04cd1448c48ecc4bd1de510712ac93ef
Detection ratio: 55 / 69
Analysis date: 2019-01-04 05:26:05 UTC ( 4 months, 2 weeks ago )
Antivirus Result Update
Acronis suspicious 20181227
Ad-Aware Gen:Variant.Kazy.369116 20190104
AhnLab-V3 Trojan/Win32.Banker.R4029 20190104
ALYac Gen:Variant.Kazy.369116 20190104
Antiy-AVL Trojan[Downloader]/Win32.Agent 20190104
Arcabit Trojan.Kazy.D5A1DC 20190103
Avast FileRepMetagen [Malware] 20190103
AVG FileRepMetagen [Malware] 20190104
Avira (no cloud) TR/Crypt.XPACK.Gen 20190104
BitDefender Gen:Variant.Kazy.369116 20190104
ClamAV Win.Trojan.Agent-593701 20190104
Comodo TrojWare.Win32.PSW.Ldpinch.~NNT@1op6ij 20190104
CrowdStrike Falcon (ML) malicious_confidence_60% (D) 20181022
Cybereason malicious.8c48ec 20180225
Cylance Unsafe 20190104
Cyren W32/SuspPack.G.gen!Eldorado 20190104
DrWeb Trojan.Siggen.471 20190104
Emsisoft Gen:Variant.Kazy.369116 (B) 20190104
Endgame malicious (high confidence) 20181108
ESET-NOD32 Win32/KillAV.NJT 20190104
F-Prot W32/SuspPack.G.gen!Eldorado 20190104
F-Secure Trojan-Spy:W32/Banker.JGT 20190104
Fortinet W32/FakeAV.FE!tr 20190104
GData Gen:Variant.Kazy.369116 20190104
Ikarus Trojan-Downloader.Win32.Homa 20190104
Sophos ML heuristic 20181128
Jiangmin TrojanDownloader.Agent.cwwa 20190104
K7AntiVirus Trojan-Downloader ( 002e302e1 ) 20190103
K7GW Trojan-Downloader ( 002e302e1 ) 20190104
Kaspersky HEUR:Trojan.Win32.Generic 20190104
Malwarebytes Trojan.Agent 20190104
MAX malware (ai score=98) 20190104
McAfee Generic Downloader.il 20190104
McAfee-GW-Edition BehavesLike.Win32.Generic.fc 20190104
Microsoft TrojanSpy:Win32/Bancos 20190104
eScan Gen:Variant.Kazy.369116 20190104
NANO-Antivirus Trojan.Win32.MLW.bxvbf 20190104
Panda Generic Malware 20190103
Qihoo-360 HEUR/Malware.QVM19.Gen 20190104
Rising Malware.Heuristic!ET#100% (RDM+:cmRtazrB5OpMDrbQxUPAz0C+PlHN) 20190104
SentinelOne (Static ML) static engine - malicious 20181223
Sophos AV Mal/EncPk-DZ 20190104
SUPERAntiSpyware Trojan.Agent/Gen-Banker 20190102
Symantec ML.Attribute.HighConfidence 20190104
Tencent Win32.Trojan-Downloader.Agent.bvh 20190104
TheHacker Trojan/Downloader.Agent.fdwe 20181230
TotalDefense Win32/SillyDl.PVN!packed 20190103
Trapmine malicious.high.ml.score 20190103
TrendMicro TROJ_DLOADER.CII 20190104
TrendMicro-HouseCall TROJ_DLOADER.CII 20190104
VBA32 TScope.Malware-Cryptor.SB 20181229
Webroot W32.Trojan.Gen 20190104
Yandex Trojan.DL.Agent!xdHdtqRN/mg 20181229
Zillya Downloader.Agent.Win32.85689 20190103
ZoneAlarm by Check Point HEUR:Trojan.Win32.Generic 20190104
AegisLab 20190104
Alibaba 20180921
Avast-Mobile 20190103
Babable 20180918
Baidu 20190102
Bkav 20190103
CAT-QuickHeal 20190103
CMC 20190103
Kingsoft 20190104
Palo Alto Networks (Known Signatures) 20190104
TACHYON 20190104
Trustlook 20190104
ViRobot 20190103
Zoner 20190104
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
F-PROT NTKrnl
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2001-08-17 20:52:32
Entry Point 0x00001061
Number of sections 2
PE sections
PE imports
LoadLibraryA
GetProcAddress
Number of PE resources by type
Struct(63) 3
RT_ICON 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 3
PORTUGUESE BRAZILIAN 2
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

SubsystemVersion
4.0

MachineType
Intel 386 or later, and compatibles

TimeStamp
2001:08:17 21:52:32+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
847872

LinkerVersion
7.16

FileTypeExtension
exe

InitializedDataSize
0

ImageFileCharacteristics
Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi

EntryPoint
0x1061

OSVersion
4.0

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 04cd1448c48ecc4bd1de510712ac93ef
SHA1 e7effa667d9439021c5160eeb8bbf254a47e145f
SHA256 bb94e60c2f973cd85d92e4ef132bf1e9832ba8f4371bcefbb811217fbde58739
ssdeep
6144:csJVEE+TPCzJKYhD/BojrFjxjCQcZTz/b3Dd8OZCX7TdWMgtjc7rETso0:cs/ATPUKYZBojjdcZTPx8ACX70MUjcg0

authentihash 2a5e3b85a0f0bfa91d5e58b6a4adf468be2d617426f79008c7e6a416c3864818
imphash 87bed5a7cba00c7e1f4015f1bdae2183
File size 351.5 KB ( 359936 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe ntkrnl

VirusTotal metadata
First submission 2011-03-22 11:53:22 UTC ( 8 years, 2 months ago )
Last submission 2019-01-04 05:26:05 UTC ( 4 months, 2 weeks ago )
File names 5Y7NuV.tar
aa
04cd1448c48ecc4bd1de510712ac93ef
mecdemo.jpg
mserlist.exe.vir
VirusShare_04cd1448c48ecc4bd1de510712ac93ef
sUFrDm8mTJ.lnk
bb94e60c2f973cd85d92e4ef132bf1e9832ba8f4371bcefbb811217fbde58739.bin
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!