× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: ea57f94a39c92572589908125c243aa1088a50ec55af83a09b181061fbfd83a0
File name: test
Detection ratio: 41 / 54
Analysis date: 2014-06-26 05:09:31 UTC ( 4 years, 8 months ago )
Antivirus Result Update
Ad-Aware Trojan.Generic.KDV.877499 20140626
Yandex Trojan.Scar!Iyulsb/hQ/o 20140625
AntiVir TR/Crypt.XPACK.Gen 20140625
Antiy-AVL Trojan/Win32.Scar 20140625
Avast Win32:Malware-gen 20140626
Baidu-International Trojan.Win32.Scar.as 20140625
BitDefender Trojan.Generic.KDV.877499 20140626
Bkav W32.Clodeee.Trojan.3b0a 20140625
ByteHero Virus.Win32.Part.a 20140626
CMC Trojan.Win32.Scar!O 20140624
Comodo UnclassifiedMalware 20140626
DrWeb Trojan.Siggen5.9048 20140626
Emsisoft Trojan.Generic.KDV.877499 (B) 20140626
ESET-NOD32 Win32/Agent.UYE 20140626
F-Secure Trojan.Generic.KDV.877499 20140626
Fortinet W32/Scar.HGEQ!tr 20140626
GData Trojan.Generic.KDV.877499 20140626
Ikarus Trojan.Win32.Scar 20140626
Jiangmin Trojan/Scar.axbw 20140626
K7AntiVirus Trojan ( 00435d4c1 ) 20140625
K7GW Trojan ( 00435d4c1 ) 20140625
Kaspersky Trojan.Win32.Scar.hgeq 20140626
Kingsoft Win32.Troj.Scar.hg.(kcloud) 20140626
Malwarebytes Trojan.Agent 20140626
McAfee Artemis!0DA6303734D2 20140626
McAfee-GW-Edition Artemis!0DA6303734D2 20140625
eScan Trojan.Generic.KDV.877499 20140626
NANO-Antivirus Trojan.Win32.Scar.bibyej 20140626
Norman Suspicious_Gen4.CNAOK 20140625
nProtect Trojan.Generic.KDV.877499 20140626
Panda Generic Malware 20140625
Qihoo-360 HEUR/Malware.QVM20.Gen 20140626
Rising PE:Trojan.Agent!6.250 20140623
Sophos AV Mal/Generic-S 20140625
Symantec Trojan.Gen 20140626
Tencent Win32.Trojan.Scar.Iss 20140626
TrendMicro TROJ_GEN.R0CBC0EE714 20140626
TrendMicro-HouseCall TROJ_GEN.R0CBC0EE714 20140626
VBA32 Trojan.Scar 20140625
VIPRE Trojan.Win32.Generic!BT 20140626
Zillya Trojan.Scar.Win32.79783 20140625
AegisLab 20140626
AhnLab-V3 20140625
AVG 20140625
CAT-QuickHeal 20140625
ClamAV 20140625
Commtouch 20140626
F-Prot 20140626
Microsoft 20140626
SUPERAntiSpyware 20140626
TheHacker 20140624
TotalDefense 20140625
ViRobot 20140626
Zoner 20140625
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-02-02 23:34:30
Entry Point 0x00001219
Number of sections 4
PE sections
PE imports
RegCreateKeyA
RegCloseKey
RegSetValueExA
strchr
_itoa
memset
strstr
raise
fputc
pow
localeconv
memmove
strcat
strcmp
wcslen
signal
wctomb
exit
__GetMainArgs
_strnicmp
strtol
memcpy
_iob
GetFullPathNameA
GetLastError
GetTempPathA
CreateMutexA
FindFirstFileA
GetDriveTypeA
FindClose
CopyFileA
Sleep
FindNextFileA
RtlUnwind
ShellExecuteA
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2013:02:03 00:34:30+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
27648

LinkerVersion
2.55

FileAccessDate
2014:06:26 06:10:08+01:00

EntryPoint
0x1219

InitializedDataSize
5632

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
1.0

FileCreateDate
2014:06:26 06:10:08+01:00

UninitializedDataSize
1536

File identification
MD5 0da6303734d2b01321241d7fb7e36272
SHA1 54286b7281d12560101cfa9542df7a1b15230826
SHA256 ea57f94a39c92572589908125c243aa1088a50ec55af83a09b181061fbfd83a0
ssdeep
768:wgI1gVRXyV1qeUJYNnYzUiFroPrPAgSaqY8LpoZKSxvfTUDqG+L:wzmTiHVAUJLNqYa6PVoOxL

imphash c29715353ff6fa7009d8031fc7a576e5
File size 33.5 KB ( 34336 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (61.6%)
Win32 Dynamic Link Library (generic) (14.6%)
Win32 Executable (generic) (10.0%)
Win16/32 Executable Delphi generic (4.6%)
Generic Win/DOS Executable (4.4%)
Tags
peexe

VirusTotal metadata
First submission 2013-02-26 13:43:08 UTC ( 5 years, 12 months ago )
Last submission 2014-06-26 05:09:31 UTC ( 4 years, 8 months ago )
File names 0da6303734d2b01321241d7fb7e36272
vt-upload-Yswfe
aa
virussign.com_0da6303734d2b01321241d7fb7e36272.exe
10285269
0da6303734d2b01321241d7fb7e36272
0DA6303734D2B01321241D7FB7E36272.exe
mSGK7.dot
test
flusb.exe
output.10285269.txt
0da6303734d2b01321241d7fb7e36272.exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Copied files
Set keys
Created processes
Shell commands
Created mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.