× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: c06721f53f1b7ffaeb7a423b1062a6e3404c04bd3bc6d283a7367a207a9ec172
File name: colwmAnMRc.exe
Detection ratio: 41 / 46
Analysis date: 2013-05-10 18:18:42 UTC ( 4 years, 7 months ago )
Antivirus Result Update
Yandex Trojan.PWS.Agent!dK1+hIyFG4Q 20130510
AhnLab-V3 Worm/Win32.AutoRun 20130510
AntiVir TR/Dropper.Gen 20130510
Avast Win32:Inject-ABT [Trj] 20130510
AVG Dropper.VB.CZG 20130510
BitDefender Trojan.Generic.3979664 20130510
ClamAV Win.Trojan.Agent-20297 20130510
Commtouch W32/Risk.FVEL-4149 20130510
Comodo TrojWare.Win32.Trojan.Agent.Gen 20130510
DrWeb Trojan.PWS.Stealer.189 20130510
Emsisoft VirTool.Win32.VBInject.AMN (A) 20130510
eSafe Win32.TRDropper 20130509
ESET-NOD32 Win32/PSW.Delf.NSR 20130510
F-Prot W32/MalwareS.FKQ 20130510
F-Secure Trojan.Generic.3979664 20130510
Fortinet W32/Agent.QKV!tr.pws 20130510
GData Trojan.Generic.3979664 20130510
Ikarus Trojan-Ransom.Win32.XBlocker 20130510
K7AntiVirus Riskware 20130510
K7GW Password-Stealer 20130510
Kaspersky Trojan-PSW.Win32.Agent.qkv 20130510
Kingsoft Win32.PSWTroj.Agent.(kcloud) 20130506
Malwarebytes Trojan.Agent 20130510
McAfee Artemis!B97320B10CED 20130510
McAfee-GW-Edition Heuristic.BehavesLike.Win32.Downloader.D 20130510
Microsoft VirTool:Win32/VBInject.gen!DG 20130510
eScan Trojan.Generic.3979664 20130510
NANO-Antivirus Trojan.Win32.Stealer.rqkk 20130510
Norman LdPinch.BJWE 20130510
nProtect Trojan.Generic.3979664 20130510
Panda Trj/Genetic.gen 20130510
PCTools Trojan.Gen 20130510
Sophos AV Mal/VB-ABHH 20130510
Symantec Trojan.Gen 20130510
TheHacker Trojan/PSW.Agent.qkv 20130509
TotalDefense Win32/LdPinch.AEZ 20130510
TrendMicro WORM_KOOBFACE.AC 20130510
TrendMicro-HouseCall WORM_KOOBFACE.AC 20130510
VBA32 SScope.Trojan.VBRA.4728 20130510
VIPRE VirTool.Win32.VBInject.gen.dg (v) 20130510
ViRobot Trojan.Win32.A.PSW-Agent.110592.E 20130510
Antiy-AVL 20130510
ByteHero 20130510
CAT-QuickHeal 20130510
Jiangmin 20130510
SUPERAntiSpyware 20130510
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
WEOKAYxUOsoe

Publisher qKXCnBMCdJMZ
Product VsTPpQAwvfuI
Version 6.06.0006
Original name colwmAnMRc.exe
Internal name colwmAnMRc
File version 6.06.0006
Description wMvWqTpjityg
Comments royaOwUTQvNc
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2010-04-03 19:11:01
Entry Point 0x000010B8
Number of sections 3
PE sections
PE imports
EVENT_SINK_QueryInterface
Ord(717)
__vbaExceptHandler
Ord(608)
MethCallEngine
DllFunctionCall
Ord(644)
ProcCallEngine
EVENT_SINK_Release
Ord(100)
EVENT_SINK_AddRef
Ord(598)
Ord(698)
CreateProcessW
RtlMoveMemory
GetProcAddress
LoadLibraryA
Number of PE resources by type
RT_ICON 3
RT_VERSION 1
7 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 4
ENGLISH US 1
ARABIC NEUTRAL 1
PE resources
ExifTool file metadata
CodeSize
12288

SubsystemVersion
4.0

Comments
royaOwUTQvNc

LinkerVersion
6.0

ImageVersion
6.6

FileSubtype
0

FileVersionNumber
6.6.0.6

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

FileDescription
wMvWqTpjityg

CharacterSet
Unicode

InitializedDataSize
94208

FileOS
Win32

MIMEType
application/octet-stream

LegalCopyright
WEOKAYxUOsoe

FileVersion
6.06.0006

TimeStamp
2010:04:03 20:11:01+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
colwmAnMRc

FileAccessDate
2013:05:10 19:18:53+01:00

ProductVersion
6.06.0006

UninitializedDataSize
0

OSVersion
4.0

FileCreateDate
2013:05:10 19:18:53+01:00

OriginalFilename
colwmAnMRc.exe

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
qKXCnBMCdJMZ

LegalTrademarks
PYsSxSIvfoFf

ProductName
VsTPpQAwvfuI

ProductVersionNumber
6.6.0.6

EntryPoint
0x10b8

ObjectFileType
Executable application

File identification
MD5 b97320b10ced23624f38a721643d7132
SHA1 0d306892495d3e5b03cd571d6ebde120f403919d
SHA256 c06721f53f1b7ffaeb7a423b1062a6e3404c04bd3bc6d283a7367a207a9ec172
ssdeep
3072:HFWy5Tvrmsb9t1e1oIDXwNNptduaQgQnh0ZUFJdZ:HnhvrmQX1fkq/t4T1nh0Zy

File size 108.0 KB ( 110592 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (88.6%)
Win32 Executable (generic) (7.0%)
Generic Win/DOS Executable (2.1%)
DOS Executable Generic (2.1%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe mz

VirusTotal metadata
First submission 2010-04-03 23:54:05 UTC ( 7 years, 8 months ago )
Last submission 2013-05-10 18:18:42 UTC ( 4 years, 7 months ago )
File names colwmAnMRc
aa
KbLwWg.lnk
colwmAnMRc.exe
index.ex
-mFNhby
Behaviour characterization
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!