× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: cfb94506f4816034410ecd86a378b9f29b912ecb68c88c8ae0bcad748968cb6c
File name: image.png
Detection ratio: 36 / 56
Analysis date: 2015-05-07 08:39:14 UTC ( 3 years, 8 months ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Trojan.Heur.RP.hmGfaK@wG1oi 20150507
Yandex Trojan.Agent!o7Leu6tuPJs 20150506
Antiy-AVL Trojan/Win32.Agent 20150507
Avast Win32:Malware-gen 20150507
AVG Agent5.XRB 20150507
AVware Trojan.Win32.Generic!BT 20150507
Baidu-International Trojan.Win32.Agent.RBS 20150507
BitDefender Gen:Trojan.Heur.RP.hmGfaK@wG1oi 20150507
Emsisoft Gen:Trojan.Heur.RP.hmGfaK@wG1oi (B) 20150507
ESET-NOD32 Win32/Agent.RBS 20150507
F-Secure Gen:Trojan.Heur.RP.hmGfaK@wG1oi 20150507
Fortinet W32/Agent.APJCJ!tr 20150507
GData Gen:Trojan.Heur.RP.hmGfaK@wG1oi 20150507
Ikarus Trojan.SuspectCRC 20150507
Jiangmin Trojan/Agent.kyia 20150506
K7AntiVirus Riskware ( 0040eff71 ) 20150507
K7GW Riskware ( 0040eff71 ) 20150507
Kaspersky Trojan.Win32.Agent.apjcj 20150507
Malwarebytes Spyware.Password 20150507
McAfee Artemis!5A454C795ECC 20150507
McAfee-GW-Edition BehavesLike.Win32.Downloader.cc 20150506
eScan Gen:Trojan.Heur.RP.hmGfaK@wG1oi 20150507
NANO-Antivirus Trojan.Win32.Agent.drdaos 20150507
Norman Troj_Generic_2.FGQL 20150506
Panda Generic Suspicious 20150506
Qihoo-360 HEUR/QVM11.1.Malware.Gen 20150507
Rising PE:Trojan.Win32.Generic.1897C5C6!412599750 20150506
Sophos AV Mal/Behav-034 20150507
Symantec Trojan.Gen.2 20150507
Tencent Win32.Trojan.Agent.Swbd 20150507
TheHacker Posible_Worm32 20150505
TotalDefense Win32/PackedBaidu 20150430
TrendMicro TROJ_GEN.R00GC0EE415 20150507
TrendMicro-HouseCall TROJ_GEN.R00GC0EE415 20150507
VIPRE Trojan.Win32.Generic!BT 20150507
ViRobot Trojan.Win32.A.Agent.123904.AH[h] 20150507
AegisLab 20150507
AhnLab-V3 20150506
Alibaba 20150507
ALYac 20150507
Bkav 20150506
ByteHero 20150507
CAT-QuickHeal 20150506
ClamAV 20150507
CMC 20150506
Comodo 20150507
Cyren 20150507
DrWeb 20150507
F-Prot 20150507
Kingsoft 20150507
Microsoft 20150507
nProtect 20150506
SUPERAntiSpyware 20150507
VBA32 20150506
Zillya 20150506
Zoner 20150507
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
F-PROT UPX
PEiD InstallAnywhere 6.1 ->Zero G Software Inc
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-04-28 14:48:50
Entry Point 0x000475E0
Number of sections 3
PE sections
PE imports
GetAdaptersInfo
VirtualFree
ExitProcess
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
ShellExecuteW
PathAppendW
wsprintfW
InternetOpenA
URLDownloadToFileA
Number of PE resources by type
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2015:04:28 15:48:50+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
122880

LinkerVersion
12.0

ImageFileCharacteristics
Executable, 32-bit

EntryPoint
0x475e0

InitializedDataSize
4096

SubsystemVersion
5.1

ImageVersion
0.0

OSVersion
5.1

UninitializedDataSize
167936

File identification
MD5 5a454c795eccf94bf6213fcc4ee65e6d
SHA1 d6cbde62f1dec93e0eaf32828e0aa1518acd0e7d
SHA256 cfb94506f4816034410ecd86a378b9f29b912ecb68c88c8ae0bcad748968cb6c
ssdeep
3072:AsxV1EXTAxONbuG32Rej+r7JXvTYmJ9YUyTbDqT:AsxVYA8X32RPr7ZvTYmJ9YUGG

authentihash f7dc15b82106dd23e7157943a1a26be39a8f8dd979f57d9872295e9a99011c6a
imphash 19002c4da60aefd46bc39ac70f865b49
File size 121.0 KB ( 123904 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID UPX compressed Win32 Executable (38.2%)
Win32 EXE Yoda's Crypter (37.5%)
Win32 Dynamic Link Library (generic) (9.2%)
Win32 Executable (generic) (6.3%)
OS/2 Executable (generic) (2.8%)
Tags
peexe upx

VirusTotal metadata
First submission 2015-04-28 16:37:09 UTC ( 3 years, 8 months ago )
Last submission 2018-05-24 21:19:47 UTC ( 8 months ago )
File names image.png
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

TrendMicro-HouseCall
TrendMicro's heuristic engine has flagged this file as: TROJ_GEN.R002C0EKK15.

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Copied files
Deleted files
Created processes
Shell commands
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
HTTP requests
DNS requests
TCP connections
UDP communications