× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: c4c44dab66123ce477f222bba8b064659c5530a250ac094e9a9ceb3538a8de2e
File name: 1286721062.annie.scr
Detection ratio: 39 / 48
Analysis date: 2013-12-19 17:13:33 UTC ( 4 years, 1 month ago )
Antivirus Result Update
Ad-Aware Trojan.Generic.4899802 20131211
Yandex Trojan.DL.Genome!pS9Grx0XHdI 20131217
AntiVir TR/Crypt.XPACK.Gen 20131219
Avast Win32:Malware-gen 20131219
AVG Downloader.Generic10.WZQ 20131219
Baidu-International Trojan.Win32.Generic.AD 20131213
BitDefender Trojan.Generic.4899802 20131211
Bkav W32.LR_AcroIEHelper.Worm 20131219
CMC Trojan.Win32.Krap.1!O 20131217
Commtouch W32/Risk.UAXA-0077 20131219
Comodo UnclassifiedMalware 20131219
DrWeb Trojan.DownLoader1.48287 20131219
Emsisoft Trojan.Generic.4899802 (B) 20131219
ESET-NOD32 a variant of Win32/TrojanDownloader.Delf.PYK 20131219
F-Prot <W32/MalwareF.PYUW 20131219
F-Secure Trojan.Generic.4899802 20131219
Fortinet W32/Genome.BBHB!tr 20131219
GData Trojan.Generic.4899802 20131219
Ikarus Trojan-Downloader.Win32.Banload 20131219
K7AntiVirus Trojan ( 7000000f1 ) 20131219
K7GW Trojan-Downloader ( 001b1c921 ) 20131219
Kaspersky HEUR:Trojan.Win32.Generic 20131219
Kingsoft Win32.Troj.Generic.(kcloud) 20130829
McAfee Artemis!C15F39D958A9 20131219
McAfee-GW-Edition Heuristic.LooksLike.Win32.Suspicious.C 20131219
Microsoft Trojan:Win32/Comisproc 20131219
eScan Trojan.Generic.4899802 20131219
NANO-Antivirus Trojan.Win32.Genome.cjkhm 20131219
Norman Suspicious_Gen2.DUTVX 20131219
nProtect Trojan-Downloader/W32.Genome.143360.H 20131219
Panda Generic Trojan 20131219
Rising PE:Trojan.Win32.Generic.124C5DFE!306994686 20131218
Sophos AV Troj/Agent-OXH 20131219
Symantec Trojan.Gen 20131219
TheHacker Trojan/Downloader.Delf.pyk 20131219
TrendMicro TROJ_GENOME.LJ 20131219
TrendMicro-HouseCall TROJ_GENOME.LJ 20131219
VBA32 suspected of Trojan.Downloader.gen.h 20131219
VIPRE Trojan.Win32.Generic!BT 20131219
AhnLab-V3 20131219125409
Antiy-AVL 20131219
ByteHero 20130613
CAT-QuickHeal 20131218
ClamAV 20131219
Jiangmin 20131219
Malwarebytes 20131219
SUPERAntiSpyware 20131219
TotalDefense 20131219
ViRobot 20131219
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
PEiD PC Guard for Win32 v5.00 -> SofPro/Blagoje Ceklic (h)
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1992-06-19 22:22:17
Entry Point 0x0000E400
Number of sections 9
PE sections
PE imports
GetModuleHandleA
ExitProcess
GetVersionExA
GetProcAddress
VirtualAlloc
LoadLibraryA
ShellExecuteA
MessageBoxA
Number of PE resources by type
RT_RCDATA 2
RT_MANIFEST 1
Number of PE resources by language
NEUTRAL 3
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
1992:06:19 23:22:17+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
17408

LinkerVersion
2.25

FileAccessDate
2013:12:19 18:18:52+01:00

EntryPoint
0xe400

InitializedDataSize
6144

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

FileCreateDate
2013:12:19 18:18:52+01:00

UninitializedDataSize
0

File identification
MD5 c15f39d958a9a3b8ce7abd29ccf135bb
SHA1 0923eb07bf258288f015530b9600655e1db9cf67
SHA256 c4c44dab66123ce477f222bba8b064659c5530a250ac094e9a9ceb3538a8de2e
ssdeep
3072:8I7pjIT/vARxiaocb+eAyh2h5HYyGtJDfQYQJWr1zmBpHDu6:8ocrQxiaocb+eUh541zY3n

File size 140.0 KB ( 143360 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable (generic) (52.9%)
Generic Win/DOS Executable (23.5%)
DOS Executable Generic (23.4%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
pcguard peexe

VirusTotal metadata
First submission 2010-10-06 20:32:08 UTC ( 7 years, 3 months ago )
Last submission 2013-12-19 17:13:33 UTC ( 4 years, 1 month ago )
File names 343FqOv.scr
1286721062.annie.scr
aa
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!