× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: dcecd5fb0ca3b5fbb9caf952a3a0237d861f4ed2cb9ac89bc44477986e9c9e3c
File name: d880cd5e3fe803c17f4208552ec22698
Detection ratio: 43 / 51
Analysis date: 2014-05-28 01:23:03 UTC ( 10 months ago )
Antivirus Result Update
AVG PSW.Generic12.COW 20140527
Ad-Aware Trojan.GenericKD.1342418 20140528
Agnitum Trojan.Sharik!AXdfEAJaoA8 20140527
AhnLab-V3 Trojan/Win32.Sharik 20140527
AntiVir TR/Buzus.KK.3216 20140528
Antiy-AVL Trojan/Win32.VB.gic 20140527
Avast Win32:Malware-gen 20140528
Baidu-International Trojan.Win32.Zurgop.bBI 20140527
BitDefender Trojan.GenericKD.1342418 20140528
Bkav W32.CapietH.Trojan 20140527
CAT-QuickHeal TrojanDownloader.Dimegup.gen.cw2 20140527
Commtouch W32/Trojan.PEXZ-6734 20140527
Comodo TrojWare.Win32.Injector.AOJ 20140527
DrWeb Trojan.DownLoader9.22851 20140528
ESET-NOD32 Win32/TrojanDownloader.Zurgop.BI 20140527
Emsisoft Trojan.GenericKD.1342418 (B) 20140528
F-Prot W32/Trojan3.GFD 20140527
F-Secure Trojan.GenericKD.1342418 20140528
Fortinet W32/Agent.AEFU!tr 20140527
GData Trojan.GenericKD.1342418 20140528
Ikarus Trojan.Injector 20140528
Jiangmin TrojanSpy.Zbot.fnbp 20140527
K7AntiVirus Riskware ( 0040f0fb1 ) 20140527
K7GW Riskware ( 0040f0fb1 ) 20140527
Kaspersky Trojan.Win32.Sharik.qgi 20140528
Kingsoft Win32.Troj.Sharik.q.(kcloud) 20140528
McAfee PWS-Zbot.dx 20140528
McAfee-GW-Edition Heuristic.LooksLike.Win32.Suspicious.C!83 20140527
MicroWorld-eScan Trojan.GenericKD.1342418 20140528
Microsoft VirTool:Win32/CeeInject.gen!KK 20140527
NANO-Antivirus Trojan.Win32.Zbot.cirqfs 20140528
Norman Troj_Generic.QJTWM 20140527
Panda Trj/WLT.A 20140527
Qihoo-360 Win32/Trojan.eef 20140528
Symantec Trojan.Zbot 20140528
Tencent Win32.Trojan.Sharik.Wsjo 20140528
TotalDefense Win32/CInject.XF 20140527
TrendMicro TROJ_INJECTO.CBY 20140528
TrendMicro-HouseCall TROJ_INJECTO.CBY 20140528
VBA32 Trojan.Sharik 20140527
VIPRE Trojan.Win32.Zbot.f (v) 20140528
ViRobot Trojan.Win32.Agent.49877 20140527
nProtect Trojan/W32.Sharik.49877 20140527
AegisLab 20140528
ByteHero 20140528
CMC 20140526
ClamAV 20140527
Malwarebytes 20140528
Rising 20140527
SUPERAntiSpyware 20140528
Sophos 20140528
TheHacker 20140527
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
PEiD PECompact 2.xx --> BitSum Technologies
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-10-11 17:01:02
Link date 6:01 PM 10/11/2013
Entry Point 0x00001000
Number of sections 2
PE sections
PE imports
VirtualFree
LoadLibraryA
VirtualAlloc
GetProcAddress
Number of PE resources by type
RT_STRING 12
RT_MENU 2
RT_DIALOG 1
RT_ICON 1
Struct(241) 1
RT_ACCELERATOR 1
RT_BITMAP 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 18
NEUTRAL 2
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2013:10:11 18:01:02+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
32768

LinkerVersion
6.0

FileAccessDate
2014:05:28 02:22:58+01:00

EntryPoint
0x1000

InitializedDataSize
16384

SubsystemVersion
4.512

ImageVersion
0.0

OSVersion
4.0

FileCreateDate
2014:05:28 02:22:58+01:00

UninitializedDataSize
0

Compressed bundles
File identification
MD5 d880cd5e3fe803c17f4208552ec22698
SHA1 e09358933f57bf6b203f3ba189219c7800a48eef
SHA256 dcecd5fb0ca3b5fbb9caf952a3a0237d861f4ed2cb9ac89bc44477986e9c9e3c
ssdeep
1536:DE/tbRRkFA1UqWzOiEjt3csQYcEfhmV8r7jJ:Q1CkDWu3EEpDHjJ

imphash 09d0478591d4f788cb3e5ea416c25237
File size 48.7 KB ( 49877 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 EXE PECompact compressed (v2.x) (54.1%)
Win32 EXE PECompact compressed (generic) (38.0%)
Win32 Executable (generic) (4.1%)
Generic Win/DOS Executable (1.8%)
DOS Executable Generic (1.8%)
Tags
pecompact peexe

VirusTotal metadata
First submission 2013-10-15 09:15:11 UTC ( 1 year, 5 months ago )
Last submission 2014-02-20 16:17:55 UTC ( 1 year, 1 month ago )
File names c-8eba4-356-1381828503
image_1015_900511_300.jpeg.exe
d880cd5e3fe803c17f4208552ec22698.exe
d880cd5e3fe803c17f4208552ec22698
d880cd5e3fe803c17f4208552ec22698
dcecd5fb0ca3b5fbb9caf952a3a0237d861f4ed2cb9ac89bc44477986e9c9e3c
image.jpeg.exe
2.exe
Confirming.docx.exe
image_1015_900511_300_jpeg_exe
Confirming 874009485990.docx.exe
Confirming 874009485990.docx.ex
file-6149672_exe
avast-Antivirus-Order-Details.pdf.exe
Advanced heuristic and reputation engines
ClamAV PUA
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: http://www.clamav.net/doc/pua.html .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!