× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: d7070e2204ffecf35a2e32e69c0f38d91ac4f1c7706d3e2cb83ee0539dbefd63
File name: cf030035e81f574d1e961b1919ff266d
Detection ratio: 42 / 44
Analysis date: 2012-10-06 07:10:13 UTC ( 1 year, 6 months ago )
Antivirus Result Update
AVG BackDoor.Generic13.DCG 20121005
Agnitum Trojan.Ripnip.Gen.1 20121005
AhnLab-V3 Trojan/Win32.Ripinip 20121005
AntiVir TR/Spy.Gen 20121005
Avast Win32:BHO-ADU [Adw] 20121005
BitDefender Gen:Variant.Ripinip.1 20121005
CAT-QuickHeal Backdoor.Ripinip.C4 20121004
ClamAV Trojan.Ripnip-2 20121005
Commtouch W32/Autorun.XG 20121005
Comodo TrojWare.Win32.TrojanDropper.BHO.GHT 20121005
DrWeb Trojan.MulDrop1.48008 20121005
ESET-NOD32 a variant of Win32/Ripinip.AD 20121005
Emsisoft Backdoor.Win32.Ripinip!IK 20120919
F-Prot W32/Autorun.XG 20121005
F-Secure Gen:Variant.Ripinip.1 20121003
Fortinet W32/Ripinip.K!tr.bdr 20121005
GData Gen:Variant.Ripinip.1 20121005
Ikarus Backdoor.Win32.Ripinip 20121005
Jiangmin Trojan/Generic.beqn 20121004
K7AntiVirus Backdoor 20121005
Kaspersky Backdoor.Win32.Ripinip.otb 20121005
Kingsoft Win32.Hack.Ripinip.(kcloud) 20120925
McAfee BackDoor-EVC 20121005
McAfee-GW-Edition BackDoor-EVC 20121005
MicroWorld-eScan Gen:Variant.Ripinip.1 20121005
Microsoft Backdoor:Win32/Ripinip.N 20121005
Norman W32/Ripinip.D 20121005
PCTools Backdoor.Ripinip!rem 20121005
Panda Bck/Ripinip.E 20121005
Rising Backdoor.Win32.Autorun.p 20120928
SUPERAntiSpyware Trojan.Agent/Gen-FakeAlert 20120911
Sophos Troj/Kirjat-A 20121005
Symantec Backdoor.Ripinip 20121005
TheHacker Trojan/Dropper.Agent.oxz 20121005
TotalDefense Win32/SillyAutorun.EEG 20121004
TrendMicro BKDR_RIPINIP.SMA 20121005
TrendMicro-HouseCall BKDR_RIPINIP.SMA 20121005
VBA32 Backdoor.Ripinip.bbt 20121005
VIPRE Backdoor.Win32.Ripinip.n (v) 20121005
ViRobot Backdoor.Win32.A.Ripinip.249856 20121005
eSafe Win32.TRSpy 20121002
nProtect Backdoor/W32.Ripinip.249856.Q 20121005
Antiy-AVL 20121004
ByteHero 20121004
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
PEiD Armadillo v1.71
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2011-02-24 00:19:27
Entry Point 0x00002C6E
Number of sections 4
PE sections
PE imports
CloseServiceHandle
LookupPrivilegeValueA
RegCloseKey
OpenServiceA
OpenProcessToken
RegSetValueExA
QueryServiceStatus
RegQueryValueExA
AdjustTokenPrivileges
RegOpenKeyExA
RegCreateKeyA
OpenSCManagerA
GetLastError
WriteProcessMemory
VirtualAllocEx
GetTickCount
GetVersionExA
GetModuleFileNameA
GetCurrentProcess
VirtualFreeEx
GetFileSize
OpenProcess
SetFileTime
DeleteFileA
GetWindowsDirectoryA
ReadProcessMemory
GetCommandLineA
GetModuleHandleA
GetTempPathA
SetFilePointer
ReadFile
WriteFile
GetStartupInfoA
CloseHandle
GetSystemDirectoryA
CreateProcessA
Sleep
CreateFileA
Ord(5858)
Ord(3147)
Ord(4080)
Ord(6375)
Ord(537)
Ord(3830)
Ord(2554)
Ord(1168)
Ord(4673)
Ord(4278)
Ord(356)
Ord(2982)
Ord(3079)
Ord(2512)
Ord(341)
Ord(535)
Ord(1576)
Ord(825)
Ord(3081)
Ord(5199)
Ord(2614)
Ord(3262)
Ord(668)
Ord(3259)
Ord(4424)
Ord(540)
Ord(5714)
Ord(940)
Ord(3922)
Ord(2725)
Ord(3346)
Ord(858)
Ord(859)
Ord(2396)
Ord(4622)
Ord(561)
Ord(6662)
Ord(3831)
Ord(5731)
Ord(3825)
Ord(926)
Ord(4486)
Ord(1980)
Ord(924)
Ord(815)
Ord(1089)
Ord(2985)
Ord(6140)
Ord(3738)
Ord(4698)
Ord(654)
Ord(2976)
Ord(2764)
Ord(800)
Ord(5307)
Ord(5300)
Ord(4079)
Ord(5289)
Ord(4274)
Ord(941)
Ord(5302)
Ord(4465)
Ord(3136)
Ord(860)
Ord(2770)
_except_handler3
__p__fmode
malloc
_XcptFilter
_acmdln
__CxxFrameHandler
_setmbcp
_adjust_fdiv
__setusermatherr
__p__commode
free
_onexit
exit
__dllonexit
atol
__getmainargs
_initterm
_controlfp
_exit
__set_app_type
GetWindowThreadProcessId
GetCursorPos
GetSystemMetrics
GetParent
GetWindowRect
InflateRect
ClientToScreen
PostMessageA
FindWindowExA
SendMessageA
WindowFromPoint
PeekMessageA
SetCursorPos
mouse_event
GetWindowTextA
FindWindowA
ScreenToClient
ExitWindowsEx
PtInRect
Number of PE resources by type
RT_ICON 1
RT_GROUP_ICON 1
Number of PE resources by language
CHINESE SIMPLIFIED 2
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2011:02:24 00:19:27+00:00

FileType
Win32 EXE

PEType
PE32

CodeSize
8192

LinkerVersion
6.0

EntryPoint
0x2c6e

InitializedDataSize
237568

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 cf030035e81f574d1e961b1919ff266d
SHA1 939a901c20deb49eb6162a6e2df84c61b2cb8787
SHA256 d7070e2204ffecf35a2e32e69c0f38d91ac4f1c7706d3e2cb83ee0539dbefd63
ssdeep
3072:IwJIvr9QaABJ7ODhxHtafTNL4hiI0AUvkjBbJdrnl0vYA6PS7B2:ILz9QaI/fB8hP0AUMjprnlC6PS7Q

File size 244.0 KB ( 249856 bytes )
File type Win32 EXE
Magic literal
MS-DOS executable PE for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe armadillo

VirusTotal metadata
First submission 2011-06-03 21:57:58 UTC ( 2 years, 10 months ago )
Last submission 2012-10-06 07:10:13 UTC ( 1 year, 6 months ago )
File names cf030035e81f574d1e961b1919ff266d
cf030035e81f574d1e961b1919ff266d
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!