× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: d092e41b55ebebb61197af9818d51c8688bbc1ae0d7b2c9bdd83796d48f90bf0
File name: e621ca05_backup.exe
Detection ratio: 35 / 54
Analysis date: 2014-07-11 13:09:48 UTC ( 4 years, 8 months ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Barys.4183 20140711
Yandex Worm.Ngrbot!ZTWIadzQW7E 20140711
AntiVir Worm/Ngrbot.adwm 20140711
Antiy-AVL Worm/Win32.Ngrbot 20140711
Avast MSIL:Dropper-ZW [Cryp] 20140711
AVG Dropper.Msil.CQ 20140711
Baidu-International Trojan.MSIL.Dropper.ABD 20140711
BitDefender Gen:Variant.Barys.4183 20140711
CAT-QuickHeal Worm.Ngrbot.g3 20140711
Commtouch W32/MSIL_Troj.CE.gen!Eldorado 20140711
DrWeb BackDoor.IRC.NgrBot.42 20140711
Emsisoft Gen:Variant.Barys.4183 (B) 20140711
ESET-NOD32 a variant of MSIL/TrojanDropper.Agent.ABD 20140711
F-Prot W32/MSIL_Troj.CE.gen!Eldorado 20140711
F-Secure Gen:Variant.Barys.4183 20140711
Fortinet MSIL/Dropper.XXX!tr 20140711
GData Gen:Variant.Barys.4183 20140711
Ikarus Win32.SuspectCrc 20140711
K7AntiVirus Trojan ( 0048ca881 ) 20140710
K7GW Trojan ( 0048ca881 ) 20140711
Kaspersky Worm.Win32.Ngrbot.adun 20140711
Malwarebytes Backdoor.IRCBot.SVCGen 20140711
McAfee Dropper-FII!3BAC5B271A65 20140711
McAfee-GW-Edition Dropper-FII!3BAC5B271A65 20140711
Microsoft Worm:Win32/Dorkbot 20140711
eScan Gen:Variant.Barys.4183 20140711
NANO-Antivirus Trojan.Win32.Ngrbot.cxiigg 20140711
Norman Barys.G 20140711
Panda Generic Malware 20140711
Qihoo-360 HEUR/Malware.QVM03.Gen 20140711
SUPERAntiSpyware Trojan.Agent/Gen-Barys 20140711
Symantec WS.Reputation.1 20140711
TrendMicro TROJ_GEN.R047C0DDU14 20140711
TrendMicro-HouseCall TROJ_GEN.R047C0DDU14 20140711
VIPRE Trojan.MSIL.Agent.abd (v) 20140711
AegisLab 20140711
AhnLab-V3 20140711
Bkav 20140711
ByteHero 20140711
ClamAV 20140711
CMC 20140711
Comodo 20140711
Jiangmin 20140711
Kingsoft 20140711
nProtect 20140711
Rising 20140711
Sophos AV 20140711
Tencent 20140711
TheHacker 20140711
TotalDefense 20140711
VBA32 20140710
ViRobot 20140711
Zillya 20140710
Zoner 20140711
File identification
MD5 3bac5b271a655c532ec20086dfb9a9d5
SHA1 346a8462e952ec6db2d23a8663e037bdb533a5ca
SHA256 d092e41b55ebebb61197af9818d51c8688bbc1ae0d7b2c9bdd83796d48f90bf0
ssdeep
24576:4+lhmCVNW3QhiIwsDTbqT+mRtHGl8z12/09UgWJPMVNVpEtER/OBwt+MSgqmC6X:xVraM4Ul4R/O8X

File size 2.5 MB ( 2605056 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit Mono/.Net assembly

TrID Generic CIL Executable (.NET, Mono, etc.) (70.7%)
Windows Screen Saver (12.6%)
Win32 Dynamic Link Library (generic) (6.3%)
Win32 Executable (generic) (4.3%)
Win16/32 Executable Delphi generic (2.0%)
Tags
peexe assembly

VirusTotal metadata
First submission 2014-04-30 10:22:29 UTC ( 4 years, 10 months ago )
Last submission 2014-04-30 10:22:29 UTC ( 4 years, 10 months ago )
File names vt-upload-hr3RC
e621ca05_backup.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
HTTP requests
DNS requests
TCP connections