× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: c681c561fee6e5e5c976f98d62e94e28cb703ce7f1edecd13bc170989c7cf8c8
File name: aa
Detection ratio: 44 / 53
Analysis date: 2014-07-17 01:01:10 UTC ( 4 years, 10 months ago )
Antivirus Result Update
Ad-Aware Trojan.Generic.3000589 20140717
Yandex Trojan.Koblu!sh3kmNVIxjA 20140716
AhnLab-V3 Trojan/Win32.Refpron 20140716
AntiVir TR/Koblu.bvd 20140717
Avast Win32:Refpron-AX [Trj] 20140717
AVG Win32/DH{gRMggRJFJCIj} 20140716
Baidu-International Trojan.Win32.Koblu.AORY 20140716
BitDefender Trojan.Generic.3000589 20140717
Bkav W32.DownloaderV2MTR.Trojan 20140716
Commtouch W32/Koblu.A.gen!Eldorado 20140717
Comodo TrojWare.Win32.Koblu.E 20140716
DrWeb Trojan.Siggen.44451 20140717
Emsisoft Trojan.Generic.3000589 (B) 20140717
ESET-NOD32 a variant of Win32/Refpron.DU 20140716
F-Prot W32/Trojan2.LOHM 20140717
F-Secure Trojan:W32/Agent.DIYW 20140717
Fortinet W32/Koblu.BVD!tr 20140717
GData Trojan.Generic.3000589 20140717
Ikarus Trojan.Win32.Koblu 20140717
Jiangmin Trojan/Koblu.au 20140716
K7AntiVirus Trojan ( 7000000f1 ) 20140716
K7GW Trojan ( 7000000f1 ) 20140716
Kaspersky Trojan.Win32.Koblu.bvd 20140716
Kingsoft Win32.Troj.Koblu.(kcloud) 20140717
McAfee Refpron.gen.h 20140717
McAfee-GW-Edition Refpron.gen.h 20140716
eScan Trojan.Generic.3000589 20140717
NANO-Antivirus Trojan.Win32.Koblu.csjle 20140717
Norman Refpron.CNZ 20140716
nProtect Trojan.Generic.3000589 20140716
Panda Trj/Genetic.gen 20140716
Qihoo-360 HEUR/Malware.QVM05.Gen 20140717
Rising PE:Trojan.Win32.Generic.11EC89F8!300714488 20140716
Sophos AV Mal/Koblu-B 20140716
Symantec Trojan Horse 20140717
Tencent Win32.Trojan.Koblu.Ehru 20140717
TheHacker Trojan/Koblu.bvh 20140714
TotalDefense Win32/Refpron.NR 20140716
TrendMicro TROJ_KOBLU.AN 20140717
TrendMicro-HouseCall TROJ_KOBLU.AN 20140716
VBA32 BScope.Krap.gen 20140715
VIPRE Trojan.Win32.Sopiclick.b (v) 20140717
ViRobot Trojan.Win32.A.Koblu.77824.E 20140716
Zillya Trojan.Koblu.Win32.1480 20140716
AegisLab 20140717
ByteHero 20140717
CAT-QuickHeal 20140716
ClamAV 20140716
CMC 20140716
Malwarebytes 20140717
Microsoft 20140716
SUPERAntiSpyware 20140717
Zoner 20140714
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Publisher Andreas Hausladen
Product Hausladen SpeedUp
File version 4.1.2.4
Description Andreas Hausladen
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1992-06-19 22:22:17
Entry Point 0x0001068C
Number of sections 8
PE sections
PE imports
LoadLibraryExA
LocalFree
LocalReAlloc
LocalSize
LocalAlloc
GetModuleHandleA
FreeLibrary
UnhandledExceptionFilter
TlsGetValue
ExitProcess
TlsSetValue
GetCurrentThreadId
RtlUnwind
GetProcAddress
RaiseException
Number of PE resources by type
RT_ICON 2
RT_RCDATA 2
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
CHINESE SIMPLIFIED 4
NEUTRAL 2
PE resources
ExifTool file metadata
SubsystemVersion
4.0

InitializedDataSize
13312

ImageVersion
0.0

ProductName
Hausladen SpeedUp

FileVersionNumber
4.1.2.4

UninitializedDataSize
0

LanguageCode
Unknown (140C)

FileFlagsMask
0x0000

CharacterSet
Windows, Greek

LinkerVersion
2.25

MIMEType
application/octet-stream

FileVersion
4.1.2.4

TimeStamp
1992:06:19 23:22:17+01:00

FileType
Win32 EXE

PEType
PE32

FileAccessDate
2014:07:17 02:00:20+01:00

ProductVersion
4.1.2.4

FileDescription
Andreas Hausladen

OSVersion
1.0

FileCreateDate
2014:07:17 02:00:20+01:00

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Andreas Hausladen

CodeSize
63488

FileSubtype
0

ProductVersionNumber
4.1.2.4

EntryPoint
0x1068c

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 feba7ea3c855586781d85e1cd528eebf
SHA1 c71152352e3f330e50aa4a2464e1b7217759eaa2
SHA256 c681c561fee6e5e5c976f98d62e94e28cb703ce7f1edecd13bc170989c7cf8c8
ssdeep
1536:8oXAg677BOuGGzVKKR+QLzQn1czGm/umXOul5tgvA64fuml1hRlM:8Ml67ouckkn1czGbu1gv

imphash 5844a760fcdf08ddf8f3295948a77be8
File size 76.0 KB ( 77824 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Borland Delphi 3 (93.8%)
Win32 Dynamic Link Library (generic) (2.3%)
Win32 Executable (generic) (1.6%)
Win16/32 Executable Delphi generic (0.7%)
Generic Win/DOS Executable (0.7%)
Tags
peexe

VirusTotal metadata
First submission 2010-01-07 04:18:21 UTC ( 9 years, 4 months ago )
Last submission 2010-02-04 03:31:56 UTC ( 9 years, 3 months ago )
File names 6EdC.dll
SktT.xlt
aa
Gz6oUOMI.odt
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!