× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: c380221bf9cb5dde06fd58a8156c3c25ed2fcdff79aac862570e93551e961d0e
File name: 38B27F6CB66D2F07F36BDD718970B0C0
Detection ratio: 41 / 43
Analysis date: 2011-08-13 09:10:53 UTC ( 7 years, 8 months ago )
Antivirus Result Update
AhnLab-V3 Win-Trojan/OnlineGameHack.23608.G 20110812
AntiVir TR/ATRAPS.Gen2 20110812
Avast Win32:OnLineGames-FOS [Trj] 20110812
Avast5 Win32:OnLineGames-FOS [Trj] 20110812
AVG PSW.OnlineGames3.AAJK 20110813
BitDefender Trojan.Generic.2988171 20110813
CAT-QuickHeal TrojanGameThief.OnLineGames.v 20110813
ClamAV Trojan.Spy-69298 20110813
Commtouch W32/OnlineGames.CW.gen!Eldorado 20110813
Comodo TrojWare.Win32.PSW.Onlinegames.OQU.2 20110813
DrWeb Trojan.PWS.Gamania.23459 20110813
Emsisoft Virus.Win32.Patched.MB!IK 20110813
eSafe Win32.TRATRAPS 20110810
eTrust-Vet Win32/Zuten!generic 20110812
F-Prot W32/OnlineGames.CW.gen!Eldorado 20110813
F-Secure Trojan-PSW:W32/OnlineGames.gen!T 20110813
Fortinet W32/OnLineGames.BILU!tr.pws 20110813
GData Trojan.Generic.2988171 20110813
Ikarus Virus.Win32.Patched.MB 20110813
Jiangmin Trojan/PSW.OnLineGames.bkbe 20110812
K7AntiVirus Password-Stealer 20110812
Kaspersky Trojan-GameThief.Win32.OnLineGames.bnei 20110813
McAfee PWS-OnlineGames.ha 20110813
McAfee-GW-Edition PWS-OnlineGames.ha 20110813
Microsoft PWS:Win32/OnLineGames.GP 20110813
NOD32 Win32/PSW.OnLineGames.OQU 20110813
Norman W32/OnLineGames.LGKI 20110812
nProtect Trojan-PWS/W32.WebGame.23608.D 20110813
Panda Trj/CI.A 20110812
PCTools Trojan-PSW.Gampass 20110813
Rising Trojan.Win32.Generic.11EEDCF9 20110812
Sophos AV Mal/Behav-112 20110813
SUPERAntiSpyware Trojan.Agent/Gen-WOW 20110813
Symantec Infostealer.Gampass 20110813
TheHacker Trojan/OnLineGames.vyft 20110813
TrendMicro TSPY_ONLINEG.SMF 20110813
TrendMicro-HouseCall TSPY_ONLINEG.SMF 20110813
VBA32 Trojan-GameThief.Win32.OnLineGames.vyej 20110813
VIPRE Trojan.Win32.Generic!BT 20110812
ViRobot Trojan.Win32.PSWIGames.23608.B 20110813
VirusBuster Trojan.ATRAPS!OND3qEVcgf8 20110812
Antiy-AVL 20110813
Prevx 20110813
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file.
PE header basic information
Number of sections 3
PE sections
PE imports
LoadLibraryA
GetProcAddress
VirtualProtect
VirtualAlloc
VirtualFree
ExitProcess
wsprintfA
File identification
MD5 38b27f6cb66d2f07f36bdd718970b0c0
SHA1 902e60eebab7cdd50b6cac162b6701bb4b3656da
SHA256 c380221bf9cb5dde06fd58a8156c3c25ed2fcdff79aac862570e93551e961d0e
ssdeep
384:q//lJoyGSlbSGNY6nBZKRiaNBtJgwpZJRHp49XAKaD8BxggXiwj+8LeYQxlptNoX:izIYbSGa6nBZKQaNJgwps9XAbOggFj+U

File size 23.1 KB ( 23608 bytes )
File type Win32 EXE
Magic literal

TrID UPX compressed Win32 Executable (39.5%)
Win32 EXE Yoda's Crypter (34.3%)
Win32 Executable Generic (11.0%)
Win32 Dynamic Link Library (generic) (9.8%)
Generic Win/DOS Executable (2.5%)
Tags
upx

VirusTotal metadata
First submission 2010-01-15 02:11:57 UTC ( 9 years, 3 months ago )
Last submission 2011-08-13 09:10:53 UTC ( 7 years, 8 months ago )
File names 38B27F6CB66D2F07F36BDD718970B0C0
38b27f6cb66d2f07f36bdd718970b0c0
DXKW.xlsm
m_3z8na9U.docx
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!