× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: e2c4e89334403a2e89be0d8ffca00b2b66b3c5db37bce6570d13e62e6fa3ffde
File name: VirusShare_0d0aa686cf4cabaa19c552cbb6c96906
Detection ratio: 54 / 72
Analysis date: 2019-01-10 15:03:48 UTC ( 3 months, 1 week ago )
Antivirus Result Update
Ad-Aware Win32.Worm.IM.K 20190110
AegisLab Trojan.Win32.LolBot.m!c 20190110
ALYac Win32.Worm.IM.K 20190110
Antiy-AVL Trojan[Backdoor]/Win32.LolBot 20190110
Arcabit Win32.Worm.IM.K 20190110
Avast Win32:Trojan-gen 20190110
AVG Win32:Trojan-gen 20190110
Avira (no cloud) WORM/Rbot.Gen 20190110
AVware BehavesLike.Win32.Malware.eah (mx-v) 20180925
BitDefender Win32.Worm.IM.K 20190110
Bkav W32.WinmbuX.Trojan 20190108
CAT-QuickHeal Backdoor.Ircbot.29066 20190110
ClamAV Win.Trojan.Agent-201677 20190110
CMC Backdoor.Win32.LolBot!O 20190110
Comodo Suspicious@#1lfr80ktgzloe 20190110
CrowdStrike Falcon (ML) malicious_confidence_80% (D) 20181023
Cybereason malicious.6cf4ca 20190109
Cylance Unsafe 20190110
Cyren W32/GenBl.0D0AA686!Olympus 20190110
DrWeb BackDoor.IRC.Bot.260 20190110
Emsisoft Win32.Worm.IM.K (B) 20190110
Endgame malicious (high confidence) 20181108
ESET-NOD32 Win32/Boberog.AK 20190110
F-Secure Win32.Worm.IM.K 20190110
Fortinet W32/Scar.SKE!tr 20190110
GData Win32.Worm.IM.K 20190110
Ikarus Worm.Win32.Silly_P2P 20190110
Jiangmin Trojan/Scar.ovj 20190110
K7AntiVirus Trojan ( 004bf6891 ) 20190110
K7GW Trojan ( 004bf6891 ) 20190110
Kaspersky HEUR:Trojan.Win32.Generic 20190110
Kingsoft Win32.Troj.Scar.(kcloud) 20190110
MAX malware (ai score=100) 20190110
McAfee Artemis!0D0AA686CF4C 20190110
McAfee-GW-Edition Artemis!Virus 20190110
Microsoft Worm:Win32/Pushbot 20190110
eScan Win32.Worm.IM.K 20190110
NANO-Antivirus Trojan.Win32.Scar.rnao 20190110
Panda Generic Malware 20190109
Qihoo-360 Malware.Radar01.Gen 20190110
Rising Worm.Silly_P2P!8.167B (CLOUD) 20190110
Sophos AV Mal/IRCBot-B 20190110
Symantec W32.Opanki 20190110
TACHYON Trojan/W32.Scar.50688.D 20190110
TheHacker Trojan/Scar.bbwe 20190106
TrendMicro WORM_SILLY_0000000.TOMA 20190110
TrendMicro-HouseCall WORM_SILLY_0000000.TOMA 20190110
VBA32 Backdoor.LolBot 20190110
VIPRE BehavesLike.Win32.Malware.eah (mx-v) 20190110
ViRobot Backdoor.Win32.S.LolBot.50688 20190110
Webroot W32.Trojan.Trojan-Buzus 20190110
Yandex Trojan.Scar!7FUxmrlW2Bk 20181229
Zillya Trojan.Scar.Win32.30507 20190109
ZoneAlarm by Check Point HEUR:Trojan.Win32.Generic 20190110
Acronis 20190110
AhnLab-V3 20190109
Alibaba 20180921
Avast-Mobile 20190110
Babable 20180918
Baidu 20190110
eGambit 20190110
F-Prot 20190110
Sophos ML 20181128
Malwarebytes 20190110
Palo Alto Networks (Known Signatures) 20190110
SentinelOne (Static ML) 20181223
SUPERAntiSpyware 20190109
Tencent 20190110
TotalDefense 20190110
Trapmine 20190103
Trustlook 20190110
Zoner 20190110
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
PEiD Armadillo v1.71
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2009-12-29 01:46:55
Entry Point 0x00004387
Number of sections 3
PE sections
PE imports
RegSetValueExA
RegCloseKey
RegCreateKeyExA
GetLastError
HeapFree
GetStdHandle
LCMapStringW
SetHandleCount
lstrcmpiA
WaitForSingleObject
GetOEMCP
LCMapStringA
HeapReAlloc
CopyFileA
ExitProcess
GetVersionExA
GetEnvironmentStringsW
GlobalUnlock
LoadLibraryA
RtlUnwind
ExitThread
FreeEnvironmentStringsA
HeapAlloc
GetCurrentProcess
GetEnvironmentStrings
GetLocaleInfoA
SetFilePointer
GetWindowsDirectoryA
UnhandledExceptionFilter
SetErrorMode
MultiByteToWideChar
FreeEnvironmentStringsW
GetCPInfo
GetCommandLineA
GetProcAddress
SetStdHandle
CreateMutexA
GetSystemDefaultLangID
GetTempPathA
RaiseException
CreateFileA
CreateThread
GetFileAttributesA
GetStringTypeA
GetModuleHandleA
FlushFileBuffers
ReadFile
SetUnhandledExceptionFilter
WriteFile
GetStartupInfoA
CloseHandle
GetACP
GlobalLock
GetStringTypeW
ExpandEnvironmentStringsA
SetFileAttributesA
LocalFree
TerminateProcess
CreateProcessA
GetModuleFileNameA
WideCharToMultiByte
GetEnvironmentVariableA
HeapCreate
GlobalAlloc
VirtualFree
HeapDestroy
Sleep
GetFileType
SetEndOfFile
IsBadCodePtr
GetTickCount
GetVersion
VirtualAlloc
VariantInit
VariantClear
SysAllocString
PathRemoveFileSpecA
SetFocus
EmptyClipboard
FindWindowExA
IsWindow
BlockInput
SetClipboardData
VkKeyScanA
SendMessageA
SetForegroundWindow
FindWindowA
CloseClipboard
ShowWindow
keybd_event
OpenClipboard
socket
recv
inet_addr
send
WSACleanup
WSAStartup
gethostbyname
connect
htons
closesocket
select
CoUninitialize
CoCreateInstance
CoInitialize
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

SubsystemVersion
4.0

MachineType
Intel 386 or later, and compatibles

TimeStamp
2009:12:29 02:46:55+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
32768

LinkerVersion
6.0

FileTypeExtension
exe

InitializedDataSize
26112

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

EntryPoint
0x4387

OSVersion
4.0

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 0d0aa686cf4cabaa19c552cbb6c96906
SHA1 41b0e5e3ece7c1866b3562d3f02b73e9d6faf91f
SHA256 e2c4e89334403a2e89be0d8ffca00b2b66b3c5db37bce6570d13e62e6fa3ffde
ssdeep
768:u1IAEdaZI7ZCl4kUpzmHPrkAkSU81utHNAWmo5SqowCGdtC:uOAEdeI7Zi4oCO1yHZnoNAC

authentihash 9e83d41b8c22d7c852cbd61cf26e96aacda7e6f2b7aee8a1339224207454c643
imphash e3f1a21a966036f2b4bcbd433643c3e3
File size 49.5 KB ( 50688 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe armadillo

VirusTotal metadata
First submission 2010-04-03 19:39:40 UTC ( 9 years ago )
Last submission 2019-01-10 15:03:48 UTC ( 3 months, 1 week ago )
File names 41b0e5e3ece7c1866b3562d3f02b73e9d6faf91f
aa
0D0AA686CF4CABAA19C552CBB6C96906.bin
0d0aa686cf4cabaa19c552cbb6c96906
2aCZujPpQ2.png
VirusShare_0d0aa686cf4cabaa19c552cbb6c96906
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Behaviour characterization
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!