× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: cc4cee05bb449a648e77d08e2f0e067ec0bd2cfc9954f4aaccb269ba1f01c2cf
File name: file-3942634_exe
Detection ratio: 29 / 42
Analysis date: 2012-05-13 18:17:18 UTC ( 5 years, 8 months ago ) View latest
Antivirus Result Update
AhnLab-V3 Dropper/Win32.Dapato 20120513
AntiVir TR/Crypt.ULPM.Gen 20120513
Avast Win32:SmokeLdr-E [Trj] 20120513
AVG SHeur4.TXM 20120513
BitDefender Gen:Variant.Graftor.17432 20120513
CAT-QuickHeal TrojanPWS.Zbot.Y 20120513
ClamAV Trojan.Zbot-18826 20120512
Commtouch W32/Agent.OJ.gen!Eldorado 20120513
DrWeb BackDoor.Butirat.56 20120513
Emsisoft Virus.Win32.Vundo!IK 20120513
eTrust-Vet Win32/Dorkbot.H!generic 20120511
F-Prot W32/Agent.OJ.gen!Eldorado 20120513
F-Secure Gen:Variant.Graftor.17432 20120513
GData Gen:Variant.Graftor.17432 20120513
Ikarus Virus.Win32.Vundo 20120513
Jiangmin TrojanDropper.Dapato.ghw 20120512
K7AntiVirus Trojan 20120511
Kaspersky HEUR:Trojan.Win32.Generic 20120513
McAfee PWS-FABU!9BF233A4A8EE 20120512
McAfee-GW-Edition Heuristic.BehavesLike.Win32.ModifiedUPX.J 20120513
Microsoft Trojan:Win32/Vundo.PJ 20120513
NOD32 a variant of Win32/Kryptik.ACJN 20120513
Panda Bck/Qbot.AO 20120513
Sophos AV Mal/ZboCheMan-F 20120513
TheHacker Posible_Worm32 20120513
TrendMicro TROJ_GEN.R01CDDE 20120513
TrendMicro-HouseCall TROJ_GEN.R01CDDE 20120513
VBA32 TrojanDropper.Dapato.akfx 20120511
VirusBuster Trojan.DR.Dapato!LjpqGVTcdFA 20120513
Antiy-AVL 20120513
ByteHero 20120511
Comodo 20120513
eSafe 20120509
Fortinet 20120508
Norman 20120513
nProtect 20120513
PCTools 20120513
Rising 20120511
SUPERAntiSpyware 20120512
Symantec 20120513
VIPRE 20120513
ViRobot 20120513
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Publisher Siemens Informatica S.p.A.
File version 8.1
Description Shrank Biker Says
Packers identified
Command UPX_LZMA
F-PROT UPX_LZMA
PEiD UPX 2.93 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2010-03-08 08:12:28
Entry Point 0x00045AA0
Number of sections 3
PE sections
PE imports
LoadLibraryA, GetProcAddress, VirtualProtect, VirtualAlloc, VirtualFree, ExitProcess
RegSaveKeyW
IsZoomed
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
9.0

ImageVersion
5.1

FileVersionNumber
8.1.0.0

UninitializedDataSize
184320

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
4096

MIMEType
application/octet-stream

FileVersion
8.1

TimeStamp
2010:03:08 09:12:28+01:00

FileType
Win32 EXE

PEType
PE32

FileDescription
Shrank Biker Says

OSVersion
10.4

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Siemens Informatica S.p.A.

CodeSize
102400

FileSubtype
0

ProductVersionNumber
8.1.0.0

EntryPoint
0x45aa0

ObjectFileType
Executable application

File identification
MD5 9bf233a4a8eee89c63a5222e1a04bb6c
SHA1 76556427b6f2ce3fcbe1bb144b2a54ff47ab1b66
SHA256 cc4cee05bb449a648e77d08e2f0e067ec0bd2cfc9954f4aaccb269ba1f01c2cf
ssdeep
3072:8iIN1IAHSh9SR71FLP2lhM+Ny1PAPbrouh:PMPy673P8vyWPbroy

File size 128.0 KB ( 131072 bytes )
File type Win32 EXE
Magic literal
MS-DOS executable PE for MS Windows (GUI) Intel 80386 32-bit, UPX compressed

TrID UPX compressed Win32 Executable (37.5%)
Win32 EXE Yoda's Crypter (32.6%)
Win32 Executable Generic (10.4%)
Win32 Dynamic Link Library (generic) (9.3%)
Win16/32 Executable Delphi generic (2.5%)
Tags
upx

VirusTotal metadata
First submission 2012-05-13 18:17:18 UTC ( 5 years, 8 months ago )
Last submission 2012-05-23 12:28:40 UTC ( 5 years, 8 months ago )
File names 9bf233a4a8eee89c63a5222e1a04bb6c
file-3942634_exe
0.2984111442079419fdrgs.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!