× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: d02323c52b3142ffbfc2a8d92a4202022d2671ba18b4efbe7569863817e550e6
File name: 4bb6988207b7e64c91181ab3a7a82e3e
Detection ratio: 43 / 52
Analysis date: 2016-01-22 09:36:31 UTC ( 2 years, 5 months ago )
Antivirus Result Update
Ad-Aware Trojan.Dropper.RRR 20160122
Yandex TrojanSpy.Banker.Gen.2 20160121
AhnLab-V3 Trojan/Win32.Banker 20160121
Antiy-AVL Trojan[Banker]/Win32.Banker 20160122
Arcabit Trojan.Dropper.RRR 20160122
Avast Win32:Trojan-gen 20160122
AVG PSW.Banker4.AFHA 20160121
Baidu-International Trojan.Win32.Banker.nkl 20160122
BitDefender Trojan.Dropper.RRR 20160122
ClamAV Win.Trojan.Banker-12525 20160122
CMC Generic.Win32.4bb6988207!CMCRadar 20160111
Comodo TrojWare.Win32.Trojan.Agent.Gen 20160122
Cyren W32/Trojan.ICEY-9228 20160122
DrWeb Trojan.MulDrop.12443 20160122
Emsisoft Trojan.Dropper.RRR (B) 20160122
ESET-NOD32 a variant of Win32/Spy.Agent.NFT 20160122
F-Prot W32/Trojan2.BVCL 20160122
F-Secure Trojan-Spy:W32/Ambler.gen!B 20160122
Fortinet W32/Dropper.AUP!tr 20160122
GData Trojan.Dropper.RRR 20160122
Ikarus Trojan-Spy.Finanz.J 20160122
Jiangmin Trojan/PSW.Magania.jkf 20160122
K7AntiVirus Spyware ( 00006b4e1 ) 20160122
K7GW Spyware ( 00006b4e1 ) 20160122
Kaspersky Trojan-Banker.Win32.Banker.nkl 20160122
McAfee PWS-Banker.gen.bq 20160122
McAfee-GW-Edition BehavesLike.Win32.FakeAlert.nc 20160122
Microsoft TrojanDropper:Win32/Ambler.A 20160122
eScan Trojan.Dropper.RRR 20160122
NANO-Antivirus Trojan.Win32.Banker.tvru 20160122
nProtect Trojan-Spy/W32.Banker.101376.D 20160121
Panda Trj/Genetic.gen 20160121
Rising PE:Malware.Generic(Thunder)!1.A1C4 [F] 20160122
Sophos AV Mal/Generic-S 20160122
Symantec Downloader 20160121
TheHacker Trojan/Banker.nkl 20160119
TotalDefense Win32/Ambler!generic 20160121
TrendMicro TROJ_MEREDROP.CJ 20160122
TrendMicro-HouseCall TROJ_MEREDROP.CJ 20160122
VBA32 BScope.Trojan.Agent 20160121
VIPRE Trojan.Win32.Generic!BT 20160122
ViRobot Trojan.Win32.A.Banker.101376[h] 20160122
Zillya Trojan.Agent.Win32.246455 20160121
AegisLab 20160122
Alibaba 20160122
Bkav 20160121
ByteHero 20160122
CAT-QuickHeal 20160122
Malwarebytes 20160122
SUPERAntiSpyware 20160122
Tencent 20160122
Zoner 20160122
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
PEiD Armadillo v1.71
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2008-01-19 20:56:08
Entry Point 0x00002078
Number of sections 4
PE sections
PE imports
GetModuleHandleA
GetEnvironmentVariableA
lstrcatA
DeleteFileA
lstrcpyA
GetStartupInfoA
GetModuleFileNameA
MoveFileExA
GetShortPathNameA
__p__fmode
malloc
fclose
strcat
fopen
strlen
_except_handler3
fwrite
memcpy
exit
_XcptFilter
__setusermatherr
_adjust_fdiv
_acmdln
_exit
__p__commode
free
__getmainargs
calloc
_initterm
strcpy
_controlfp
strcmp
__set_app_type
Number of PE resources by type
LMX 1
MOD 1
DOM 1
Number of PE resources by language
RUSSIAN 3
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2008:01:19 21:56:08+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
5120

LinkerVersion
6.0

FileTypeExtension
exe

InitializedDataSize
95232

SubsystemVersion
4.0

EntryPoint
0x2078

OSVersion
4.0

ImageVersion
0.0

UninitializedDataSize
0

Compressed bundles
File identification
MD5 4bb6988207b7e64c91181ab3a7a82e3e
SHA1 1dac91f665dc95aaca168004620b79f00d2682f9
SHA256 d02323c52b3142ffbfc2a8d92a4202022d2671ba18b4efbe7569863817e550e6
ssdeep
3072:FKCccL9pMnl5Ly+qCbnwIB0hvQ//WMERNdQaMY3Dw:FKCRL9pMnl5Ly+qOwIo8+3NpDw

authentihash 24425725e6b7fccecdcf72163f1d15ed49015f09aa8d3c43d4d81dfa928ed11f
imphash c892ef074d3d626b1309c879f4c0e774
File size 99.0 KB ( 101376 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Tags
peexe armadillo

VirusTotal metadata
First submission 2011-04-17 19:56:41 UTC ( 7 years, 2 months ago )
Last submission 2015-05-11 03:06:42 UTC ( 3 years, 1 month ago )
File names Trojan-Spy.Win32.Banker.nkl
MtVx3SRkVb.chm
Trojan-Spy.Win32.Banker.nkl
file-4264802_
Trojan-Spy.Win32.Banker.nkl.bin
4bb6988207b7e64c91181ab3a7a82e3e
4bb6988207b7e64c91181ab3a7a82e3e1dac91f665dc95aaca168004620b79f00d2682f9101376.exe
aa
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!