× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: c0340f2035f4bcf286c8ce3b87cdba503e511e7f4995ae3e9cf6f9549ee65980
File name: OnMuz Fresh Update
Detection ratio: 38 / 57
Analysis date: 2015-10-21 01:31:17 UTC ( 3 years, 7 months ago )
Antivirus Result Update
Ad-Aware Adware.Generic.56007 20151022
Yandex Adware.Agent!SA80CMWDCus 20151021
AhnLab-V3 Win-Trojan/Xema.variant 20151021
ALYac Adware.Generic.56007 20151022
Antiy-AVL GrayWare[AdWare:not-a-virus]/Win32.Agent 20151022
Arcabit Adware.Generic.DDAC7 20151022
Avast Win32:Adware-gen [Adw] 20151022
AVG Generic3.PSJ 20151022
Avira (no cloud) ADSPY/Agent.eqs 20151022
AVware Trojan.Win32.Generic!BT 20151021
Baidu-International Trojan.Win32.Adload.hjxb 20151021
BitDefender Adware.Generic.56007 20151022
CAT-QuickHeal Trojan.Agent.r4 20151021
CMC Generic.Win32.cf9f4df024!CMCRadar 20151021
Comodo UnclassifiedMalware 20151022
Cyren W32/Risk.VEJJ-0814 20151022
DrWeb Adware.Siggen.2773 20151022
Emsisoft Adware.Generic.56007 (B) 20151022
F-Prot W32/MalwareF.OATP 20151022
F-Secure Adware.Generic.56007 20151022
Fortinet Adware/Agent 20151022
GData Adware.Generic.56007 20151022
Jiangmin Adware/Agent.cwn 20151021
Kaspersky Trojan-Downloader.Win32.Adload.hjxb 20151022
Kingsoft Win32.Troj.Agent.(kcloud) 20151022
McAfee Generic PUP.x 20151022
McAfee-GW-Edition Generic PUP.x 20151022
eScan Adware.Generic.56007 20151021
NANO-Antivirus Riskware.Win32.Agent.bxumt 20151022
nProtect Trojan-Clicker/W32.Agent.520192.K 20151021
Panda Trj/CI.A 20151021
Sophos AV Generic PUA CJ (PUA) 20151022
Symantec Adware.Gen 20151021
Tencent Win32.Trojan.Agent.daqh 20151022
VBA32 AdWare.Agent 20151021
VIPRE Trojan.Win32.Generic!BT 20151022
ViRobot Adware.Agent.520192[h] 20151022
Zillya Adware.Agent.Win32.2878 20151021
AegisLab 20151021
Alibaba 20151021
Bkav 20151021
ByteHero 20151022
ClamAV 20151021
ESET-NOD32 20151022
Ikarus 20151022
K7AntiVirus 20151021
K7GW 20151021
Malwarebytes 20151021
Microsoft 20151022
Qihoo-360 20151022
Rising 20151021
SUPERAntiSpyware 20151022
TheHacker 20151020
TotalDefense 20151021
TrendMicro 20151022
TrendMicro-HouseCall 20151022
Zoner 20151022
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (C) 2008

Product OnMuz Fresh Update ?? ????
Original name OnMuzFreshUpdate.exe
Internal name OnMuz Fresh Update
File version 1, 0, 0, 1
Description OnMuz Fresh Update
Packers identified
PEiD Armadillo v1.71
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2008-05-28 09:08:39
Entry Point 0x0000C7C5
Number of sections 4
PE sections
PE imports
RegOpenKeyExA
RegSetValueExA
RegQueryValueExA
RegCloseKey
RegCreateKeyExA
ImageList_Draw
_TrackMouseEvent
ImageList_ReplaceIcon
ImageList_AddMasked
GetObjectA
CreateFontA
CreateRectRgn
OffsetRgn
CreatePen
CreateCompatibleBitmap
CreateSolidBrush
CreateRectRgnIndirect
DPtoLP
CombineRgn
BitBlt
CreateCompatibleDC
SetRectRgn
Rectangle
GetLastError
GetStartupInfoA
GetTempPathA
ResumeThread
GetPrivateProfileStringA
GetModuleHandleA
lstrlenA
CreateMutexA
CreateDirectoryA
DeleteFileA
GetCommandLineA
GetModuleFileNameA
RemoveDirectoryA
Ord(6197)
Ord(1775)
Ord(4129)
Ord(3998)
Ord(4080)
Ord(1146)
Ord(4710)
Ord(2414)
Ord(3597)
Ord(1641)
Ord(2112)
Ord(3136)
Ord(4963)
Ord(4524)
Ord(6650)
Ord(6383)
Ord(693)
Ord(5678)
Ord(5440)
Ord(6375)
Ord(6855)
Ord(3626)
Ord(755)
Ord(3798)
Ord(537)
Ord(6614)
Ord(2770)
Ord(3259)
Ord(5290)
Ord(2446)
Ord(2864)
Ord(470)
Ord(3711)
Ord(5943)
Ord(5289)
Ord(6172)
Ord(6215)
Ord(5875)
Ord(6366)
Ord(5788)
Ord(6514)
Ord(5787)
Ord(809)
Ord(4529)
Ord(6835)
Ord(795)
Ord(6591)
Ord(2385)
Ord(922)
Ord(641)
Ord(3698)
Ord(6858)
Ord(1175)
Ord(2919)
Ord(939)
Ord(5277)
Ord(2514)
Ord(4402)
Ord(3640)
Ord(4353)
Ord(4441)
Ord(1134)
Ord(941)
Ord(4465)
Ord(4108)
Ord(609)
Ord(2863)
Ord(5300)
Ord(2380)
Ord(6377)
Ord(3797)
Ord(5076)
Ord(4425)
Ord(3754)
Ord(6691)
Ord(4627)
Ord(1168)
Ord(3738)
Ord(4853)
Ord(6805)
Ord(384)
Ord(6478)
Ord(4589)
Ord(2982)
Ord(2301)
Ord(4526)
Ord(4234)
Ord(825)
Ord(3081)
Ord(5199)
Ord(5307)
Ord(6907)
Ord(4531)
Ord(567)
Ord(4401)
Ord(4424)
Ord(1105)
Ord(540)
Ord(5260)
Ord(3706)
Ord(2233)
Ord(3639)
Ord(4078)
Ord(2554)
Ord(556)
Ord(4376)
Ord(6376)
Ord(6817)
Ord(2781)
Ord(1727)
Ord(3803)
Ord(3370)
Ord(3402)
Ord(5785)
Ord(2642)
Ord(283)
Ord(6597)
Ord(2379)
Ord(2725)
Ord(3572)
Ord(4998)
Ord(823)
Ord(2096)
Ord(5572)
Ord(3749)
Ord(2512)
Ord(5736)
Ord(6847)
Ord(4274)
Ord(1200)
Ord(5261)
Ord(2859)
Ord(3181)
Ord(2413)
Ord(1793)
Ord(6807)
Ord(2100)
Ord(2405)
Ord(3147)
Ord(2124)
Ord(324)
Ord(2621)
Ord(4892)
Ord(1771)
Ord(1929)
Ord(2116)
Ord(6839)
Ord(4284)
Ord(3721)
Ord(2108)
Ord(6816)
Ord(3262)
Ord(6052)
Ord(1576)
Ord(3573)
Ord(4299)
Ord(2614)
Ord(6857)
Ord(2575)
Ord(3748)
Ord(5065)
Ord(4407)
Ord(6846)
Ord(4275)
Ord(6867)
Ord(3663)
Ord(3346)
Ord(800)
Ord(858)
Ord(3693)
Ord(640)
Ord(6662)
Ord(3831)
Ord(6394)
Ord(6374)
Ord(686)
Ord(6453)
Ord(4960)
Ord(6856)
Ord(3825)
Ord(2976)
Ord(6815)
Ord(323)
Ord(4287)
Ord(1089)
Ord(2985)
Ord(6859)
Ord(3922)
Ord(5240)
Ord(6814)
Ord(2574)
Ord(2764)
Ord(2818)
Ord(3574)
Ord(6403)
Ord(1776)
Ord(356)
Ord(3753)
Ord(4347)
Ord(535)
Ord(5782)
Ord(6800)
Ord(3830)
Ord(2122)
Ord(5281)
Ord(3870)
Ord(4278)
Ord(4720)
Ord(3619)
Ord(2582)
Ord(3079)
Ord(4396)
Ord(6880)
Ord(4899)
Ord(2055)
Ord(6054)
Ord(4837)
Ord(815)
Ord(5241)
Ord(668)
Ord(1725)
Ord(5450)
Ord(6808)
Ord(2648)
Ord(6832)
Ord(5714)
Ord(923)
Ord(3138)
Ord(4545)
Ord(6812)
Ord(2452)
Ord(861)
Ord(5280)
Ord(2820)
Ord(4622)
Ord(561)
Ord(3811)
Ord(5302)
Ord(1640)
Ord(4543)
Ord(2302)
Ord(6845)
Ord(765)
Ord(1980)
Ord(2024)
Ord(924)
Ord(692)
Ord(4486)
Ord(2396)
Ord(2099)
Ord(4698)
Ord(4370)
Ord(3996)
Ord(4588)
Ord(926)
Ord(5163)
Ord(6055)
Ord(6199)
Ord(5265)
Ord(6823)
Ord(4673)
Ord(4079)
Ord(4058)
Ord(4889)
Ord(4340)
Ord(4432)
Ord(3571)
Ord(860)
Ord(5731)
Ord(783)
_purecall
__p__fmode
_acmdln
_ftol
__dllonexit
fopen
_except_handler3
_itoa
_mbscmp
_onexit
exit
sprintf
__setusermatherr
__p__commode
_controlfp
_XcptFilter
__CxxFrameHandler
?terminate@@YAXXZ
_adjust_fdiv
atoi
__getmainargs
_initterm
_setmbcp
memmove
_exit
__set_app_type
ShellExecuteA
StrFormatByteSizeA
PathRemoveFileSpecA
SetWindowRgn
SetPropA
EqualRect
KillTimer
LoadImageA
FindWindowA
MessageBeep
GetPropA
LoadBitmapA
GetParent
BeginDeferWindowPos
IsIconic
GetWindowRect
EnableWindow
DrawIcon
GetClassNameA
SetWindowLongA
AdjustWindowRectEx
GetSysColor
EndDeferWindowPos
GetWindowRgn
RemovePropA
GetMenu
DrawFocusRect
GetSystemMetrics
IsZoomed
IsWindowVisible
wsprintfA
GetClientRect
GetDlgItem
EnableMenuItem
InvalidateRect
GetWindowLongA
SetTimer
LoadCursorA
GetSystemMenu
SendMessageA
FillRect
CopyRect
DeferWindowPos
CallWindowProcA
IsMenu
PtInRect
SetCursor
InternetGetCookieA
URLDownloadToFileA
Number of PE resources by type
RT_ICON 43
RT_GROUP_ICON 42
RT_BITMAP 36
RT_DIALOG 1
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
KOREAN 124
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
6.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.0.0.1

UninitializedDataSize
0

LanguageCode
Korean

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
466944

EntryPoint
0xc7c5

OriginalFileName
OnMuzFreshUpdate.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright (C) 2008

FileVersion
1, 0, 0, 1

TimeStamp
2008:05:28 10:08:39+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
OnMuz Fresh Update

ProductVersion
1, 0, 0, 1

FileDescription
OnMuz Fresh Update

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
53248

ProductName
OnMuz Fresh Update

ProductVersionNumber
1.0.0.1

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 cf9f4df02496d8ba083be76c88cd8571
SHA1 29c9d8cb0b138314a62c874bc9ac3cd481ef230f
SHA256 c0340f2035f4bcf286c8ce3b87cdba503e511e7f4995ae3e9cf6f9549ee65980
ssdeep
6144:o/xJHuco6NR3f44lC7UsXotmqHuhR8aOPv/9OJZtB5Tfa:8bR3fzlC7vsmccRmH/9OJZtB5T

authentihash 75b1a04ed66c471c1b01a091bce2033b727036db3a9844d068a3be3ff6fae4a7
imphash 766d6292f6ae7bd4a39321bca5113600
File size 508.0 KB ( 520192 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe armadillo

VirusTotal metadata
First submission 2008-09-07 21:35:12 UTC ( 10 years, 8 months ago )
Last submission 2013-07-04 07:59:34 UTC ( 5 years, 10 months ago )
File names OnMuz Fresh Update
1266274112.onmuzfreshupdate.exe
CF9F4DF02496D8BA083BE76C88CD8571
25eb88c11213eafd09080e907cf45f72
431750
29c9d8cb0b138314a62c874bc9ac3cd481ef230f.bin
29c9d8cb0b138314a62c874bc9ac3cd481ef230f
adware.win32.agent-cf9f4df02496d8
cf9f4df02496d8ba083be76c88cd8571
onmuzfreshupdate.exe
smona126834140903103622884
qStP.dot
OnMuzFreshUpdate.exe
aa
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!