× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: bbc3836b0d93db52c4d32cff2269376d5e9e3a5845cc47050b1081a8c12d7af6
File name: October.exe
Detection ratio: 20 / 46
Analysis date: 2013-11-26 15:18:26 UTC ( 4 months, 3 weeks ago ) View latest
Antivirus Result Update
AVG Luhe.Fiha.A 20131126
AhnLab-V3 Trojan/Win32.Zbot 20131126
AntiVir TR/Agent.BAWS 20131126
Avast Win32:Malware-gen 20131126
BitDefender Trojan.Agent.BAWS 20131126
Commtouch W32/Trojan.WTEK-0368 20131126
ESET-NOD32 Win32/TrojanDownloader.Waski.A 20131126
Emsisoft Trojan.Agent.BAWS (B) 20131126
F-Prot W32/Trojan2.OADW 20131126
F-Secure Trojan.Agent.BAWS 20131126
Fortinet W32/Zbot.CWYO!tr 20131126
GData Trojan.Agent.BAWS 20131126
Ikarus Trojan.Injector 20131126
Kaspersky UDS:DangerousObject.Multi.Generic 20131126
MicroWorld-eScan Trojan.Agent.BAWS 20131126
Sophos Troj/Agent-AEYI 20131126
Symantec Downloader 20131126
TheHacker Posible_Worm32 20131126
TrendMicro PAK_Generic.001 20131126
TrendMicro-HouseCall PAK_Generic.001 20131126
Agnitum 20131126
Antiy-AVL 20131126
Baidu-International 20131126
Bkav 20131126
ByteHero 20131126
CAT-QuickHeal 20131126
ClamAV 20131126
Comodo 20131126
DrWeb 20131126
Jiangmin 20131125
K7AntiVirus 20131126
K7GW 20131126
Kingsoft 20130829
Malwarebytes 20131126
McAfee 20131126
McAfee-GW-Edition 20131126
Microsoft 20131126
NANO-Antivirus 20131126
Norman 20131125
Panda 20131126
SUPERAntiSpyware 20131126
TotalDefense 20131126
VBA32 20131126
VIPRE 20131126
ViRobot 20131126
nProtect 20131126
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-11-25 21:43:22
Link date 10:43 PM 11/25/2013
Entry Point 0x0000D5C0
Number of sections 3
PE sections
PE imports
TextOutW
VirtualFree
ExitProcess
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
EndPaint
Number of PE resources by type
RT_ICON 1
RT_GROUP_ICON 1
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 3
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2013:11:25 22:43:22+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
20480

LinkerVersion
9.0

FileAccessDate
2014:03:06 09:28:56+01:00

EntryPoint
0xd5c0

InitializedDataSize
8192

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

FileCreateDate
2014:03:06 09:28:56+01:00

UninitializedDataSize
32768

File identification
MD5 36a685cf1436530686d1967b4a9d6680
SHA1 8491370c72095df2a94eeeb1d077057c7408de06
SHA256 bbc3836b0d93db52c4d32cff2269376d5e9e3a5845cc47050b1081a8c12d7af6
ssdeep
384:Zg4XHoHN+7n3rJNYyJaMzjxE+ydSAof/KUIiO8zWNMe26zCQ:b3vJNYyJaMxIdnG/KNl8Wmz

imphash 6801789d7db148dcab782feacf28ecfc
File size 24.0 KB ( 24576 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID UPX compressed Win32 Executable (42.3%)
Win32 EXE Yoda's Crypter (36.7%)
Win32 Dynamic Link Library (generic) (9.1%)
Win32 Executable (generic) (6.2%)
Generic Win/DOS Executable (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2013-11-25 22:45:04 UTC ( 4 months, 3 weeks ago )
Last submission 2013-12-11 04:22:30 UTC ( 4 months, 1 week ago )
File names 36a685cf1436530686d1967b4a9d6680
October.EX_
October.ex0
file-6258056_exe
bbc3836b0d93db52c4d32cff2269376d5e9e3a5845cc47050b1081a8c12d7af6
October.exe.malware
36a685cf1436530686d1967b4a9d6680.exe
October.exe
Advanced heuristic and reputation engines
ClamAV PUA
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: http://www.clamav.net/index.php?s=pua&lang=en .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!