× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: ce7f5818b607fa6374d0e6bbb9f88d98d5d837e6212cf90203e4666b53df3fdf
File name: b173a9b450bef5b2027e19e1ef78f7a2
Detection ratio: 29 / 43
Analysis date: 2011-07-09 18:13:08 UTC ( 5 years, 9 months ago )
Antivirus Result Update
AhnLab-V3 Trojan/Win32.FakeAlert 20110709
AntiVir TR/PSW.Zbot.Y.944 20110708
Avast5 Win32:FakeAlert-AMP [Trj] 20110709
AVG Clicker.11.AB 20110709
BitDefender Gen:Variant.Kazy.24723 20110709
CAT-QuickHeal Trojan.FakeAV 20110709
Comodo TrojWare.Win32.Kryptik.OKR 20110709
DrWeb BackDoor.Zbot.53 20110709
Emsisoft Trojan-PWS.Win32.Zbot!IK 20110709
F-Secure Gen:Variant.Kazy.24723 20110709
Fortinet W32/Krap.AON!tr 20110709
GData Gen:Variant.Kazy.24723 20110709
Ikarus Trojan-PWS.Win32.Zbot 20110709
Kaspersky Trojan-Spy.Win32.Zbot.bpud 20110709
McAfee Generic FakeAlert.by 20110709
McAfee-GW-Edition Generic FakeAlert.by 20110709
Microsoft PWS:Win32/Zbot.gen!AF 20110709
NOD32 a variant of Win32/Kryptik.OKR 20110709
Norman W32/Kryptik.YI 20110709
nProtect Gen:Variant.Kazy.24723 20110709
Panda Adware/WindowsRecovery 20110709
PCTools Trojan.Gen 20110708
Sophos Mal/FakeAV-EA 20110709
SUPERAntiSpyware Trojan.Agent/Gen-FakeAlert[Wt] 20110709
Symantec Trojan.Gen.2 20110709
TrendMicro TROJ_KRYPTO.SMIQ 20110709
TrendMicro-HouseCall TROJ_KRYPTO.SMIQ 20110709
VBA32 BScope.Trojan.Fraudload.1621 20110708
VIPRE Trojan.Win32.FakeAv.awrp (v) 20110709
Antiy-AVL 20110709
Avast 20110709
ClamAV 20110709
Commtouch 20110709
eSafe 20110707
eTrust-Vet 20110708
F-Prot 20110709
Jiangmin 20110709
K7AntiVirus 20110708
Prevx 20110709
Rising 20110708
TheHacker 20110708
ViRobot 20110709
VirusBuster 20110709
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file.
FileVersionInfo properties
Copyright
GPL v2

Publisher WinTrust
Product WtrLdr
Original name WTRLDR.EXE
Internal name WTRLDR
File version 1.8.0.0
Description WTR Loader
PE header basic information
Number of sections 6
PE sections
PE imports
CryptEnumOIDInfo
GetTextMetricsA
GetTextMetricsW
GetTextExtentPointW
SelectObject
GetTextExtentPointA
DeleteObject
LeaveCriticalSection
GetCurrentProcess
GetCurrentThreadId
GetCommandLineA
FileTimeToSystemTime
HeapAlloc
QueryPerformanceCounter
GetProcAddress
GetSystemTimeAsFileTime
UnhandledExceptionFilter
Sleep
GetLastError
DeleteCriticalSection
lstrlenW
TerminateProcess
VirtualAlloc
HeapFree
lstrlenA
EnterCriticalSection
WinExec
SetProcessWorkingSetSize
CompareFileTime
GetCurrentProcessId
GetDateFormatA
GetTickCount
lstrcmpiA
HeapReAlloc
InterlockedCompareExchange
SamRemoveMultipleMembersFromAlias
CallMsgFilterA
RtlUnwind
File identification
MD5 b173a9b450bef5b2027e19e1ef78f7a2
SHA1 b6be04c1dbe85193f72bf5a86f06919bd5161496
SHA256 ce7f5818b607fa6374d0e6bbb9f88d98d5d837e6212cf90203e4666b53df3fdf
ssdeep
3072:MrqpodZmESMOop22zlTOGg/24YyMOEFfHUpamgeRdWZY8ezK2BUMMnMMMMMX7I7H:Yq2/m2Oop2clabLhMOEJmgeRQyPz/KMO

File size 179.5 KB ( 183808 bytes )
File type Win32 EXE
Magic literal

TrID Generic Win/DOS Executable (49.9%)
DOS Executable Generic (49.8%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)
VirusTotal metadata
First submission 2011-07-09 18:13:08 UTC ( 5 years, 9 months ago )
Last submission 2011-07-09 18:13:08 UTC ( 5 years, 9 months ago )
File names b173a9b450bef5b2027e19e1ef78f7a2
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!