× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: e5f13e074882362fa9b3b693394a6edc296efccaa23dba31540c802d966b83df
File name: 177a3e7621a818a3e0dc37925d3a69f0
Detection ratio: 45 / 51
Analysis date: 2014-05-09 06:32:36 UTC ( 4 years, 8 months ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Graftor.54037 20140509
Yandex Trojan.Cospet!FlzIxxaUDss 20140508
AhnLab-V3 Worm/Win32.Eggnog 20140509
AntiVir TR/Cospet.X 20140509
Antiy-AVL Worm[P2P]/Win32.Eggnog 20140509
Avast Win32:Malware-gen 20140509
AVG Generic30.ADHA 20140509
Baidu-International Worm.Win32.Eggnog.AQY 20140508
BitDefender Gen:Variant.Graftor.54037 20140509
CAT-QuickHeal Worm.Eggnog.D8 20140508
ClamAV WIN.Worm.Eggnog 20140509
CMC P2P-Worm.Win32.Eggnog!O 20140506
Commtouch W32/Eggnog.A.gen!Eldorado 20140509
Comodo TrojWare.Win32.Cospet.X0 20140509
DrWeb Win32.HLLW.Kazaa.512 20140509
Emsisoft Gen:Variant.Graftor.54037 (B) 20140509
ESET-NOD32 Win32/Eggnog.E 20140508
F-Prot W32/Eggnog.A.gen!Eldorado 20140509
F-Secure Gen:Variant.Graftor.54037 20140509
Fortinet W32/Eggnog.W@mm 20140509
GData Gen:Variant.Graftor.54037 20140509
Ikarus Trojan-Dropper.Delf 20140509
Jiangmin Trojan/Cospet.hi 20140509
K7AntiVirus Trojan ( 000a4e6a1 ) 20140508
K7GW Trojan ( 000a4e6a1 ) 20140508
Kingsoft Win32.Troj.Cospet.x.(kcloud) 20140509
McAfee W32/Eggnog.worm.gen 20140509
McAfee-GW-Edition Heuristic.BehavesLike.Win32.Worm.H 20140508
Microsoft Worm:Win32/Eggnog.D 20140509
eScan Gen:Variant.Graftor.54037 20140509
NANO-Antivirus Trojan.Win32.Eggnog.qxemv 20140509
Norman Malware.GIJQ 20140508
Panda Bck/Poison.F 20140508
Qihoo-360 HEUR/Malware.QVM05.Gen 20140509
Rising PE:Worm.Eggnog!1.9A44 20140507
Sophos AV W32/Eggnog-Fam 20140509
SUPERAntiSpyware Trojan.Agent/Gen-Dedipros 20140509
Symantec W32.Nofer.A@mm 20140509
TheHacker W32/Eggnog.f 20140508
TrendMicro TROJ_GEN.F0C2C0KH513 20140509
TrendMicro-HouseCall WORM_EGGNOG.SMI 20140509
VBA32 Worm.Eggnog 20140507
VIPRE BehavesLike.Win32.Malware.tsc (mx-v) 20140509
ViRobot Worm.Win32.A.P2P-Eggnog.36850 20140509
Zillya Trojan.Cospet.Win32.221 20140509
AegisLab 20140509
Bkav 20140507
ByteHero 20140509
Malwarebytes 20140509
nProtect 20140508
TotalDefense 20140508
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1992-06-19 22:22:17
Entry Point 0x00006F9C
Number of sections 8
PE sections
PE imports
RegFlushKey
RegCloseKey
RegQueryValueExA
RegSetValueExA
RegCreateKeyExA
RegOpenKeyExA
GetLastError
GetStdHandle
EnterCriticalSection
WaitForSingleObject
FreeLibrary
QueryPerformanceCounter
ExitProcess
GetThreadLocale
GetVersionExA
GetModuleFileNameA
RtlUnwind
LoadLibraryA
DeleteCriticalSection
GetStartupInfoA
GetLocaleInfoA
LocalAlloc
UnhandledExceptionFilter
GetCommandLineA
GetProcAddress
CreateMutexA
GetModuleHandleA
RaiseException
SetFilePointer
ReadFile
WriteFile
CloseHandle
GetDiskFreeSpaceA
GetCurrentThreadId
LocalFree
InitializeCriticalSection
VirtualFree
TlsGetValue
GetFileType
SetEndOfFile
TlsSetValue
CreateFileA
GetTickCount
GetVersion
VirtualAlloc
GetFileSize
LeaveCriticalSection
SysFreeString
GetWindowLongA
CharNextA
MessageBoxA
SetWindowLongA
ShowWindow
GetKeyboardType
Number of PE resources by type
RT_RCDATA 2
Number of PE resources by language
NEUTRAL 2
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
1992:06:19 23:22:17+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
25088

LinkerVersion
2.25

FileAccessDate
2014:05:09 07:33:28+01:00

EntryPoint
0x6f9c

InitializedDataSize
5632

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

FileCreateDate
2014:05:09 07:33:28+01:00

UninitializedDataSize
0

File identification
MD5 177a3e7621a818a3e0dc37925d3a69f0
SHA1 40f99ddfe4e9d172289e262e45e38e80c3787fae
SHA256 e5f13e074882362fa9b3b693394a6edc296efccaa23dba31540c802d966b83df
ssdeep
768:ooixwqZOoQs1oRAqvQi+AFN2T6rH8E9+3KYR8BrvqVWn3Ny1rybK:ovKqZZQs1ShQi7+q0birvqVO9y7

imphash 2deade72ab849e6107d0c9687fe3c88d
File size 42.7 KB ( 43679 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Borland Delphi 6 (93.8%)
Win32 Dynamic Link Library (generic) (2.3%)
Win32 Executable (generic) (1.6%)
Win16/32 Executable Delphi generic (0.7%)
Generic Win/DOS Executable (0.7%)
Tags
peexe

VirusTotal metadata
First submission 2013-06-16 03:38:44 UTC ( 5 years, 7 months ago )
Last submission 2014-05-09 06:32:36 UTC ( 4 years, 8 months ago )
File names 177a3e7621a818a3e0dc37925d3a69f0
177a3e7621a818a3e0dc37925d3a69f0
XbaO.drv
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Created mutexes
Runtime DLLs