× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: d7a47fcfc9ee15386dbb608ac2a1d3f7fb92650808abc9a50f1d85d5221e19d0
File name: 中越版DDOS[二手玫瑰第二版].exe
Detection ratio: 18 / 42
Analysis date: 2012-09-15 18:26:34 UTC ( 5 years, 2 months ago ) View latest
Antivirus Result Update
Avast Win32:Malware-gen 20120915
AVG Suspicion: unknown virus 20120915
Commtouch W32/Downloader.AT.gen!Eldorado 20120914
Comodo UnclassifiedMalware 20120915
Emsisoft Trojan-Dropper.Agent!IK 20120915
ESET-NOD32 a variant of Win32/FlyStudio 20120915
F-Prot W32/Downloader.AT.gen!Eldorado 20120914
Fortinet W32/Pincav 20120830
GData Win32:Malware-gen 20120915
Ikarus Trojan-Dropper.Agent 20120915
K7AntiVirus Trojan 20120915
McAfee-GW-Edition Heuristic.BehavesLike.Win32.Suspicious-BAY.S 20120915
Norman W32/Packed_NSPack.B 20120914
Sophos AV W32/Pincav-Gen 20120915
TheHacker W32/Behav-Heuristic-067 20120915
TrendMicro-HouseCall TROJ_GEN.R44B1HI 20120915
VIPRE Packer.NSAnti.Gen (v) 20120915
VirusBuster Packed/NSPack 20120915
AhnLab-V3 20120915
AntiVir 20120915
Antiy-AVL 20120911
BitDefender 20120915
ByteHero 20120910
CAT-QuickHeal 20120915
ClamAV 20120915
DrWeb 20120915
eSafe 20120914
F-Secure 20120915
Jiangmin 20120915
Kaspersky 20120915
McAfee 20120915
Microsoft 20120915
nProtect 20120915
Panda 20120915
PCTools 20120915
Rising 20120914
SUPERAntiSpyware 20120911
Symantec 20120915
TotalDefense 20120914
TrendMicro 20120915
VBA32 20120914
ViRobot 20120915
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
?????? ????????

Product ???????
File version 1.0.0.0
Description QQ-23070790
Comments ???? QQ-23070790
Packers identified
Command NSPack
F-PROT NSPack
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2011-06-06 10:02:37
Entry Point 0x001AB315
Number of sections 3
PE sections
PE imports
RegCreateKeyExA
ImageList_Destroy
GetOpenFileNameA
SetBkColor
VirtualFree
ExitProcess
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
CreateILockBytesOnHGlobal
SafeArrayUnaccessData
RasHangUpA
ShellExecuteA
SetClipboardData
InternetCanonicalizeUrlA
midiStreamRestart
OpenPrinterA
inet_ntoa
Number of PE resources by type
RT_BITMAP 15
RT_STRING 11
RT_DIALOG 10
RT_CURSOR 4
RT_GROUP_CURSOR 3
RT_ICON 3
TEXTINCLUDE 3
RT_GROUP_ICON 3
RT_MENU 2
RT_VERSION 1
Number of PE resources by language
CHINESE SIMPLIFIED 53
NEUTRAL 2
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2011:06:06 11:02:37+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
0

LinkerVersion
6.0

FileTypeExtension
exe

InitializedDataSize
1142784

SubsystemVersion
4.0

EntryPoint
0x1ab315

OSVersion
4.0

ImageVersion
0.0

UninitializedDataSize
1736704

File identification
MD5 d4cf168875180c888d6c2f8158fd3ead
SHA1 eb31d2a5aaf75546ca102500ee7d8a1863d753a1
SHA256 d7a47fcfc9ee15386dbb608ac2a1d3f7fb92650808abc9a50f1d85d5221e19d0
ssdeep
24576:bpev/ElOXNa9IuoEsT9uvX28UHDLekP8WZ7dO:bpevs4X49RN1vG9jLehs74

authentihash 9dc2ab25bb4bdec84ef48f72f024328fa7728b51ac2556f468465a602a73cda1
imphash 146af7843bcd4f9af418181ed88ab9ad
File size 1.1 MB ( 1140810 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Tags
peexe nspack

VirusTotal metadata
First submission 2012-09-15 16:39:50 UTC ( 5 years, 2 months ago )
Last submission 2016-01-18 00:15:02 UTC ( 1 year, 10 months ago )
File names 中越版DDOS[二手玫瑰第二版].exe
d7a47fcfc9ee15386dbb608ac2a1d3f7fb92650808abc9a50f1d85d5221e19d0.vir
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Code injections in the following processes
Opened mutexes
Runtime DLLs
UDP communications