× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: d77f77264127864d50e08488c67a5be48b577e9888e17c5ae0b77e642390244f
File name: file-6985858_
Detection ratio: 45 / 50
Analysis date: 2014-05-16 01:40:22 UTC ( 3 years, 9 months ago )
Antivirus Result Update
Ad-Aware Trojan.Generic.5271593 20140516
Yandex Backdoor.Agent!vBQ1rqiDW4s 20140515
AhnLab-V3 Trojan/Win32.Vundo 20140515
AntiVir TR/Vundo.Gen 20140516
Antiy-AVL Trojan[Rootkit]/Win32.Agent 20140516
Avast Win32:Agent-AHQZ [Trj] 20140516
AVG BackDoor.Agent.AFLL 20140515
Baidu-International Backdoor.Win32.Agent.ARph 20140515
BitDefender Trojan.Generic.5271593 20140516
Bkav W32.MvbamapX.Trojan 20140515
ByteHero Virus.Win32.Heur.c 20140516
CMC Backdoor.Win32.Agent!O 20140512
Commtouch W32/Backdoor.FWLE-0979 20140516
Comodo Backdoor.Win32.Agent.AJYU 20140516
DrWeb BackDoor.Gootkit.4 20140516
Emsisoft Trojan.Generic.5271593 (B) 20140516
ESET-NOD32 Win32/Otlard.A 20140516
F-Prot W32/Backdoor2.GXGP 20140516
Fortinet W32/Agent.AJYU!tr.bdr 20140516
GData Trojan.Generic.5271593 20140516
Ikarus Trojan-Dropper.Win32.Otlard 20140516
Jiangmin Backdoor/IEbooot.iz 20140515
K7AntiVirus Backdoor ( 04c548361 ) 20140515
K7GW Backdoor ( 04c548361 ) 20140515
Kaspersky Backdoor.Win32.Agent.ajyu 20140516
McAfee Generic.dx!8E36BF6D85ED 20140516
McAfee-GW-Edition Generic.dx!8E36BF6D85ED 20140515
Microsoft TrojanDropper:Win32/Otlard.A 20140516
eScan Trojan.Generic.5271593 20140516
NANO-Antivirus Trojan.Win32.Agent.iewm 20140516
Norman Smalltroj.WJFF 20140515
nProtect Backdoor/W32.Agent.165696 20140515
Panda Trj/Downloader.MDW 20140515
Qihoo-360 Win32/Trojan.17e 20140516
Rising PE:Trojan.Win32.Generic.11F1B0DD!301052125 20140507
Sophos AV Mal/Behav-031 20140516
Symantec Trojan Horse 20140516
TheHacker Trojan/Generic.gen 20140515
TotalDefense Win32/Droplet.NU 20140515
TrendMicro TROJ_OTLARD.SM 20140516
TrendMicro-HouseCall TROJ_OTLARD.SM 20140516
VBA32 Backdoor.Agent 20140514
VIPRE Trojan.Win32.Generic!BT 20140516
ViRobot Dropper.Agent.159264 20140515
Zillya Backdoor.Agent.Win32.14202 20140514
AegisLab 20140516
CAT-QuickHeal 20140515
ClamAV 20140516
F-Secure 20140516
Kingsoft 20130829
Malwarebytes 20140516
SUPERAntiSpyware 20140516
Tencent 20140515
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2009-04-16 17:16:45
Entry Point 0x00005C47
Number of sections 1
PE sections
PE imports
CreateServiceA
CloseServiceHandle
OpenSCManagerA
StartServiceA
OpenServiceA
GetEnvironmentVariableA
lstrcatA
WriteFile
lstrcpyA
CloseHandle
CreateFileA
GetModuleFileNameA
GetShortPathNameA
ShellExecuteA
wsprintfA
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2009:04:16 18:16:45+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
0

LinkerVersion
8.0

FileAccessDate
2014:05:16 02:43:12+01:00

EntryPoint
0x5c47

InitializedDataSize
20480

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

FileCreateDate
2014:05:16 02:43:12+01:00

UninitializedDataSize
0

File identification
MD5 8e36bf6d85edac1e8a39ea9a572836fb
SHA1 eaba2e54efb960659526d8a4f88814872d00f8ee
SHA256 d77f77264127864d50e08488c67a5be48b577e9888e17c5ae0b77e642390244f
ssdeep
3072:zZr9B0e/25mTJIHX7KHnrt+d8Zfm2BwHw6JP:zR3t25mTJsrKHrYax6h

imphash ab70b8484fadc9272625e1e2f86c267a
File size 161.8 KB ( 165696 bytes )
File type Win32 EXE
Magic literal
MS-DOS executable, MZ for MS-DOS

TrID Win32 Executable (generic) (52.9%)
Generic Win/DOS Executable (23.5%)
DOS Executable Generic (23.5%)
Tags
peexe

VirusTotal metadata
First submission 2010-02-02 13:50:33 UTC ( 8 years ago )
Last submission 2014-05-16 01:40:22 UTC ( 3 years, 9 months ago )
File names 8E36BF6D85EDAC1E8A39EA9A572836FB
aa
file-6985858_
PqK6.jpeg
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Shell commands
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
UDP communications