× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: e13f1ebe7d5cbf8daa220d24afa42c3195b8473ae64dd0b4efedd1d3c7e7deb1
File name: 122.160.124.202:1073-146.185.246.50:80.0._exe
Detection ratio: 36 / 46
Analysis date: 2013-04-04 04:57:33 UTC ( 5 years, 6 months ago )
Antivirus Result Update
Yandex Worm.Pushbot!iIxzBBRrJL0 20130403
AhnLab-V3 Trojan/Win32.Jorik 20130403
AntiVir Worm/Pushbot.107520 20130404
Avast Win32:Ranbyus-AI [Trj] 20130404
AVG Generic30.QCR 20130403
BitDefender Gen:Variant.Symmi.4043 20130404
CAT-QuickHeal Trojan.Buzus.mqnx 20130404
Commtouch W32/Backdoor.LAQN-1630 20130404
Comodo TrojWare.Win32.PWS.ZBot.AAA 20130403
DrWeb BackDoor.IRC.Bot.166 20130404
ESET-NOD32 IRC/SdBot 20130404
F-Secure Gen:Variant.Symmi.4043 20130404
Fortinet W32/Ransom.AAX!tr 20130404
GData Gen:Variant.Symmi.4043 20130404
Ikarus Trojan.Win32.Tobfy 20130404
Jiangmin Trojan/Buzus.arkq 20130404
K7AntiVirus Riskware 20130402
Kaspersky Trojan.Win32.Buzus.mqnx 20130404
Kingsoft Win32.Troj.Buzus.(kcloud) 20130401
Malwarebytes Trojan.Ransom 20130403
McAfee PWS-Zbot.gen.apx 20130404
McAfee-GW-Edition PWS-Zbot.gen.apx 20130404
Microsoft Worm:Win32/Pushbot.gen 20130404
NANO-Antivirus Trojan.Win32.Buzus.bbgayt 20130404
Norman Suspicious_Gen4.BKZBD 20130403
nProtect Trojan/W32.Buzus.107520.AA 20130403
Panda Trj/DataRecovery.A 20130403
PCTools Trojan.IRCBot!rem 20130404
Sophos AV Mal/EncPk-AHQ 20130404
Symantec W32.IRCBot 20130404
TheHacker Trojan/Buzus.mqnx 20130404
TrendMicro TROJ_SPNR.2BK712 20130404
TrendMicro-HouseCall TROJ_SPNR.2BK712 20130404
VBA32 Trojan.Buzus 20130403
VIPRE Trojan.Win32.Encpk.ahq (v) 20130404
ViRobot Trojan.Win32.A.Buzus.107520.G 20130404
Antiy-AVL 20130403
ByteHero 20130322
ClamAV 20130404
Emsisoft 20130404
eSafe 20130403
F-Prot 20130404
eScan 20130404
Rising 20130403
SUPERAntiSpyware 20130404
TotalDefense 20130403
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-10-31 23:28:50
Entry Point 0x000010EC
Number of sections 8
PE sections
PE imports
CopyEnhMetaFileW
Chord
ChoosePixelFormat
AddFontMemResourceEx
GetLastError
HeapFree
GetStdHandle
EnterCriticalSection
SetHandleCount
GetOEMCP
ExitProcess
TlsAlloc
GetVersionExA
GetModuleFileNameA
RtlUnwind
LoadLibraryA
GetLocalTime
DeleteCriticalSection
GetStartupInfoA
GetEnvironmentStrings
SetConsoleCtrlHandler
WideCharToMultiByte
UnhandledExceptionFilter
MultiByteToWideChar
GetCommandLineA
GetProcAddress
GetProcessHeap
SetFilePointer
RaiseException
GetCPInfo
TlsFree
GetModuleHandleA
WriteFile
CloseHandle
GetACP
GetStringTypeW
GetCurrentThreadId
GlobalMemoryStatus
InitializeCriticalSection
VirtualQuery
VirtualFree
TlsGetValue
GetFileType
TlsSetValue
CreateFileA
HeapAlloc
GetVersion
VirtualAlloc
SetLastError
LeaveCriticalSection
wsprintfA
MessageBoxA
EnumThreadWindows
PE exports
Number of PE resources by type
RT_BITMAP 1
RT_RCDATA 1
Number of PE resources by language
NEUTRAL 1
ENGLISH US 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2012:11:01 00:28:50+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
45056

LinkerVersion
5.0

EntryPoint
0x10ec

InitializedDataSize
64512

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 21086972f2a8d69d188469b06960bac9
SHA1 e993d829f5378a426c2e50c202e5565cb40f1d5d
SHA256 e13f1ebe7d5cbf8daa220d24afa42c3195b8473ae64dd0b4efedd1d3c7e7deb1
ssdeep
1536:+Nvffkyn3Nq8hZzgWGIM89xj9ls5AqNhGcGBLcItCn6PZblOT:s8yn3Nq8wOMYliAqcTPZZO

File size 105.0 KB ( 107520 bytes )
File type Win32 EXE
Magic literal
MS-DOS executable PE for MS Windows (GUI) Intel 80386 32-bit

TrID DOS Executable Borland C++ (39.2%)
Win32 Executable Generic (25.7%)
Win32 Dynamic Link Library (generic) (22.8%)
Generic Win/DOS Executable (6.0%)
DOS Executable Generic (6.0%)
Tags
peexe

VirusTotal metadata
First submission 2012-11-03 19:58:26 UTC ( 5 years, 11 months ago )
Last submission 2013-04-04 04:57:33 UTC ( 5 years, 6 months ago )
File names 122.160.124.202:1073-146.185.246.50:80.0._exe
vqb9uKzi
21086972f2a8d69d188469b0696
file-4753356_exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!