× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: d20cfbd6ff122de91b1acb8177b3ed1b0d967a81295f644a0af37e79373a9606
File name: VirusShare_c635c9ecfee5cf7dfc64fa950e210bc5
Detection ratio: 40 / 55
Analysis date: 2014-10-10 11:34:01 UTC ( 3 years, 3 months ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Zusy.754 20141010
AegisLab AdWare.W32.Suppad 20141010
Yandex Trojan.DL.Refroso!etcvBE4/GDM 20141010
AhnLab-V3 Trojan/Win32.Banker 20141010
Avast Win32:Malware-gen 20141010
AVG Downloader.Generic12.BCMH 20141010
Avira (no cloud) TR/Offend.kdv.529798 20141010
AVware Trojan.Win32.Generic!BT 20141010
Baidu-International Trojan.Win32.Refroso.AYMJ 20141010
BitDefender Gen:Variant.Zusy.754 20141010
Bkav W32.Clod093.Trojan.ae82 20141010
Comodo Heur.Suspicious 20141010
DrWeb Trojan.PWS.Orkut.171 20141010
Emsisoft Gen:Variant.Zusy.754 (B) 20141010
ESET-NOD32 a variant of Win32/PSW.Delf.OCL 20141010
F-Secure Gen:Variant.Zusy.754 20141010
Fortinet W32/Refroso.AFJW!tr.dldr 20141010
GData Gen:Variant.Zusy.754 20141010
Ikarus Trojan.Win32.Bancos 20141010
Jiangmin TrojanDownloader.Refroso.rc 20141009
K7AntiVirus Password-Stealer ( 0034ecc51 ) 20141009
K7GW Password-Stealer ( 0034ecc51 ) 20141009
Kaspersky Trojan-Downloader.Win32.Refroso.afjw 20141010
Malwarebytes Trojan.Banker 20141010
McAfee Artemis!C635C9ECFEE5 20141010
McAfee-GW-Edition BehavesLike.Win32.Trojan.dc 20141010
Microsoft TrojanSpy:Win32/Banker.ADX 20141010
eScan Gen:Variant.Zusy.754 20141010
NANO-Antivirus Trojan.Win32.Refroso.kilho 20141010
Norman Troj_Generic.UNQP 20141010
Panda Trj/Genetic.gen 20141010
Qihoo-360 Win32/Trojan.Downloader.47b 20141010
Rising PE:Trojan.Win32.Generic.12B66F60!313945952 20141010
Sophos AV Mal/Generic-S 20141010
Symantec Trojan.Gen 20141010
Tencent Win32.Trojan-downloader.Refroso.Swuf 20141010
VBA32 TrojanDownloader.Refroso 20141010
VIPRE Trojan.Win32.Generic!BT 20141010
ViRobot Trojan.Win32.A.Downloader.267776.BZ 20141010
Zillya Downloader.Refroso.Win32.2096 20141009
Antiy-AVL 20141010
ByteHero 20141010
CAT-QuickHeal 20141010
ClamAV 20141010
CMC 20141009
Cyren 20141010
F-Prot 20141009
Kingsoft 20141010
nProtect 20141008
SUPERAntiSpyware 20141010
TheHacker 20141008
TotalDefense 20141010
TrendMicro 20141010
TrendMicro-HouseCall 20141010
Zoner 20141010
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
F-PROT UPX
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-02-08 19:13:52
Entry Point 0x000B7660
Number of sections 3
PE sections
PE imports
VirtualFree
ExitProcess
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
RegFlushKey
ImageList_Add
SaveDC
OleDraw
VariantCopy
ShellExecuteA
VerQueryValueA
Number of PE resources by type
RT_STRING 21
RT_GROUP_CURSOR 7
RT_CURSOR 7
RT_ICON 6
RT_RCDATA 3
RT_MANIFEST 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 24
ENGLISH US 14
PORTUGUESE BRAZILIAN 8
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2012:02:08 20:13:52+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
253952

LinkerVersion
2.25

FileAccessDate
2014:10:10 12:51:19+01:00

EntryPoint
0xb7660

InitializedDataSize
16384

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

FileCreateDate
2014:10:10 12:51:19+01:00

UninitializedDataSize
495616

File identification
MD5 c635c9ecfee5cf7dfc64fa950e210bc5
SHA1 17be6863ef669b269d79866223126c62c3692aa6
SHA256 d20cfbd6ff122de91b1acb8177b3ed1b0d967a81295f644a0af37e79373a9606
ssdeep
6144:/B2MOyirBpBz0AZPok5Zbxllk3a2awyFohC4NkxeRROCwfZ:/B+/rNAAZPZ1sGTqhCe6eRRjwfZ

authentihash d4ec10eedcabb6f0154c27883ebe76c621c3373448cdb5ed49596242a21917f8
imphash b460e412b82a7ff63ffe3bb2e551ec65
File size 261.5 KB ( 267776 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID UPX compressed Win32 Executable (42.3%)
Win32 EXE Yoda's Crypter (36.7%)
Win32 Dynamic Link Library (generic) (9.1%)
Win32 Executable (generic) (6.2%)
Generic Win/DOS Executable (2.7%)
Tags
peexe upx

VirusTotal metadata
First submission 2012-02-09 12:01:11 UTC ( 5 years, 11 months ago )
Last submission 2014-10-10 11:34:01 UTC ( 3 years, 3 months ago )
File names c635c9ecfee5cf7dfc64fa950e210bc5
aa
17be6863ef669b269d79866223126c62c3692aa6.bin
G6P3vPz3.lnk
17be6863ef669b269d79866223126c62c3692aa6.exe
9nZGPf.dll
vodka.txt
VirusShare_c635c9ecfee5cf7dfc64fa950e210bc5
17be6863ef669b269d79866223126c62c3692aa6_vodka.tx
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!