× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: dbff10ab627a862eee3906dbf7a10ae3df456284370b90d472b23ac0999fbfdd
File name: 2305fc4112e9e20d9d5a8c9b94230661
Detection ratio: 19 / 49
Analysis date: 2014-03-05 22:16:05 UTC ( 3 years, 1 month ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKD.1593608 20140305
AhnLab-V3 Spyware/Win32.Zbot 20140305
Antiy-AVL Trojan[Ransom]/Win32.Gimemo 20140305
Avast Win32:Crypt-QRB [Trj] 20140305
AVG Inject2.VBO 20140305
BitDefender Trojan.GenericKD.1593608 20140305
Bkav HW32.CDB.13b2 20140305
DrWeb Trojan.Winlock.8004 20140305
Emsisoft Trojan.GenericKD.1593608 (B) 20140305
ESET-NOD32 a variant of Win32/Injector.AZBR 20140305
F-Secure Trojan.GenericKD.1593608 20140305
GData Trojan.GenericKD.1593608 20140305
Malwarebytes Trojan.Inject.ED 20140305
McAfee Downloader-FYH!2305FC4112E9 20140305
McAfee-GW-Edition PWSZbot-FRL!2305FC4112E9 20140305
Microsoft VirTool:Win32/CeeInject 20140305
eScan Trojan.GenericKD.1593608 20140305
Panda Suspicious file 20140305
Qihoo-360 HEUR/Malware.QVM07.Gen 20140305
Yandex 20140305
AntiVir 20140305
Baidu-International 20140305
ByteHero 20140305
CAT-QuickHeal 20140305
ClamAV 20140305
CMC 20140228
Commtouch 20140305
Comodo 20140305
F-Prot 20140305
Fortinet 20140305
Ikarus 20140305
Jiangmin 20140305
K7AntiVirus 20140305
K7GW 20140305
Kaspersky 20140305
Kingsoft 20140305
NANO-Antivirus 20140305
Norman 20140305
nProtect 20140305
Rising 20140305
Sophos 20140305
SUPERAntiSpyware 20140305
Symantec 20140305
TheHacker 20140305
TotalDefense 20140305
TrendMicro 20140305
TrendMicro-HouseCall 20140305
VBA32 20140305
VIPRE 20140305
ViRobot 20140305
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-03-03 13:57:18
Entry Point 0x000069F0
Number of sections 4
PE sections
PE imports
CreatePen
CreateCompatibleBitmap
CreateSolidBrush
SetPixelV
CreateCompatibleDC
StretchBlt
Rectangle
GetModuleFileNameA
ExitProcess
GetStartupInfoW
GetModuleHandleW
Ord(3820)
Ord(2406)
Ord(2438)
Ord(4621)
Ord(5298)
Ord(1634)
Ord(2980)
Ord(6371)
Ord(5237)
Ord(4073)
Ord(6048)
Ord(5257)
Ord(4435)
Ord(4224)
Ord(5436)
Ord(5727)
Ord(3744)
Ord(4616)
Ord(6370)
Ord(815)
Ord(3257)
Ord(2717)
Ord(641)
Ord(4155)
Ord(3917)
Ord(2506)
Ord(2388)
Ord(3566)
Ord(6379)
Ord(289)
Ord(3341)
Ord(3076)
Ord(1633)
Ord(3142)
Ord(5285)
Ord(4667)
Ord(825)
Ord(5781)
Ord(5710)
Ord(5276)
Ord(4401)
Ord(540)
Ord(2858)
Ord(5273)
Ord(2836)
Ord(1767)
Ord(2371)
Ord(3568)
Ord(4480)
Ord(4229)
Ord(823)
Ord(3087)
Ord(2047)
Ord(2504)
Ord(6390)
Ord(800)
Ord(5157)
Ord(1569)
Ord(470)
Ord(755)
Ord(3074)
Ord(2613)
Ord(3592)
Ord(4269)
Ord(2977)
Ord(2116)
Ord(4418)
Ord(5784)
Ord(4831)
Ord(1826)
Ord(2397)
Ord(640)
Ord(4459)
Ord(2377)
Ord(3825)
Ord(4419)
Ord(323)
Ord(4074)
Ord(2640)
Ord(1089)
Ord(5446)
Ord(3254)
Ord(1165)
Ord(4128)
Ord(4692)
Ord(2971)
Ord(4347)
Ord(324)
Ord(5296)
Ord(4992)
Ord(4704)
Ord(3793)
Ord(3688)
Ord(3826)
Ord(5193)
Ord(4847)
Ord(1720)
Ord(4075)
Ord(2854)
Ord(1131)
Ord(3733)
Ord(5303)
Ord(2546)
Ord(561)
Ord(4292)
Ord(1143)
Ord(5261)
Ord(3658)
Ord(6372)
Ord(3131)
Ord(5059)
Ord(2859)
Ord(2099)
Ord(4370)
Ord(613)
Ord(860)
Ord(3621)
__p__fmode
malloc
__wgetmainargs
_ftol
fread
fclose
__dllonexit
fopen
_except_handler3
fseek
__p__commode
_onexit
ftell
exit
_XcptFilter
rewind
__setusermatherr
_controlfp
_wcmdln
__CxxFrameHandler
_adjust_fdiv
_initterm
_exit
_CIacos
__set_app_type
DrawDibClose
GetSystemMetrics
IsIconic
SendMessageW
GetSystemMenu
EnableWindow
GetClientRect
DrawIcon
CheckRadioButton
LoadCursorW
LoadIconW
WindowFromDC
FrameRect
AppendMenuW
GetDC
SetCursor
Number of PE resources by type
RT_DIALOG 3
RT_RCDATA 1
RT_STRING 1
Number of PE resources by language
CHINESE SIMPLIFIED 4
NEUTRAL 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2014:03:03 14:57:18+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
24576

LinkerVersion
6.0

FileAccessDate
2014:03:05 23:16:56+01:00

EntryPoint
0x69f0

InitializedDataSize
184320

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

FileCreateDate
2014:03:05 23:16:56+01:00

UninitializedDataSize
0

File identification
MD5 2305fc4112e9e20d9d5a8c9b94230661
SHA1 e57ee3756cab06afea2b45e9a13b06d614edd8a4
SHA256 dbff10ab627a862eee3906dbf7a10ae3df456284370b90d472b23ac0999fbfdd
ssdeep
6144:9WQAk16Bhm1mQoKbrjVcFJlrJp79lQAqGH:nNGQ/JcnlrD7kAqA

imphash 80c0d0086fd50e2236c7528e344bbf76
File size 208.5 KB ( 213504 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2014-03-05 22:16:05 UTC ( 3 years, 1 month ago )
Last submission 2014-03-05 22:16:05 UTC ( 3 years, 1 month ago )
File names 2305fc4112e9e20d9d5a8c9b94230661
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!