× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: ee2107d3d4fd2cb3977376b38c15baa199f04f258263ca7e98cb28afc00d2dd0
File name: svc-xjvm.exe
Detection ratio: 43 / 57
Analysis date: 2015-09-28 21:00:24 UTC ( 4 months, 2 weeks ago )
Antivirus Result Update
ALYac Gen:Variant.Zusy.81981 20150928
AVG Generic10_c.AECD 20150928
AVware Trojan.Win32.WindowsExpertConsole.af (v) 20150928
Ad-Aware Gen:Variant.Zusy.81981 20150928
Agnitum Trojan.DR.Dapato!a1Va7RYIl5A 20150928
AhnLab-V3 Trojan/Win32.FakeAV 20150928
Antiy-AVL Trojan[Dropper]/Win32.Dapato 20150928
Arcabit Trojan.Zusy.D1403D 20150928
Avast Win32:FakeAV-FIP [Trj] 20150928
Avira TR/Crypt.XPACK.Gen7 20150928
Baidu-International Trojan.Win32.Dropper.dlwd 20150928
BitDefender Gen:Variant.Zusy.81981 20150928
CAT-QuickHeal Rogue.FakePAV.mue 20150928
Comodo Application.Win32.AdWare.WindowsExpertConsole.AL 20150928
Cyren W32/Adware.OEWQ-4541 20150928
DrWeb Trojan.FakeAV.16640 20150928
ESET-NOD32 a variant of Win32/AdWare.WindowsExpertConsole.AL 20150928
Emsisoft Gen:Variant.Zusy.81981 (B) 20150928
F-Secure Gen:Variant.Zusy.81981 20150928
Fortinet W32/FakeAV.AC!tr 20150928
GData Gen:Variant.Zusy.81981 20150928
Ikarus Trojan.Win32.FakeAV 20150928
Jiangmin TrojanDropper.Dapato.wad 20150927
Kaspersky Trojan-Dropper.Win32.Dapato.dlwd 20150928
Kingsoft Win32.Troj.Dapato.dl.(kcloud) 20150928
Malwarebytes Rogue.FakeAV 20150928
McAfee FakeAlert-FTG!BE886EB66CC3 20150928
McAfee-GW-Edition FakeAlert-FTG!BE886EB66CC3 20150928
MicroWorld-eScan Gen:Variant.Zusy.81981 20150928
Microsoft Rogue:Win32/FakePAV 20150928
NANO-Antivirus Trojan.Win32.Dapato.culekq 20150928
Panda Trj/Zbot.M 20150928
Qihoo-360 Win32/Trojan.Multi.daf 20150928
SUPERAntiSpyware Trojan.Agent/Gen-Dapato 20150928
Sophos Mal/FakeAV-UM 20150928
Symantec Trojan.FakeAV 20150928
Tencent Win32.Trojan-dropper.Dapato.Pits 20150928
TrendMicro TROJ_FAKEAV.OUN 20150928
TrendMicro-HouseCall TROJ_FAKEAV.OUN 20150928
VBA32 TrojanDropper.Dapato 20150928
VIPRE Trojan.Win32.WindowsExpertConsole.af (v) 20150928
ViRobot Trojan.Win32.S.FakeAV.1084416[h] 20150928
Zillya Trojan.FakeAV.Win32.292334 20150928
AegisLab 20150928
Alibaba 20150927
Bkav 20150928
ByteHero 20150928
CMC 20150928
ClamAV 20150928
F-Prot 20150928
K7AntiVirus 20150928
K7GW 20150928
Rising 20150928
TheHacker 20150926
TotalDefense 20150928
Zoner 20150928
nProtect 20150925
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
F-PROT UPX
PEiD UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-02-05 04:53:53
Link date 5:53 AM 2/5/2014
Entry Point 0x001A8090
Number of sections 3
PE sections
PE imports
RegOpenKeyW
_TrackMouseEvent
SaveDC
VirtualFree
ExitProcess
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
AlphaBlend
LresultFromObject
VariantClear
GetProcessImageFileNameW
DragFinish
PathIsUNCW
VerQueryValueW
InternetOpenA
OpenPrinterW
GetFileTitleW
GdipFree
DoDragDrop
OleUIBusyW
Number of PE resources by type
Struct(300) 58
RT_DATA 2
RT_ICON 1
RT_MANIFEST 1
RT_IMAGE 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 65
ExifTool file metadata
LegalTrademarks
GFH Ltd

SubsystemVersion
4.0

Comments
GFH Ltd

LinkerVersion
8.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.2.2.1

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
GFH Ltd

CharacterSet
Unicode

InitializedDataSize
77824

EntryPoint
0x1a8090

OriginalFileName
GFH Ltd

MIMEType
application/octet-stream

LegalCopyright
GFH Copyright (C) 2014

FileVersion
1, 2, 2, 1

TimeStamp
2014:02:05 05:53:53+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
1, 2, 2, 1

UninitializedDataSize
724992

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
GFH Ltd

CodeSize
1011712

ProductName
GFH Ltd

ProductVersionNumber
1.2.2.1

FileTypeExtension
exe

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 be886eb66cc39b0bbf3b237b476633a5
SHA1 36c3671f37f414ad6e0954e094a1a7bd0dcc34fc
SHA256 ee2107d3d4fd2cb3977376b38c15baa199f04f258263ca7e98cb28afc00d2dd0
ssdeep
24576:M2xJbbGmTvmN9BfQ0lc4Bt4Xsk2QkibF5BOWe8JH0:M6bb3MQ0lc434n2Qhh5kWe8JU

authentihash 1dea17c1039ffdd5301bd780f6376e37dc9c18ad21437283fca8085e8fa398dc
imphash 2b9e2b524dea3db6bd940c84f84c3a28
File size 1.0 MB ( 1084416 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID UPX compressed Win32 Executable (42.3%)
Win32 EXE Yoda's Crypter (36.7%)
Win32 Dynamic Link Library (generic) (9.1%)
Win32 Executable (generic) (6.2%)
Generic Win/DOS Executable (2.7%)
Tags
peexe upx

VirusTotal metadata
First submission 2014-02-05 06:52:51 UTC ( 2 years ago )
Last submission 2014-02-07 18:14:32 UTC ( 2 years ago )
File names setup[1].exe
svc-nheh.exe
svc-uges.exe
svc-dwhj.exe
svc-hjyl.exe
svc-xjvm.exe
svc-lbvq.exe
svc-ddrs.exe
file-6561257_exe
svc-nheh.exe.vir
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: http://www.clamav.net/doc/pua.html .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!