× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: c9e5a11e940bce9f969250363e4e7b3ab4d20759976c4e0ad80b3af95333e062
File name: e9525798d3b2b5b1057f4989e28c78a0
Detection ratio: 19 / 43
Analysis date: 2011-02-06 20:33:21 UTC ( 3 years, 5 months ago ) View latest
Antivirus Result Update
AntiVir TR/Dropper.Gen 20110204
Avast Win32:Malware-gen 20110206
Avast5 Win32:Malware-gen 20110206
BitDefender Gen:Trojan.Heur.RP.Py0aayYngQkj 20110206
CAT-QuickHeal (Suspicious) - DNAScan 20110206
Commtouch W32/Trojan2.MNNK 20110206
Emsisoft P2P-Worm.Win32.Palevo!IK 20110206
F-Prot W32/Trojan2.MNNK 20110204
F-Secure Gen:Trojan.Heur.RP.Py0aayYngQkj 20110206
GData Gen:Trojan.Heur.RP.Py0aayYngQkj 20110206
Ikarus P2P-Worm.Win32.Palevo 20110206
K7AntiVirus Trojan 20110206
Kaspersky P2P-Worm.Win32.Palevo.ypo 20110206
McAfee-GW-Edition Heuristic.LooksLike.Win32.Suspicious.F 20110206
Microsoft TrojanDropper:Win32/Agent.FO 20110206
NOD32 Win32/Packed.Themida.AAG 20110206
Norman W32/CeeInject.CQ 20110206
Panda Trj/Thed.A 20110206
VIPRE Worm.Win32.AInfBot.l (v) 20110206
AVG 20110206
AhnLab-V3 20110206
Antiy-AVL 20110128
ClamAV 20110206
Comodo 20110206
DrWeb 20110206
Fortinet 20110206
Jiangmin 20110205
McAfee 20110206
PCTools 20110206
Prevx 20110206
Rising 20110206
SUPERAntiSpyware 20110206
Sophos 20110206
Symantec 20110206
TheHacker 20110206
TrendMicro 20110206
TrendMicro-HouseCall 20110206
VBA32 20110204
ViRobot 20110206
VirusBuster 20110206
eSafe 20110206
eTrust-Vet 20110204
nProtect 20110202
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block
Copyright
Copyright (c) 2010

Original name n/a.exe
File version 1, 0, 0, 0
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2010-03-02 07:40:49
Entry Point 0x00157000
Number of sections 6
PE sections
PE imports
InitCommonControls
Number of PE resources by type
ZU5LU0 27
RT_VERSION 1
SETTINGS 1
Number of PE resources by language
CHINESE TRADITIONAL 28
ENGLISH US 1
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
6.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.0.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
161280

FileOS
Windows NT 32-bit

MIMEType
application/octet-stream

LegalCopyright
Copyright 2010

FileVersion
1, 0, 0, 0

TimeStamp
2010:03:02 07:40:49+00:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
1, 0, 0, 0

UninitializedDataSize
0

OSVersion
4.0

OriginalFilename
n/a.exe

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName

CodeSize
17920

ProductVersionNumber
1.0.0.0

EntryPoint
0x157000

ObjectFileType
Executable application

File identification
MD5 e9525798d3b2b5b1057f4989e28c78a0
SHA1 2318bba8fcdfd5c736b692b3657bf2b1815e200f
SHA256 c9e5a11e940bce9f969250363e4e7b3ab4d20759976c4e0ad80b3af95333e062
ssdeep
12288:RASI45SjqV6aO13caUd2yQvzslgCqWO6Sr+1Hs7SiSqaf0sa5QMq:eSIiyqVYNw2XBCqWO6g+1M7SIaf0t

File size 664.0 KB ( 679936 bytes )
File type Win32 EXE
Magic literal
MS-DOS executable PE for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (65.4%)
Generic Win/DOS Executable (17.2%)
DOS Executable Generic (17.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe

VirusTotal metadata
First submission 2011-02-06 20:33:21 UTC ( 3 years, 5 months ago )
Last submission 2012-12-09 06:31:19 UTC ( 1 year, 7 months ago )
File names e9525798d3b2b5b1057f4989e28c78a0
a.exe
Advanced heuristic and reputation engines
ClamAV PUA
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: http://www.clamav.net/index.php?s=pua&lang=en .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!