× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: c2695824ea7f964b3fc010b2d1efdfed777ce1291849f9cad143bc2ecbe11a3c
File name: eefb92588a5220d09dde13505dfc7b2b60281df1
Detection ratio: 34 / 45
Analysis date: 2013-08-13 05:14:16 UTC ( 8 months, 1 week ago )
Antivirus Result Update
AVG Crypt_s.CHR 20130812
AhnLab-V3 Trojan/Win32.Zbot 20130813
Avast Win32:Kryptik-MOS [Trj] 20130813
BitDefender Trojan.GenericKDV.1155572 20130813
CAT-QuickHeal TrojanPWS.Zbot 20130812
Commtouch W32/Trojan.FTWH-7091 20130813
Comodo UnclassifiedMalware 20130813
DrWeb Trojan.Packed.24465 20130813
ESET-NOD32 a variant of Win32/Kryptik.BHEL 20130812
Emsisoft Trojan.Win32.Zbot (A) 20130813
F-Secure Trojan.GenericKDV.1155572 20130813
Fortinet W32/Kryptik.AGAL!tr 20130813
GData Trojan.GenericKDV.1155572 20130813
Ikarus Trojan.Crypt_s 20130813
K7AntiVirus Trojan 20130812
K7GW Trojan 20130812
Kaspersky Packed.Win32.Krap.iy 20130813
Malwarebytes Malware.Packer.AD 20130813
McAfee PWS-Zbot-FBDT!5FACF6703483 20130813
McAfee-GW-Edition Heuristic.LooksLike.Win32.Suspicious.B 20130812
MicroWorld-eScan Trojan.GenericKDV.1155572 20130813
Microsoft PWS:Win32/Zbot.gen!AM 20130813
NANO-Antivirus Trojan.Win32.Krap.bzwzrv 20130812
Norman Kryptik.CCEB 20130812
PCTools Trojan.Generic 20130812
Panda Trj/CI.A 20130812
Rising Trojan.Win32.Antii.b 20130813
SUPERAntiSpyware Trojan.Agent/Gen-Kryptik 20130813
Symantec Trojan Horse 20130813
TrendMicro TROJ_GEN.R0CBC0EH413 20130813
TrendMicro-HouseCall TROJ_RANSOM.SM06 20130813
VBA32 Malware-Cryptor.Mystig 20130812
VIPRE Trojan.Win32.Kryptik.ake (v) 20130813
ViRobot Trojan.Win32.U.Krap.309760.A 20130813
Agnitum 20130812
AntiVir 20130813
Antiy-AVL 20130813
ByteHero 20130804
ClamAV 20130813
F-Prot 20130813
Jiangmin 20130813
Kingsoft 20130723
TheHacker 20130813
TotalDefense 20130812
nProtect 20130813
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-06-16 11:22:34
Link date 12:22 PM 6/16/2013
Entry Point 0x000016E3
Number of sections 3
PE sections
PE imports
DllGetClassObject
DllUnregisterServer
DllCanUnloadNow
DllRegisterServer
OpenMutexA
FoldStringA
GetDiskFreeSpaceA
GetPrivateProfileIntW
GetPrivateProfileSectionW
GetFileAttributesA
GetEnvironmentVariableA
HeapCreate
GetExitCodeThread
InterlockedExchange
CreateEventA
CloseHandle
CreateDirectoryW
GetFullPathNameA
lstrcmpiW
WaitForMultipleObjects
lstrcmpW
GetModuleHandleA
Number of PE resources by type
RT_ICON 2
RT_GROUP_ICON 1
RT_RCDATA 1
Number of PE resources by language
FRENCH BELGIAN 2
ENGLISH US 2
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2013:06:16 12:22:34+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
2048

LinkerVersion
8.0

EntryPoint
0x16e3

InitializedDataSize
512

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 5facf6703483704fd04245f65662a8e5
SHA1 0631a8280e416395a06e269aea57073f52863b6a
SHA256 c2695824ea7f964b3fc010b2d1efdfed777ce1291849f9cad143bc2ecbe11a3c
ssdeep
6144:jWx+FXPa5S58TTRZaQcalTEDcB+SiQuLwlYIuhmgW2C3:I+dPa5t18/alTmcB+UG3I3

File size 302.5 KB ( 309760 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.2%)
Win32 Executable (generic) (26.2%)
Win16/32 Executable Delphi generic (12.0%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2013-08-02 10:23:50 UTC ( 8 months, 3 weeks ago )
Last submission 2013-08-07 20:36:55 UTC ( 8 months, 2 weeks ago )
File names about.exe
usa.exe
malekal_5facf6703483704fd04245f65662a8e5
eefb92588a5220d09dde13505dfc7b2b60281df1
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!