× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: bf679313741fe95cee973d63929c263b02c7ddf1786f0495d9c45fb03d5acac4
File name: file
Detection ratio: 40 / 45
Analysis date: 2013-08-06 15:18:27 UTC ( 4 years, 2 months ago )
Antivirus Result Update
Yandex Trojan.Vnfraye!ZphwYheYjUY 20130805
AhnLab-V3 Trojan/Win32.Agent 20130806
AntiVir BDS/Vertex.A 20130806
Antiy-AVL Trojan/Win32.Agent2.gen 20130806
Avast Win32:Agent-APFQ [Trj] 20130806
AVG Generic32.XSA 20130806
BitDefender Trojan.Generic.6490082 20130806
CAT-QuickHeal Trojan.Dusvext.A5 20130806
Commtouch W32/Dusvext.JEML-8693 20130806
Comodo Backdoor.Win32.Amtar.vna 20130806
DrWeb BackDoor.Vertex.25 20130806
Emsisoft Trojan.Generic.6490082 (B) 20130806
ESET-NOD32 Win32/Vnfraye.A 20130806
F-Prot W32/Dusvext.A 20130806
Fortinet W32/Vnfraye.AAA!tr 20130806
GData Trojan.Generic.6490082 20130806
Ikarus Trojan.SuspectCRC 20130806
Jiangmin Trojan/Agent.gzsh 20130806
K7AntiVirus Trojan 20130806
K7GW Trojan 20130806
Kaspersky Trojan.Win32.Agent2.fkmt 20130806
Kingsoft Win32.Troj.Agent2.(kcloud) 20130723
McAfee PWS-Zbot.gen.ajw 20130806
McAfee-GW-Edition Heuristic.LooksLike.Win32.Suspicious.I 20130806
Microsoft Trojan:Win32/Dusvext.A 20130806
eScan Trojan.Generic.6490082 20130806
NANO-Antivirus Trojan.Win32.MLW.cptkp 20130806
Norman Vertex.A 20130806
Panda Generic Trojan 20130806
Rising Suspicious 20130806
Sophos AV Troj/Agent-SUP 20130806
SUPERAntiSpyware Trojan.Agent/Gen-Patcher 20130806
Symantec WS.Reputation.1 20130806
TheHacker Trojan/Agent2.elli 20130805
TotalDefense Win32/Tnega.AGBV 20130806
TrendMicro TROJ_DUSVEXT.SM 20130806
TrendMicro-HouseCall TROJ_DUSVEXT.SM 20130806
VBA32 BackDoor.Vertex.01368 20130806
VIPRE Trojan.Win32.Generic!BT 20130806
ViRobot Backdoor.Win32.IRCBot.146944.J 20130806
ByteHero 20130724
ClamAV 20130806
Malwarebytes 20130806
nProtect 20130806
PCTools 20130806
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2011-06-20 14:05:05
Entry Point 0x0000AF4A
Number of sections 5
PE sections
PE imports
RegOpenKeyExA
GetUserNameA
RegDeleteKeyA
GetCurrentHwProfileA
RegSetValueExA
GetStdHandle
GetFileAttributesA
WaitForSingleObject
EncodePointer
GetExitCodeProcess
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
UnhandledExceptionFilter
FreeEnvironmentStringsW
SetStdHandle
GetTempPathA
GetCPInfo
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
SetFileAttributesA
GetOEMCP
LoadResource
TlsGetValue
SetLastError
GetModuleFileNameW
CopyFileA
HeapAlloc
GetModuleFileNameA
HeapSetInformation
GetVolumeInformationA
Module32First
InterlockedDecrement
MultiByteToWideChar
CreateMutexA
CreateThread
Module32Next
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
ExitThread
DecodePointer
SetEnvironmentVariableA
TerminateProcess
SetEndOfFile
GetCurrentThreadId
LeaveCriticalSection
WriteConsoleW
CreateToolhelp32Snapshot
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
LoadLibraryW
SetEvent
QueryPerformanceCounter
GetTickCount
TlsAlloc
FlushFileBuffers
RtlUnwind
Process32Next
Process32First
DeleteFileA
GetWindowsDirectoryA
GetStartupInfoW
GetProcAddress
GetProcessHeap
CompareStringW
GetComputerNameA
GetTimeZoneInformation
CreateFileW
CreateEventA
IsDebuggerPresent
GetFileType
TlsSetValue
CreateFileA
ExitProcess
InterlockedIncrement
GetLastError
LCMapStringW
GetConsoleCP
GetEnvironmentStringsW
WinExec
SizeofResource
GetCurrentProcessId
LockResource
WideCharToMultiByte
HeapSize
GetCommandLineA
RaiseException
TlsFree
SetFilePointer
ReadFile
CloseHandle
GetACP
GetModuleHandleW
FreeResource
CreateProcessA
IsValidCodePage
HeapCreate
Sleep
FindResourceA
SHGetSpecialFolderPathA
ShellExecuteA
GetMessageA
MapVirtualKeyA
GetForegroundWindow
GetKeyboardState
SetWindowsHookExA
DispatchMessageA
MessageBoxA
ToAscii
TranslateMessage
GetWindowTextA
GetLastInputInfo
GetKeyState
CallNextHookEx
InternetReadFile
InternetOpenUrlA
InternetCloseHandle
InternetOpenA
Ord(3)
Ord(11)
Ord(10)
Ord(57)
Ord(23)
Ord(16)
Ord(116)
Ord(4)
Ord(115)
Ord(52)
Ord(19)
Ord(9)
URLDownloadToFileA
Number of PE resources by type
RT_RCDATA 10
RT_ICON 1
RT_MANIFEST 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL SYS DEFAULT 10
ENGLISH US 3
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2011:06:20 15:05:05+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
110080

LinkerVersion
10.0

EntryPoint
0xaf4a

InitializedDataSize
39424

SubsystemVersion
5.1

ImageVersion
0.0

OSVersion
5.1

UninitializedDataSize
0

File identification
MD5 aab21e11953aee66ff16772576ceaec0
SHA1 576910d3ae484144db32dd835594c605dac90a9d
SHA256 bf679313741fe95cee973d63929c263b02c7ddf1786f0495d9c45fb03d5acac4
ssdeep
3072:XsD2ADkpFGkTXlDJA6ba2esDetNxVgbTGV9X61:XplzpTVDVa2en/V6Mp

File size 147.0 KB ( 150528 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2012-06-16 04:27:01 UTC ( 5 years, 4 months ago )
Last submission 2012-06-24 10:49:36 UTC ( 5 years, 4 months ago )
File names aab21e11953aee66ff16772576c
Bot.exe
file
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!