× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: cfffe2f8918d685987772bfcd193bf1d6f8943298260b6c386d0aca5db38653c
Detection ratio: 13 / 43
Analysis date: 2011-02-09 05:28:27 UTC ( 7 years, 11 months ago )
Antivirus Result Update
Avast Win32:SpyBot-GFX 20110208
Avast5 Win32:SpyBot-GFX 20110208
AVG Dropper.Generic_c.JCP 20110209
Emsisoft Trojan-Dropper.SuspectCRC!IK 20110209
eSafe Win32.WS.Reputation 20110208
eTrust-Vet Win32/Susp.BHOPlugin_i 20110208
GData Win32:SpyBot-GFX 20110209
Ikarus Trojan-Dropper.SuspectCRC 20110209
Norman W32/Delf.C!genr 20110208
Panda Suspicious file 20110208
SUPERAntiSpyware Rogue.Installer[Partner] 20110209
Symantec WS.Reputation.1 20110209
VIPRE Trojan.Win32.Generic!BT 20110209
AhnLab-V3 20110206
AntiVir 20110208
Antiy-AVL 20110128
BitDefender 20110209
CAT-QuickHeal 20110209
ClamAV 20110209
Commtouch 20110209
Comodo 20110209
DrWeb 20110209
F-Prot 20110204
F-Secure 20110209
Fortinet 20110208
Jiangmin 20110208
K7AntiVirus 20110208
Kaspersky 20110209
McAfee 20110209
McAfee-GW-Edition 20110208
Microsoft 20110208
NOD32 20110208
nProtect 20110202
PCTools 20110208
Prevx 20110209
Rising 20110209
Sophos AV 20110209
TheHacker 20110208
TrendMicro 20110209
TrendMicro-HouseCall 20110209
VBA32 20110208
ViRobot 20110209
VirusBuster 20110208
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file.
PE header basic information
Number of sections 4
PE sections
PE imports
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegCloseKey
RegCreateKeyExA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
SetFileSecurityA
SetFileSecurityW
1 more function(s) imported by ordinal)
CommDlgExtendedError
GetOpenFileNameA
GetSaveFileNameA
DeleteObject
CloseHandle
CompareStringA
CreateDirectoryA
CreateDirectoryW
CreateFileA
CreateFileW
DeleteFileA
DeleteFileW
DosDateTimeToFileTime
ExitProcess
ExpandEnvironmentStringsA
FileTimeToLocalFileTime
FileTimeToSystemTime
FindClose
FindFirstFileA
FindFirstFileW
FindNextFileA
FindNextFileW
FindResourceA
FreeLibrary
GetCPInfo
GetCommandLineA
GetCurrentDirectoryA
GetCurrentProcess
GetDateFormatA
GetFileAttributesA
GetFileAttributesW
GetFileType
GetFullPathNameA
GetLastError
GetLocaleInfoA
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
GetNumberFormatA
GetProcAddress
GetProcessHeap
GetStdHandle
GetSystemTime
GetTempPathA
GetTickCount
GetTimeFormatA
GetVersionExA
GlobalAlloc
HeapAlloc
HeapFree
HeapReAlloc
IsDBCSLeadByte
LoadLibraryA
LocalFileTimeToFileTime
MoveFileA
MoveFileExA
MultiByteToWideChar
ReadFile
SetCurrentDirectoryA
SetEndOfFile
SetEnvironmentVariableA
SetFileAttributesA
SetFileAttributesW
SetFilePointer
SetFileTime
SetLastError
Sleep
SystemTimeToFileTime
WaitForSingleObject
WideCharToMultiByte
WriteFile
lstrcmpiA
lstrlenA
CLSIDFromString
CoCreateInstance
CreateStreamOnHGlobal
OleInitialize
OleUninitialize
SHBrowseForFolderA
SHChangeNotify
SHFileOperationA
SHGetFileInfoA
SHGetMalloc
SHGetSpecialFolderLocation
ShellExecuteExA
SHGetPathFromIDListA
CharToOemA
CharToOemBuffA
CharUpperA
CopyRect
CreateWindowExA
DefWindowProcA
DestroyIcon
DestroyWindow
DialogBoxParamA
DispatchMessageA
EnableWindow
EndDialog
FindWindowExA
GetClassNameA
GetClientRect
GetDlgItem
GetDlgItemTextA
GetMessageA
GetParent
GetSysColor
GetSystemMetrics
GetWindow
GetWindowLongA
GetWindowRect
GetWindowTextA
IsWindow
IsWindowVisible
LoadBitmapA
LoadCursorA
LoadIconA
LoadStringA
MapWindowPoints
MessageBoxA
OemToCharA
OemToCharBuffA
PeekMessageA
PostMessageA
RegisterClassExA
SendDlgItemMessageA
SendMessageA
SetDlgItemTextA
SetFocus
SetMenu
SetWindowLongA
SetWindowPos
SetWindowTextA
ShowWindow
TranslateMessage
UpdateWindow
WaitForInputIdle
wsprintfA
wvsprintfA
File identification
MD5 ba9e3a80f55db5963d70e5390eaaa02e
SHA1 d3097d5c909593282e34f8aa0f3c70726bf3af2c
SHA256 cfffe2f8918d685987772bfcd193bf1d6f8943298260b6c386d0aca5db38653c
ssdeep
24576:iI5v7uBGfIvG8nu9FniqXTUuOETqa0jEL0u:iI57vwvyHniqTyS50QLf

File size 980.2 KB ( 1003699 bytes )
File type Win32 EXE
Magic literal

TrID WinRAR Self Extracting archive (95.7%)
Win32 Executable Generic (1.5%)
Win32 Dynamic Link Library (generic) (1.4%)
Win32 Executable Watcom C++ (generic) (0.4%)
Generic Win/DOS Executable (0.3%)
VirusTotal metadata
First submission 2010-05-27 12:23:32 UTC ( 8 years, 8 months ago )
Last submission 2011-02-09 05:28:27 UTC ( 7 years, 11 months ago )
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!