× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: c94a11a74356c41dab3c237f031aa22b3710509d7af9a407ed8293fa0b657496
File name: 3391cbea0a6c27da721c19be4efae20b5106427a
Detection ratio: 45 / 48
Analysis date: 2013-10-08 09:39:56 UTC ( 5 years, 6 months ago )
Antivirus Result Update
Yandex Backdoor.IRCNite!fhZH3FsxomY 20131007
AhnLab-V3 Win-Trojan/Bamital.Gen 20131008
AntiVir W32/Sality.AB.2 20131008
Avast Win32:Ramnit-AN 20131008
AVG Generic22.BPCM 20131008
Baidu-International Trojan.Win32.Pakes.tyi 20131008
BitDefender Backdoor.Agent.ABHW 20131008
Bkav W32.InjectAdwaredDwnMainA.Trojan 20131007
CAT-QuickHeal Trojan.Quolko.A 20131008
ClamAV WIN.Ransom.Lockscreen 20131007
Commtouch W32/Bamital.ULKQ-0499 20131008
Comodo TrojWare.Win32.Agent.kwsr 20131008
DrWeb Trojan.MulDrop3.45645 20131008
Emsisoft Backdoor.Agent.ABHW (B) 20131008
ESET-NOD32 Win32/Ramnit.AY 20131008
F-Prot W32/Bamital.P 20131008
F-Secure Backdoor.Agent.ABHW 20131008
Fortinet W32/Drooptroop.SMY!tr 20131008
GData Backdoor.Agent.ABHW 20131008
Ikarus Trojan-Ransom.Win32.PornoBlocker 20131008
Jiangmin Trojan/PornoBlocker.aua 20130903
K7AntiVirus Trojan 20131007
K7GW Trojan 20131007
Kaspersky Trojan.Win32.Pakes.tyi 20131008
Malwarebytes Trojan.Downloader 20131008
McAfee Generic BackDoor.ya 20131008
McAfee-GW-Edition Generic BackDoor.ya 20131008
Microsoft Trojan:Win32/Ramnit.A 20131008
eScan Backdoor.Agent.ABHW 20131008
NANO-Antivirus Trojan.Win32.MulDrop3.wheiu 20131008
Norman Ramnit.O 20131008
nProtect Trojan/W32.PornoBlocker.108032 20131008
Panda Trj/Bamital.E 20131008
PCTools Trojan.Bamital 20131002
Rising Trojan.Win32.Fednu.ueo 20131008
Sophos AV W32/Ramnit-A 20131008
SUPERAntiSpyware Trojan.Agent/Gen-Ransom 20131008
Symantec Trojan.Bamital!gen2 20131008
TheHacker Posible_Worm32 20131007
TotalDefense Win32/Pakes.EA!genus 20131007
TrendMicro TROJ_FAKEAV.SMUP 20131008
TrendMicro-HouseCall TROJ_GEN.F47V0731 20131008
VBA32 Trojan.MTA.01240 20131007
VIPRE Trojan.Win32.Generic!BT 20131008
ViRobot Trojan.Win32.A.PornoBlocker.206336.A 20131008
Antiy-AVL 20131008
ByteHero 20130924
Kingsoft 20130829
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1998-08-24 01:27:11
Entry Point 0x0004D240
Number of sections 3
PE sections
PE imports
VirtualFree
ExitProcess
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
SetWindowTextA
Number of PE resources by type
RT_ICON 12
RT_DIALOG 2
RT_MENU 1
RT_GROUP_ICON 1
Number of PE resources by language
RUSSIAN 16
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
1998:08:24 02:27:11+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
77824

LinkerVersion
7.4

EntryPoint
0x4d240

InitializedDataSize
32768

SubsystemVersion
4.0

ImageVersion
7.2

OSVersion
5.0

UninitializedDataSize
237568

File identification
MD5 8715937f011a3f0ce22eed007a645297
SHA1 3391cbea0a6c27da721c19be4efae20b5106427a
SHA256 c94a11a74356c41dab3c237f031aa22b3710509d7af9a407ed8293fa0b657496
ssdeep
1536:POC0FvV4OguHxjhpA4Bm7uW0vSUsghQevBFkutIbgTuFqKRr0aF5frleGhd9TfB:PwV4OgSzBmh04eZFkz3Rr0gwGj9Tf8

File size 105.5 KB ( 108032 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Clipper DOS Executable (33.4%)
Generic Win/DOS Executable (33.2%)
DOS Executable Generic (33.1%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)
Tags
peexe

VirusTotal metadata
First submission 2013-10-08 00:35:12 UTC ( 5 years, 6 months ago )
Last submission 2013-10-08 00:35:12 UTC ( 5 years, 6 months ago )
File names 3391cbea0a6c27da721c19be4efae20b5106427a
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Created processes
Opened mutexes
Runtime DLLs