× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: d049f663151bc341578773f2ba4c56672ca489ba8ef0c22d37cb03711d013129
File name: 56053_a4443e99f0567257a2caa7fe6a9422861fec3088_pp.14.ex
Detection ratio: 38 / 42
Analysis date: 2012-05-08 23:44:53 UTC ( 6 years, 10 months ago )
Antivirus Result Update
AhnLab-V3 Trojan/Win32.VBKrypt 20120508
AntiVir TR/Dropper.Gen 20120508
Avast Win32:Inject-ABT [Trj] 20120508
AVG Dropper.Generic.BNTT 20120508
BitDefender Worm.Generic.228797 20120508
Commtouch W32/Koobface.FV 20120508
Comodo TrojWare.Win32.Trojan.Agent.Gen 20120508
DrWeb Trojan.PWS.LDPinch.1941 20120509
Emsisoft Trojan-Spy.Win32.Zbot!IK 20120509
eSafe Win32.TRDropper 20120506
eTrust-Vet Win32/Koobface.KD 20120508
F-Prot W32/Koobface.FV 20120508
F-Secure Net-Worm:W32/Koobface.GH 20120508
Fortinet W32/VB.WL!tr 20120508
GData Worm.Generic.228797 20120508
Ikarus Trojan-Spy.Win32.Zbot 20120508
Jiangmin Worm/Koobface.aln 20120508
K7AntiVirus EmailWorm 20120508
Kaspersky Net-Worm.Win32.Koobface.dcg 20120508
McAfee Artemis!9F87EF8DA42E 20120509
McAfee-GW-Edition Heuristic.BehavesLike.Win32.Downloader.D 20120508
Microsoft VirTool:Win32/VBInject.DS 20120508
NOD32 a variant of Win32/Injector.ASJ 20120509
Norman W32/Koobface.HKH 20120508
nProtect Worm.Generic.228797 20120509
Panda W32/Koobface.HY.worm 20120508
PCTools Net-Worm.Koobface.B!rem 20120509
Rising Trojan.Win32.Generic.11E5565B 20120507
Sophos AV Mal/Behav-370 20120509
SUPERAntiSpyware Trojan.Agent/Gen-Koobface[Bonkers] 20120411
Symantec W32.Koobface.D 20120509
TheHacker W32/Koobface.dcg 20120508
TrendMicro WORM_KOOBFACE.IC 20120508
TrendMicro-HouseCall WORM_KOOBFACE.IC 20120508
VBA32 SScope.Trojan.VB.090 20120508
VIPRE Trojan.Win32.Generic.pak!cobra 20120508
ViRobot Worm.Win32.Net-Koobface.31744.L 20120508
VirusBuster Worm.Koobface!brbk6qEiY80 20120508
Antiy-AVL 20120508
ByteHero 20120507
CAT-QuickHeal 20120508
ClamAV 20120509
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
Command UPX
F-PROT UPX
PEiD UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2010-01-22 13:36:44
Entry Point 0x0000EC50
Number of sections 3
PE sections
PE imports
LoadLibraryA, GetProcAddress, ExitProcess
CallWindowProcA
ExifTool file metadata
UninitializedDataSize
28672

InitializedDataSize
4096

ImageVersion
1.0

FileVersionNumber
1.0.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

CharacterSet
Unicode

LinkerVersion
6.0

FileOS
Win32

MIMEType
application/octet-stream

TimeStamp
2010:01:22 05:36:44-08:00

FileType
Win32 EXE

PEType
PE32

SubsystemVersion
4.0

OSVersion
4.0

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
28672

FileSubtype
0

ProductVersionNumber
1.0.0.0

EntryPoint
0xec50

ObjectFileType
Executable application

File identification
MD5 9f87ef8da42e93964d34bc413d2eb3b0
SHA1 a4443e99f0567257a2caa7fe6a9422861fec3088
SHA256 d049f663151bc341578773f2ba4c56672ca489ba8ef0c22d37cb03711d013129
ssdeep
768:y9FG0ZUKyRnEq7GiMT7Ogr6wMZcg2YkR:0ZURhMThDMSCkR

File size 31.0 KB ( 31744 bytes )
File type Win32 EXE
Magic literal
MS-DOS executable PE for MS Windows (GUI) Intel 80386 32-bit, UPX compressed

TrID UPX compressed Win32 Executable (43.8%)
Win32 EXE Yoda's Crypter (38.1%)
Win32 Executable Generic (12.2%)
Generic Win/DOS Executable (2.8%)
DOS Executable Generic (2.8%)
Tags
upx

VirusTotal metadata
First submission 2010-01-22 17:28:21 UTC ( 9 years, 2 months ago )
Last submission 2012-05-08 23:44:53 UTC ( 6 years, 10 months ago )
File names tmdv6S5.tif
56053_a4443e99f0567257a2caa7fe6a9422861fec3088_pp.14.ex
aa
1W3FrO66S.tiff
Behaviour characterization
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!