× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: cd902b92042435c2d70d4bf59acc2de8229bfc367626961f76c03f75dcd7e95c
File name: CD902B92042435C2D70D4BF59ACC2DE8229BFC367626961F76C03F75DCD7E95C.dat
Detection ratio: 17 / 43
Analysis date: 2011-04-01 09:26:26 UTC ( 3 years ago ) View latest
Antivirus Result Update
AhnLab-V3 Trojan/Win32.FakeAV 20110401
Avast Win32:FraudTool-TQ 20110331
Avast5 Win32:FraudTool-TQ 20110401
BitDefender Trojan.Generic.KDV.173712 20110401
ClamAV PUA.Packed.ASPack 20110401
Comodo TrojWare.Win32.Trojan.Agent.Gen 20110401
GData Trojan.Generic.KDV.173712 20110401
Kaspersky Trojan.Win32.FakeAv.bzzc 20110401
Microsoft Rogue:Win32/FakePAV 20110401
NOD32 a variant of Win32/Adware.PrivacyGuard2010.AV 20110401
Norman W32/FakeAV.ADIK 20110401
Panda Trj/Genetic.gen 20110331
SUPERAntiSpyware Trojan.Agent/Gen-FakeAlert 20110401
Sophos Mal/FakeAV-IP 20110401
Symantec Trojan.FakeAV 20110401
TrendMicro-HouseCall TROJ_FAKEAV.ASM 20110401
VIPRE FraudTool.Win32.PrivacyCenter.ek!a (v) 20110401
AVG 20110331
AntiVir 20110401
Antiy-AVL 20110331
CAT-QuickHeal 20110401
Commtouch 20110324
DrWeb 20110401
Emsisoft 20110401
F-Prot 20110401
F-Secure 20110323
Fortinet 20110401
Ikarus 20110401
Jiangmin 20110331
K7AntiVirus 20110401
McAfee 20110401
McAfee-GW-Edition 20110401
PCTools 20110330
Prevx 20110401
Rising 20110331
TheHacker 20110401
TrendMicro 20110401
VBA32 20110331
ViRobot 20110401
VirusBuster 20110331
eSafe 20110401
eTrust-Vet 20110401
nProtect 20110215
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block
Signature verification An error occurred while reading or writing to a file.
Packers identified
Command Aspack, Aspack
F-PROT Aspack, Aspack
PEiD ASProtect v1.23 RC1
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2011-03-31 05:24:59
Link date 6:24 AM 3/31/2011
Entry Point 0x00001000
Number of sections 11
PE sections
PE imports
RegCloseKey
FlatSB_GetScrollInfo
AbortDoc
GdipAddPathArc
GetProcAddress
GetModuleHandleA
LoadLibraryA
RaiseException
AlphaBlend
CLSIDFromString
GetActiveObject
VariantChangeTypeEx
ExtractIconA
SHGetFolderPathA
PathFindExtensionA
ActivateKeyboardLayout
GetFileVersionInfoSizeW
timeGetTime
ClosePrinter
WSACleanup
PE exports
Number of PE resources by type
RT_RCDATA 92
RT_STRING 23
RT_ICON 18
RT_BITMAP 12
RT_GROUP_CURSOR 7
RT_CURSOR 7
RT_DIALOG 2
RT_GROUP_ICON 2
Number of PE resources by language
NEUTRAL 136
ENGLISH US 27
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2011:03:31 06:24:59+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
2203648

LinkerVersion
5.0

FileAccessDate
2014:02:20 08:37:21+01:00

EntryPoint
0x1000

InitializedDataSize
176128

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

FileCreateDate
2014:02:20 08:37:21+01:00

UninitializedDataSize
0

File identification
MD5 815d77f8fca509dde1abeafabed30b65
SHA1 1b3c35afb76c53cd9507fffee46fb58c29e72bc1
SHA256 cd902b92042435c2d70d4bf59acc2de8229bfc367626961f76c03f75dcd7e95c
ssdeep
49152:JQTODnZMbSJIM5FZYbsjjhBZN79Sf4sxnDytppnYaDy:JTDnZvaQZYmhBZNhg4LtphYam

imphash 51bee48f6e75750cbaf7d95727697607
File size 2.2 MB ( 2307072 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.4%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
VXD Driver (0.2%)
Tags
peexe asprotect aspack

VirusTotal metadata
First submission 2011-03-31 10:18:37 UTC ( 3 years ago )
Last submission 2014-02-20 07:37:01 UTC ( 2 months ago )
File names freesystemscan.exe
815d77f8fca509dde1abeafabed30b65
ehpoji.exe
sample.xxx
CD902B92042435C2D70D4BF59ACC2DE8229BFC367626961F76C03F75DCD7E95C.dat
a.exe
tpwnpu.exe
815d77f8fca509dde1abeafabed30b65
Advanced heuristic and reputation engines
ClamAV PUA
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: http://www.clamav.net/index.php?s=pua&lang=en .

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!