× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: cd2b93b0eb94e43f05bab9ed75de89c868531e89073fea035efa21399d9fb0b7
File name: cd2b93b0eb94e43f05bab9ed75de89c868531e89073fea035efa21399d9fb0b7
Detection ratio: 25 / 42
Analysis date: 2012-07-11 18:48:28 UTC ( 6 years, 8 months ago ) View latest
Antivirus Result Update
AhnLab-V3 Win-Trojan/Agent.124416.MH 20120711
AntiVir TR/Agent.124416.197 20120711
Avast Win32:Malware-gen 20120711
AVG PSW.Banker6.LJJ 20120711
BitDefender DeepScan:Generic.Malware.P!.7512935C 20120711
Comodo UnclassifiedMalware 20120711
F-Secure DeepScan:Generic.Malware.P!.7512935C 20120711
Fortinet W32/Banker.DPS!tr 20120711
GData DeepScan:Generic.Malware.P!.7512935C 20120711
Jiangmin Trojan/Banker.Agent.bsg 20120711
K7AntiVirus Trojan 20120711
Kaspersky Trojan-Banker.Win32.Agent.fyn 20120711
McAfee PWS-Banker!h2g 20120711
McAfee-GW-Edition PWS-Banker!h2g 20120711
NOD32 probably a variant of Win32/Spy.Banker.IBEJJHN 20120711
Norman W32/Suspicious_Gen2.SWQYM 20120711
Panda Generic Malware 20120711
Sophos AV Troj/Agent-TZR 20120711
Symantec WS.Reputation.1 20120711
TheHacker Trojan/Agent.hsm 20120711
TrendMicro TSPY_BANKER.DPS 20120711
TrendMicro-HouseCall TSPY_BANKER.DPS 20120711
VBA32 TrojanBanker.Agent.hsm 20120711
VIPRE Trojan-PWS.Banker 20120711
VirusBuster Trojan.PWS.Agent!CkQE8KoGwpk 20120711
Antiy-AVL 20120711
ByteHero 20120626
CAT-QuickHeal 20120711
ClamAV 20120711
Commtouch 20120711
DrWeb 20120711
Emsisoft 20120711
eSafe 20120710
F-Prot 20120711
Ikarus 20120711
Microsoft 20120711
nProtect 20120711
PCTools 20120711
Rising 20120711
SUPERAntiSpyware 20120711
TotalDefense 20120710
ViRobot 20120711
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1992-06-19 22:22:17
Entry Point 0x0001A79C
Number of sections 8
PE sections
PE imports
CloseServiceHandle
RegCloseKey
StartServiceCtrlDispatcherA
OpenServiceA
SetServiceStatus
CreateServiceA
QueryServiceStatus
RegQueryValueExA
ControlService
DeleteService
RegOpenKeyExA
OpenSCManagerA
RegisterServiceCtrlHandlerA
GetLastError
EnumCalendarInfoA
GetStdHandle
EnterCriticalSection
FileTimeToDosDateTime
lstrlenA
WaitForSingleObject
FreeLibrary
ExitProcess
GetThreadLocale
GetVersionExA
GetModuleFileNameA
RtlUnwind
DuplicateHandle
GetLocalTime
DeleteCriticalSection
GetStartupInfoA
GetDateFormatA
LoadLibraryExA
GetLocaleInfoA
LocalAlloc
OpenProcess
VirtualQueryEx
DeleteFileA
GetCPInfo
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
ReadProcessMemory
GetCommandLineA
GetProcAddress
GetCurrentThread
SuspendThread
SetFilePointer
RaiseException
CompareStringA
CloseHandle
WideCharToMultiByte
GetModuleHandleA
FindFirstFileA
FormatMessageA
WriteFile
GetCurrentProcess
ReadFile
ResetEvent
lstrcpynA
FindNextFileA
GetACP
GetDiskFreeSpaceA
GetCurrentThreadId
FileTimeToLocalFileTime
GetFullPathNameA
SetEvent
LocalFree
ResumeThread
InitializeCriticalSection
VirtualQuery
VirtualFree
CreateEventA
FindClose
InterlockedDecrement
Sleep
GetFileType
SetEndOfFile
TlsSetValue
CreateFileA
GetStringTypeExA
GetVersion
LeaveCriticalSection
VirtualAlloc
GetFileSize
InterlockedIncrement
VariantChangeType
SafeArrayGetLBound
SafeArrayPtrOfIndex
SysAllocStringLen
VariantClear
SafeArrayCreate
SysReAllocStringLen
SafeArrayGetUBound
VariantCopy
SysFreeString
VariantInit
GetSystemMetrics
LoadStringA
CharLowerA
CharNextA
CharUpperBuffA
MessageBoxA
CharUpperA
GetKeyboardType
CharToOemA
Number of PE resources by type
RT_STRING 7
RT_RCDATA 2
Number of PE resources by language
NEUTRAL 9
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
1992:06:19 23:22:17+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
104960

LinkerVersion
2.25

ImageFileCharacteristics
Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi

EntryPoint
0x1a79c

InitializedDataSize
18432

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 100b5329e32dc033eb5e0523dedf4009
SHA1 b8c1f7d28977e80550fcbaf2c10b222caea53be8
SHA256 cd2b93b0eb94e43f05bab9ed75de89c868531e89073fea035efa21399d9fb0b7
ssdeep
3072:yQFlwl2Yg0GKwN/yvAKrXWL5XJ2mhGt4DQFu/U3buRKlemZ9DnGAeOFDrdpDYmgE:xS2fTh9W4DQFu/U3buRKlemZ9DnGAewQ

authentihash ed8d2887f34ae572e227905a88f44f879301b666dde7736ada9086f5a2cd454a
imphash 8fe73b292d355d567a3feb6f9560b6fb
File size 121.5 KB ( 124416 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win32 Executable Borland Delphi 7 (95.2%)
Win32 Executable Delphi generic (2.0%)
Win32 Dynamic Link Library (generic) (0.9%)
Win32 Executable (generic) (0.6%)
Win16/32 Executable Delphi generic (0.2%)
Tags
peexe

VirusTotal metadata
First submission 2011-09-01 20:24:51 UTC ( 7 years, 6 months ago )
Last submission 2015-12-22 13:13:25 UTC ( 3 years, 2 months ago )
File names aa
b8c1f7d28977e80550fcbaf2c10b222caea53be8
cd2b93b0eb94e43f05bab9ed75de89c868531e89073fea035efa21399d9fb0b7.exe
file-4242767_exe
cd2b93b0eb94e43f05bab9ed75de89c868531e89073fea035efa21399d9fb0b7
malware.exe
vti-rescan
100b5329e32dc033eb5e0523dedf4009.virus
O_UezaGMl.tar.bz2
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!