× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: d346985bf4cd80deadf58550b0a793428475732bddc58c00d7db2d53cdd511ce
File name: file
Detection ratio: 25 / 41
Analysis date: 2012-02-24 12:56:52 UTC ( 6 years, 8 months ago )
Antivirus Result Update
AntiVir TR/Ruskill.FA.2 20120224
Antiy-AVL Trojan/win32.agent.gen 20120224
Avast Win32:Ruskill-FA [Trj] 20120223
AVG PSW.SpyEye.BT 20120224
BitDefender Trojan.Generic.7177801 20120224
Comodo UnclassifiedMalware 20120224
DrWeb Trojan.PWS.SpySweep.143 20120224
Emsisoft Trojan-PWS.SpyEye!IK 20120224
F-Secure Trojan.Generic.7177801 20120224
Fortinet W32/SpyEye.CA!tr.spy 20120223
GData Trojan.Generic.7177801 20120224
Ikarus Trojan-PWS.SpyEye 20120224
Jiangmin Trojan/Generic.wkqw 20120223
K7AntiVirus Riskware 20120222
Kaspersky HEUR:Trojan.Win32.Generic 20120224
McAfee Generic PWS.y!dvx 20120224
McAfee-GW-Edition Generic PWS.y!dvx 20120224
Microsoft VirTool:Win32/CeeInject.gen!GK 20120224
NOD32 Win32/Spy.SpyEye.CA 20120224
Norman W32/Suspicious_Gen4.HIVM 20120224
nProtect Trojan.Generic.7177801 20120224
TrendMicro TSPY_SPYEYE.AWW 20120224
TrendMicro-HouseCall TSPY_SPYEYE.AWW 20120224
VIPRE Trojan.Win32.Generic!BT 20120224
VirusBuster TrojanSpy.SpyEye!R5ReRxtMxg0 20120224
AhnLab-V3 20120224
ByteHero 20120222
CAT-QuickHeal 20120224
ClamAV 20120224
Commtouch 20120224
eSafe 20120223
eTrust-Vet 20120224
F-Prot 20120224
PCTools 20120221
Prevx 20120224
Rising 20120224
SUPERAntiSpyware 20120223
Symantec 20120224
TheHacker 20120224
VBA32 20120223
ViRobot 20120224
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Number of sections 4
PE sections
PE imports
GetStringTypeW, GetStringTypeA, GetProcAddress, lstrcmpiA, HeapAlloc, ExitProcess, TerminateProcess, GetCurrentProcess, GetModuleHandleA, GetStartupInfoA, GetCommandLineA, GetVersion, HeapDestroy, HeapCreate, VirtualFree, HeapFree, VirtualAlloc, HeapReAlloc, RtlUnwind, UnhandledExceptionFilter, GetModuleFileNameA, FreeEnvironmentStringsA, FreeEnvironmentStringsW, WideCharToMultiByte, GetEnvironmentStrings, GetEnvironmentStringsW, SetHandleCount, GetStdHandle, GetFileType, WriteFile, GetLastError, CloseHandle, GetCPInfo, GetACP, GetOEMCP, LoadLibraryA, SetStdHandle, FlushFileBuffers, MultiByteToWideChar, LCMapStringA, LCMapStringW, SetFilePointer
acmFormatDetailsA
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2012:01:28 07:01:51+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
71168

LinkerVersion
7.1

EntryPoint
0xf76a

InitializedDataSize
245248

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 aeca5baddcee602a89f0234399e743c5
SHA1 3a7f2286f2b6bf28dca8cfe678ff1dca3a4634c5
SHA256 d346985bf4cd80deadf58550b0a793428475732bddc58c00d7db2d53cdd511ce
ssdeep
6144:oYisaqKKuLnrLFDluU4S262Eq1NXIDk4FcIqz3czZl0aixbY8iyS7/X8HxPCu9TL:oYTTg5DgUAEBpRzr08SxKM

File size 310.0 KB ( 317440 bytes )
File type Win32 EXE
Magic literal
MS-DOS executable PE for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ 4.x (69.2%)
Win32 Executable MS Visual C++ (generic) (19.3%)
Win32 Executable Generic (4.3%)
Win32 Dynamic Link Library (generic) (3.8%)
Win16/32 Executable Delphi generic (1.0%)
VirusTotal metadata
First submission 2012-01-28 08:50:51 UTC ( 6 years, 8 months ago )
Last submission 2012-02-24 12:56:52 UTC ( 6 years, 8 months ago )
File names 1327931818.17_5.EXE
17_5.EXE
file
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!