× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: e9192edaaaffcf38ead5f6d1501245b62bd19f70a81535fb2dc42f8ba46856f8
File name: 1A.tmp
Detection ratio: 29 / 42
Analysis date: 2012-04-25 17:39:19 UTC ( 6 years, 5 months ago ) View latest
Antivirus Result Update
AhnLab-V3 Trojan/Win32.Cidox 20120424
AntiVir TR/Dldr.Vundo.hiyv.1 20120425
Avast Win32:MalOb-JZ [Cryp] 20120425
AVG Generic_r.ANV 20120425
BitDefender Gen:Variant.Barys.35 20120425
Commtouch W32/Virtumonde.CW.gen!Eldorado 20120425
Comodo TrojWare.Win32.TrojanDownloader.Vundo.BB 20120425
DrWeb Trojan.Mayachok.552 20120425
Emsisoft Trojan-Downloader.Win32.Vundo!IK 20120425
eTrust-Vet Win32/Vundo.I!generic 20120425
F-Prot W32/Virtumonde.CW.gen!Eldorado 20120425
F-Secure Gen:Variant.Barys.35 20120425
Fortinet W32/Kryptik.CIK!tr 20120425
GData Gen:Variant.Barys.35 20120425
Ikarus Trojan-Downloader.Win32.Vundo 20120425
Jiangmin Trojan/Cidox.idu 20120425
K7AntiVirus Trojan 20120425
Kaspersky Trojan-Dropper.Win32.Cidox.urd 20120425
McAfee Downloader.a!bjw 20120425
McAfee-GW-Edition Downloader.a!bjw 20120425
Microsoft TrojanDownloader:Win32/Vundo.HIY 20120425
NOD32 a variant of Win32/Kryptik.ABVR 20120425
Norman W32/Vundo.BCZQ 20120425
Panda Suspicious file 20120425
Sophos AV Troj/Virtum-Gen 20120425
SUPERAntiSpyware Trojan.Agent/Gen-Vundo 20120402
TrendMicro-HouseCall TROJ_GEN.R47CDDP 20120425
VIPRE Virtumonde 20120425
VirusBuster Trojan.DR.Cidox!rfxiUn+UgZc 20120425
Antiy-AVL 20120425
ByteHero 20120424
CAT-QuickHeal 20120425
ClamAV 20120425
eSafe 20120424
nProtect 20120425
PCTools 20120424
Rising 20120425
Symantec 20120425
TheHacker 20120425
TrendMicro 20120425
VBA32 20120425
ViRobot 20120425
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
Packers identified
PEiD Armadillo v1.xx - v2.xx
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-03-02 14:32:11
Entry Point 0x0000723E
Number of sections 6
PE sections
PE imports
GetLastError
HeapFree
GetStdHandle
LCMapStringW
SetHandleCount
lstrcmpiA
GetOEMCP
QueryPerformanceCounter
HeapDestroy
GetTickCount
GetEnvironmentStringsW
LoadLibraryA
RtlUnwind
GetModuleFileNameA
FreeEnvironmentStringsA
HeapAlloc
GetCurrentProcess
GetEnvironmentStrings
GetCurrentProcessId
GetCPInfo
MultiByteToWideChar
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
WideCharToMultiByte
GetStringTypeA
WriteFile
GetStartupInfoA
CloseHandle
GetSystemTimeAsFileTime
GetACP
HeapReAlloc
GetStringTypeW
GetVersion
TerminateProcess
LCMapStringA
HeapCreate
VirtualFree
GetFileType
ExitProcess
GetCurrentThreadId
VirtualAlloc
PathFileExistsA
MessageBoxA
GetForegroundWindow
GetSystemMetrics
GetDC
PE exports
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2012:03:02 14:32:11+00:00

FileType
Win32 DLL

PEType
PE32

CodeSize
36864

LinkerVersion
6.0

EntryPoint
0x723e

InitializedDataSize
16384

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 e571da13d524b0977fa2a9beff34f982
SHA1 94cae46330bd5cd380e407f6fa30c71e0e4b7dc2
SHA256 e9192edaaaffcf38ead5f6d1501245b62bd19f70a81535fb2dc42f8ba46856f8
ssdeep
768:NczHNqQGokb0jBrfR5sbJw2/D3TXp6yiXnXo9Mr:GzrGo5j13sFweHXpNmXoQ

File size 52.0 KB ( 53248 bytes )
File type Win32 DLL
Magic literal
MS-DOS executable PE for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
Tags
armadillo pedll

VirusTotal metadata
First submission 2012-04-24 11:25:17 UTC ( 6 years, 5 months ago )
Last submission 2013-02-03 06:03:21 UTC ( 5 years, 8 months ago )
File names b1c6bc0f961a1f7d075b2166ac0b5d1377f1c1afd7b5c5150b324217d6e143a97246a98f7131c69a6cbe3d81ea52fb2cd5a9129e9b081a5b0a0edc9251fe94fd
e571da13d524b0977fa2a9beff34f982
1A.tmp
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!