× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: bedadff09f51a065754c7c06bd5c5e725ec43045fea9adb6d3434c40f8f50fed
File name: bedadff09f51a065754c7c06bd5c5e725ec43045fea9adb6d3434c40f8f50fed.vir
Detection ratio: 48 / 56
Analysis date: 2016-01-18 01:41:02 UTC ( 2 years, 10 months ago )
Antivirus Result Update
Ad-Aware Backdoor.Tofsee.Gen 20160117
Yandex Trojan.Injector!6Qsh//gcRGg 20160117
AhnLab-V3 Worm/Win32.Kolab 20160117
ALYac Backdoor.Tofsee.Gen 20160117
Arcabit Backdoor.Tofsee.Gen 20160117
Avast Win32:Injector-TD [Trj] 20160117
AVG Dropper.Generic.BTWM 20160117
Avira (no cloud) BDS/Backdoor.Gen3 20160117
AVware Trojan.Win32.Generic!BT 20160111
Baidu-International Worm.Win32.Palevo.ckpn 20160117
BitDefender Backdoor.Tofsee.Gen 20160117
Bkav W32.GobackXA.Worm 20160116
ClamAV Win.Trojan.Kolab-32 20160117
CMC P2P-Worm.Win32.Palevo!O 20160111
Comodo TrojWare.Win32.Injector.A 20160118
Cyren W32/Risk.YJQT-3013 20160118
DrWeb Win32.HLLW.Lime.8 20160118
Emsisoft Backdoor.Tofsee.Gen (B) 20160118
ESET-NOD32 a variant of Win32/Injector.UYU 20160117
F-Prot W32/MalwareF.AKEX 20160118
F-Secure Backdoor.Tofsee.Gen 20160118
Fortinet W32/Injector.TD!tr 20160118
GData Backdoor.Tofsee.Gen 20160118
Ikarus Net-Worm.Win32.Kolab 20160117
Jiangmin Worm/Kolab.asv 20160117
K7AntiVirus Backdoor ( 04c4ee091 ) 20160117
K7GW Backdoor ( 04c4ee091 ) 20160117
Kaspersky P2P-Worm.Win32.Palevo.ckpn 20160118
McAfee Artemis!03B1E63BAAA4 20160118
McAfee-GW-Edition BehavesLike.Win32.Downloader.dh 20160118
Microsoft VirTool:Win32/CeeInject 20160118
eScan Backdoor.Tofsee.Gen 20160118
NANO-Antivirus Trojan.Win32.Kolab.rpcb 20160118
nProtect Worm/W32.Kolab.241159.B 20160115
Panda Generic Malware 20160117
Qihoo-360 Win32/Worm.P2P-Worm.a71 20160118
Rising PE:Malware.Generic/QRS!1.9E2D [F] 20160117
Sophos AV Troj/Rimecud-DM 20160118
Symantec Trojan Horse 20160117
Tencent Win32.Worm-p2p.Palevo.Fhx 20160118
TheHacker W32/Kolab.gor 20160116
TotalDefense Win32/IRCBot.A!generic 20160117
TrendMicro WORM_RIMECUD.SMQ 20160118
TrendMicro-HouseCall WORM_RIMECUD.SMQ 20160118
VBA32 BScope.Trojan.Bofa.01 20160117
VIPRE Trojan.Win32.Generic!BT 20160118
ViRobot Worm.Win32.Net-Kolab.241159.C[h] 20160117
Zillya Worm.Palevo.Win32.88617 20160117
AegisLab 20160117
Alibaba 20160115
Antiy-AVL 20160117
ByteHero 20160118
CAT-QuickHeal 20160116
Malwarebytes 20160118
SUPERAntiSpyware 20160117
Zoner 20160117
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2010-02-06 08:32:14
Entry Point 0x0001E1AC
Number of sections 3
PE sections
Overlays
MD5 0b7310dfb3af05b98c3e0129add3c26b
File type data
Offset 135168
Size 105991
Entropy 8.00
PE imports
GetStartupInfoA
LoadLibraryA
lstrlenA
GetCurrentProcessId
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
ExitProcess
GetCurrentThreadId
GetProcAddress
GetModuleHandleA
__p__fmode
malloc
_acmdln
memset
__dllonexit
_except_handler3
_c_exit
_onexit
_amsg_exit
exit
_XcptFilter
__setusermatherr
__p__commode
_cexit
_ismbblead
_adjust_fdiv
??3@YAXPAX@Z
__security_error_handler
atoi
free
__getmainargs
_exit
_initterm
_controlfp
__set_app_type
wsprintfA
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2010:02:06 08:32:14+00:00

FileType
Win32 EXE

PEType
PE32

CodeSize
122880

LinkerVersion
7.1

FileTypeExtension
exe

InitializedDataSize
8192

SubsystemVersion
4.0

EntryPoint
0x1e1ac

OSVersion
4.0

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 03b1e63baaa4d957a4f0b704e4dfcf88
SHA1 a95309cb66ccc2f5a63e7eefaafab7b3ef94ce68
SHA256 bedadff09f51a065754c7c06bd5c5e725ec43045fea9adb6d3434c40f8f50fed
ssdeep
6144:Nmk/O3ts+77SKrZ2R6GBGgDYCDDXpr+mWetxZ91Jt:Nmk/OKE7VF2RjBGhCFF

authentihash 33dca152678ddd0e6181075e346b6018143d170556db98de074090ac4331c086
imphash 900484562eac952acb54c01e40db8af1
File size 235.5 KB ( 241159 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.4%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe overlay

VirusTotal metadata
First submission 2010-03-01 02:26:27 UTC ( 8 years, 8 months ago )
Last submission 2016-01-18 01:41:02 UTC ( 2 years, 10 months ago )
File names 03b1e63baaa4d957a4f0b704e4dfcf88
03B1E63BAAA4D957A4F0B704E4DFCF88
1267538336.63.exe
aa
bedadff09f51a065754c7c06bd5c5e725ec43045fea9adb6d3434c40f8f50fed.vir
TlfT1x6R.dot
pdmmsYXSLD.wsf
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!