× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: d6a7cd1a86ef4bae294d437cd2092db55265070608b14a8920a53f411af13f0d
File name: 87FAD72BCB1BF02203AE456CDC5AB342
Detection ratio: 38 / 43
Analysis date: 2011-08-15 14:30:02 UTC ( 7 years, 5 months ago )
Antivirus Result Update
AhnLab-V3 Win32/Koobface.worm.39936.FQ 20110814
AntiVir TR/Dropper.Gen 20110815
Avast Win32:Inject-ABT [Trj] 20110815
Avast5 Win32:Inject-ABT [Trj] 20110815
AVG Dropper.Generic.BQBX 20110815
BitDefender Worm.Generic.227124 20110815
CAT-QuickHeal I-Worm.Koobface.fcy 20110813
Commtouch W32/VB.AK.gen!Eldorado 20110815
Comodo TrojWare.Win32.Trojan.Agent.Gen 20110815
DrWeb Win32.HLLW.Facebook.573 20110815
Emsisoft Trojan-Spy.Win32.Zbot!IK 20110815
eSafe Win32.TRDropper 20110814
F-Prot W32/VB.AK.gen!Eldorado 20110815
F-Secure Net-Worm:W32/Koobface.GQ 20110815
Fortinet W32/VB.WL!tr 20110815
GData Worm.Generic.227124 20110815
Ikarus Trojan-Spy.Win32.Zbot 20110815
Jiangmin Worm/Koobface.aru 20110814
K7AntiVirus Trojan 20110812
Kaspersky Net-Worm.Win32.Koobface.fcy 20110815
McAfee Artemis!87FAD72BCB1B 20110815
McAfee-GW-Edition Heuristic.BehavesLike.Win32.Downloader.D 20110815
Microsoft VirTool:Win32/VBInject.DS 20110815
NOD32 Win32/Koobface.NCL 20110815
Norman W32/Suspicious_Gen2.APOMH 20110815
nProtect Worm/W32.Koobface.39936.K 20110814
Panda Trj/CI.A 20110815
PCTools Net-Worm.Koobface.B!rem 20110815
Rising Trojan.Win32.Generic.11E74916 20110815
Sophos AV Mal/Behav-370 20110815
SUPERAntiSpyware Trojan.Agent/Gen-Koobface[Bonkers] 20110813
Symantec W32.Koobface.D 20110815
TrendMicro TROJ_GEN.USE1K12 20110815
TrendMicro-HouseCall TROJ_GEN.USE1K12 20110815
VBA32 SScope.Trojan.VB.0155 20110815
VIPRE Trojan.Win32.Generic!BT 20110815
ViRobot Worm.Win32.S.Net-Koobface.39936.X 20110815
VirusBuster Worm.Koobface!jnFA3PIJNTU 20110814
Antiy-AVL 20110815
ClamAV 20110815
eTrust-Vet 20110815
Prevx 20110815
TheHacker 20110815
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file.
Packers identified
PEiD UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
PE header basic information
Number of sections 3
PE sections
PE imports
LoadLibraryA
GetProcAddress
VirtualProtect
VirtualAlloc
VirtualFree
ExitProcess
1 more function(s) imported by ordinal)
CallWindowProcA
File identification
MD5 87fad72bcb1bf02203ae456cdc5ab342
SHA1 551d097763f1c0dd4dd4865c9caffd16f23accb5
SHA256 d6a7cd1a86ef4bae294d437cd2092db55265070608b14a8920a53f411af13f0d
ssdeep
768:Yto5LK+FGeRe6QyfN6xtOIzXkGUC4849ZxVP3kGPIn3Y0XS1d:/L1FIU8QmkY4n/CGPyIeWd

File size 39.0 KB ( 39936 bytes )
File type Win32 EXE
Magic literal

TrID UPX compressed Win32 Executable (43.8%)
Win32 EXE Yoda's Crypter (38.1%)
Win32 Executable Generic (12.2%)
Generic Win/DOS Executable (2.8%)
DOS Executable Generic (2.8%)
Tags
upx

VirusTotal metadata
First submission 2010-02-11 05:40:51 UTC ( 8 years, 11 months ago )
Last submission 2011-08-15 14:30:02 UTC ( 7 years, 5 months ago )
File names 87FAD72BCB1BF02203AE456CDC5AB342
pDh855J.tiff
aa
ddNhu4e.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!