× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: e497aacb16064bff51485eba4bf241ca36ef066ff015caf59eae1001b6f49ffa
File name: e497aacb16064bff51485eba4bf241ca36ef066ff015caf59eae1001b6f49ffa
Detection ratio: 39 / 49
Analysis date: 2013-12-12 21:52:32 UTC ( 4 years, 5 months ago )
Antivirus Result Update
Ad-Aware Generic.FakeAV.10.716F2474 20131211
AhnLab-V3 Worm/Win32.Joleee 20131212
AntiVir TR/Joleee.33792 20131212
Avast Win32:WrongInf-A [Susp] 20131212
Baidu-International Trojan.Win32.Tedroo.AY 20131212
BitDefender Generic.FakeAV.10.716F2474 20131211
Bkav W32.DownloaderMT29AD.Trojan 20131212
ClamAV Trojan.Spambot-533 20131212
CMC Email-Worm.Win32.Joleee!O 20131212
Commtouch W32/Tedroo.A.gen!Eldorado 20131212
Comodo MalCrypt.Indus! 20131212
DrWeb Trojan.Spambot.6788 20131212
ESET-NOD32 a variant of Win32/SpamTool.Tedroo.AY 20131212
F-Prot W32/Tedroo.A.gen!Eldorado 20131212
F-Secure Generic.FakeAV.10.716F2474 20131212
Fortinet W32/Joleee.EJB@mm 20131212
GData Generic.FakeAV.10.716F2474 20131212
Ikarus Email-Worm.Win32.Joleee 20131212
K7AntiVirus EmailWorm ( 00170a0d1 ) 20131212
K7GW EmailWorm ( 00170a0d1 ) 20131212
Kaspersky HEUR:Trojan.Win32.Generic 20131212
Kingsoft Win32.Troj.Undef.(kcloud) 20130829
Malwarebytes Worm.Joleee 20131212
McAfee Spam-Mailbot.r 20131212
McAfee-GW-Edition Spam-Mailbot.r 20131212
Microsoft Spammer:Win32/Tedroo.gen!B 20131212
eScan Generic.FakeAV.10.716F2474 20131212
NANO-Antivirus Trojan.Win32.Joleee.umxr 20131212
Norman Tedroo.AA 20131212
nProtect Trojan/W32.Spammer.48640.B 20131212
Panda W32/P2PWorm.HO.worm 20131212
Rising PE:Worm.Win32.Joleee.f!1075350737 20131210
Sophos AV Troj/MassMail-B 20131212
SUPERAntiSpyware Trojan.Agent/Gen-Virut 20131211
Symantec Trojan Horse 20131212
TotalDefense Win32/Tedroo.FA 20131212
TrendMicro TROJ_SPAMER.SMA 20131212
TrendMicro-HouseCall TROJ_SPAMER.SMA 20131212
VBA32 SScope.Trojan.MTA.01058 20131211
Yandex 20131212
Antiy-AVL 20131210
AVG 20131212
ByteHero 20130613
CAT-QuickHeal 20131209
Emsisoft 20131212
Jiangmin 20131212
TheHacker 20131212
VIPRE 20131212
ViRobot 20131212
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1977-04-26 12:02:13
Entry Point 0x00007A30
Number of sections 3
PE sections
PE imports
GetSystemTime
GetLastError
HeapFree
HeapAlloc
GetModuleFileNameA
LoadLibraryA
GetLocalTime
GetCurrentProcess
GetCurrentDirectoryA
GetCurrentProcessId
OpenProcess
GetWindowsDirectoryA
GetProcAddress
GetProcessHeap
GetModuleHandleA
SetFilePointer
ReadFile
WriteFile
CloseHandle
lstrcpynA
GetSystemDirectoryA
TerminateProcess
GetTimeZoneInformation
VirtualFree
Sleep
CreateFileA
VirtualAlloc
SetCurrentDirectoryA
GetModuleFileNameExA
GetAdaptersInfo
strncmp
strchr
_chkstk
_itoa
RtlRandom
memset
atoi
sprintf
strstr
strncpy
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
1977:04:26 13:02:13+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
29696

LinkerVersion
8.0

FileAccessDate
2013:12:12 22:52:57+01:00

EntryPoint
0x7a30

InitializedDataSize
18944

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

FileCreateDate
2013:12:12 22:52:57+01:00

UninitializedDataSize
0

File identification
MD5 864f1e17b1104af96e70ed05fbe1298f
SHA1 caf95dbd3debc31c7d6e06ab662af4ab8d7475cf
SHA256 e497aacb16064bff51485eba4bf241ca36ef066ff015caf59eae1001b6f49ffa
ssdeep
768:gn3SBAdJ22b2xpj3wnyaX6+RjUuQdTf9cHdx/s6hK9Lo:qSBAbp28LfdR2

File size 47.5 KB ( 48640 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe

VirusTotal metadata
First submission 2013-12-12 17:49:06 UTC ( 4 years, 5 months ago )
Last submission 2013-12-12 21:52:32 UTC ( 4 years, 5 months ago )
File names e497aacb16064bff51485eba4bf241ca36ef066ff015caf59eae1001b6f49ffa
vt-upload-v_jW2
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Set keys
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
UDP communications