× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: dcecd5fb0ca3b5fbb9caf952a3a0237d861f4ed2cb9ac89bc44477986e9c9e3c
File name: d880cd5e3fe803c17f4208552ec22698
Detection ratio: 42 / 50
Analysis date: 2014-02-20 16:17:55 UTC ( 1 month, 4 weeks ago )
Antivirus Result Update
AVG PSW.Generic12.COW 20140220
Ad-Aware Trojan.GenericKD.1342418 20140220
Agnitum Trojan.Sharik!AXdfEAJaoA8 20140220
AhnLab-V3 Trojan/Win32.Sharik 20140220
AntiVir TR/Buzus.KK.3216 20140220
Antiy-AVL Trojan/Win32.VB.gic 20140219
Avast Win32:Malware-gen 20140220
Baidu-International Trojan.Win32.Sharik.aYAo 20140220
BitDefender Trojan.GenericKD.1342418 20140220
Bkav W32.CapietH.Trojan 20140220
CAT-QuickHeal TrojanDownloader.Dimegup.gen.cw2 20140220
Commtouch W32/Trojan.PEXZ-6734 20140220
Comodo TrojWare.Win32.Injector.AOJ 20140220
DrWeb Trojan.DownLoader9.22851 20140220
ESET-NOD32 Win32/TrojanDownloader.Zurgop.BI 20140220
Emsisoft Trojan.GenericKD.1342418 (B) 20140220
F-Prot W32/Trojan3.GFD 20140220
F-Secure Trojan.GenericKD.1342418 20140220
Fortinet W32/Agent.AEFU!tr 20140220
GData Trojan.GenericKD.1342418 20140220
Ikarus Trojan.Injector 20140220
Jiangmin TrojanSpy.Zbot.fnbp 20140220
K7AntiVirus Trojan ( 0048c83b1 ) 20140219
K7GW Riskware ( 0040f0fb1 ) 20140219
Kaspersky Trojan.Win32.Sharik.qgi 20140220
Kingsoft Win32.Troj.Sharik.q.(kcloud) 20140220
McAfee PWS-Zbot.dx 20140220
McAfee-GW-Edition Heuristic.LooksLike.Win32.Suspicious.C!83 20140220
MicroWorld-eScan Trojan.GenericKD.1342418 20140220
Microsoft VirTool:Win32/CeeInject.gen!KK 20140220
NANO-Antivirus Trojan.Win32.Zbot.cirqfs 20140220
Panda Trj/WLT.A 20140220
Qihoo-360 Win32/Trojan.eef 20140220
Sophos Troj/Agent-AEFU 20140220
Symantec Trojan.Zbot 20140220
TotalDefense Win32/CInject.XF 20140219
TrendMicro TROJ_INJECTO.CBY 20140220
TrendMicro-HouseCall TROJ_INJECTO.CBY 20140220
VBA32 Trojan.Sharik 20140220
VIPRE Trojan.Win32.Zbot.f (v) 20140220
ViRobot Trojan.Win32.Agent.49877 20140220
nProtect Trojan/W32.Sharik.49877 20140220
ByteHero 20140220
CMC 20140220
ClamAV 20140220
Malwarebytes 20140220
Norman 20140220
Rising 20140219
SUPERAntiSpyware 20140220
TheHacker 20140220
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
PEiD PECompact 2.xx --> BitSum Technologies
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-10-11 17:01:02
Link date 6:01 PM 10/11/2013
Entry Point 0x00001000
Number of sections 2
PE sections
PE imports
VirtualFree
LoadLibraryA
VirtualAlloc
GetProcAddress
Number of PE resources by type
RT_STRING 12
RT_MENU 2
RT_DIALOG 1
RT_ICON 1
Struct(241) 1
RT_ACCELERATOR 1
RT_BITMAP 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 18
NEUTRAL 2
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2013:10:11 18:01:02+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
32768

LinkerVersion
6.0

FileAccessDate
2014:02:20 17:18:05+01:00

EntryPoint
0x1000

InitializedDataSize
16384

SubsystemVersion
4.512

ImageVersion
0.0

OSVersion
4.0

FileCreateDate
2014:02:20 17:18:05+01:00

UninitializedDataSize
0

Compressed bundles
File identification
MD5 d880cd5e3fe803c17f4208552ec22698
SHA1 e09358933f57bf6b203f3ba189219c7800a48eef
SHA256 dcecd5fb0ca3b5fbb9caf952a3a0237d861f4ed2cb9ac89bc44477986e9c9e3c
ssdeep
1536:DE/tbRRkFA1UqWzOiEjt3csQYcEfhmV8r7jJ:Q1CkDWu3EEpDHjJ

imphash 09d0478591d4f788cb3e5ea416c25237
File size 48.7 KB ( 49877 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 EXE PECompact compressed (v2.x) (54.1%)
Win32 EXE PECompact compressed (generic) (38.0%)
Win32 Executable (generic) (4.1%)
Generic Win/DOS Executable (1.8%)
DOS Executable Generic (1.8%)
Tags
pecompact peexe

VirusTotal metadata
First submission 2013-10-15 09:15:11 UTC ( 6 months, 1 week ago )
Last submission 2014-02-20 16:17:55 UTC ( 1 month, 4 weeks ago )
File names c-8eba4-356-1381828503
image_1015_900511_300.jpeg.exe
d880cd5e3fe803c17f4208552ec22698.exe
d880cd5e3fe803c17f4208552ec22698
d880cd5e3fe803c17f4208552ec22698
dcecd5fb0ca3b5fbb9caf952a3a0237d861f4ed2cb9ac89bc44477986e9c9e3c
image.jpeg.exe
2.exe
Confirming.docx.exe
image_1015_900511_300_jpeg_exe
Confirming 874009485990.docx.exe
Confirming 874009485990.docx.ex
file-6149672_exe
avast-Antivirus-Order-Details.pdf.exe
Advanced heuristic and reputation engines
ClamAV PUA
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: http://www.clamav.net/index.php?s=pua&lang=en .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!