× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: d193eeafa5a873311a2cb2bc63433c9dd2d5506830df1075e9246fa5250ede33
File name: v2rxu6.ex#
Detection ratio: 39 / 44
Analysis date: 2011-09-13 20:50:14 UTC ( 6 years, 2 months ago ) View latest
Antivirus Result Update
AhnLab-V3 Win-Trojan/Sinowal.329072 20110913
AntiVir TR/Drop.Agen.329072 20110913
Avast Win32:Driller 20110913
Avast5 Win32:Driller 20110913
AVG PSW.Generic6.FBI 20110913
BitDefender Backdoor.Sinowal.B 20110913
CAT-QuickHeal Win32.PWS.Sinowal.gen!J.4 20110913
ClamAV Trojan.Sinowal-84 20110913
Commtouch W32/Sinowal-based!Maximus 20110913
Comodo TrojWare.Win32.Mebroot.G 20110913
DrWeb Trojan.Packed.370 20110913
Emsisoft PWS.Win32.Sinowal.J!IK 20110913
eSafe Win32.TRDrop.Agen 20110913
F-Prot W32/Sinowal-based!Maximus 20110913
F-Secure Trojan:W32/Mebroot.gen!A 20110913
Fortinet W32/Sinowa.A!tr.bdr 20110911
GData Backdoor.Sinowal.B 20110913
Ikarus PWS.Win32.Sinowal.J 20110913
Jiangmin Backdoor/Sinowal.au 20110913
K7AntiVirus Trojan 20110913
Kaspersky Backdoor.Win32.Sinowal.bq 20110913
McAfee Generic Packed.g 20110913
McAfee-GW-Edition Heuristic.LooksLike.Win32.Suspicious.C 20110913
Microsoft PWS:Win32/Sinowal.gen!J 20110913
NOD32 Win32/Mebroot.G 20110913
Norman W32/Sinowal.ARM 20110913
nProtect Backdoor/W32.Sinowal.329072 20110913
Panda Malicious Packer 20110913
PCTools Trojan.Mebroot 20110913
Rising Trojan.Win32.Generic.128B3837 20110909
Sophos AV Mal/Sinowa-A 20110913
Symantec Trojan.Mebroot 20110913
TheHacker Backdoor/Sinowal.bq 20110910
TrendMicro TROJ_MEBROOT.AH 20110913
TrendMicro-HouseCall TROJ_MEBROOT.AH 20110913
VBA32 Backdoor.Sinowal.8421 20110913
VIPRE Trojan.Win32.Generic!BT 20110913
ViRobot Backdoor.Win32.Sinowal.329336 20110913
VirusBuster Backdoor.Sinowal!YWJ72V9JjyE 20110913
Antiy-AVL 20110913
ByteHero 20110913
eTrust-Vet 20110913
Prevx 20110913
SUPERAntiSpyware 20110913
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2008-02-27 12:54:06
Entry Point 0x00005744
Number of sections 4
PE sections
PE imports
GetEnvironmentVariableW
VirtualFree
CreateFileA
WriteFile
Sleep
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2008:02:27 13:54:06+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
38400

LinkerVersion
7.1

FileAccessDate
2014:12:08 11:15:21+01:00

EntryPoint
0x5744

InitializedDataSize
277872

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

FileCreateDate
2014:12:08 11:15:21+01:00

UninitializedDataSize
0

File identification
MD5 028cbee0aaa9a120a32b139b33671365
SHA1 0ba899594faab44e93e9587850f4cc844088080b
SHA256 d193eeafa5a873311a2cb2bc63433c9dd2d5506830df1075e9246fa5250ede33
ssdeep
6144:xlKpAhllEo7jJYUikHaWl0a89UHTgDZrVaBIc9bjIEpYAQporRXtUIudHD:x4mhVyLkHaWSa89UgiBI2IEZQuN9Uzdj

authentihash 1f1aa022412d77a088a4198a1d1b451d869f121688e1d53f88cb4f9f63371695
imphash 2717a120f3532759192746b08a75beea
File size 321.4 KB ( 329072 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe

VirusTotal metadata
First submission 2008-04-20 03:31:49 UTC ( 9 years, 7 months ago )
Last submission 2014-11-05 16:10:11 UTC ( 3 years ago )
File names 0ba899594faab44e93e9587850f4cc844088080b_v2rxu6.ex
yslY.zip
r0cG7YelPG.tgz
028CBEE0AAA9A120A32B139B33671365
185866_0ba899594faab44e93e9587850f4cc844088080b_v2rxu6.ex
v2rxu6.ex#
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Moved files
Deleted files
Created processes
Created mutexes
Opened mutexes
Runtime DLLs