× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: ee2107d3d4fd2cb3977376b38c15baa199f04f258263ca7e98cb28afc00d2dd0
File name: svc-xjvm.exe
Detection ratio: 40 / 51
Analysis date: 2014-06-05 23:42:04 UTC ( 1 year, 1 month ago )
Antivirus Result Update
AVG Generic10_c.AECD 20140605
Ad-Aware Trojan.GenericKD.1558296 20140605
Agnitum Trojan.DR.Dapato!a1Va7RYIl5A 20140605
AhnLab-V3 Trojan/Win32.FakeAV 20140605
AntiVir TR/Crypt.XPACK.Gen7 20140605
Antiy-AVL Trojan[Dropper]/Win32.Dapato 20140606
Avast Win32:FakeAV-FIP [Trj] 20140605
Baidu-International Trojan.Win32.Dapato.aaYn 20140605
BitDefender Trojan.GenericKD.1558296 20140605
CAT-QuickHeal Rogue.FakePAV.g3 (Not a Virus) 20140605
Comodo Application.Win32.AdWare.WindowsExpertConsole.AL 20140606
DrWeb Trojan.FakeAV.16640 20140605
ESET-NOD32 a variant of Win32/AdWare.WindowsExpertConsole.AL 20140605
Emsisoft Trojan.GenericKD.1558296 (B) 20140605
F-Secure Trojan.GenericKD.1558296 20140606
Fortinet W32/FakeAV.AC!tr 20140605
GData Trojan.GenericKD.1558296 20140606
Ikarus Trojan.Win32.FakeAV 20140605
K7AntiVirus Adware ( 00493ef41 ) 20140605
K7GW Adware ( 00493ef41 ) 20140605
Kaspersky Trojan-Dropper.Win32.Dapato.dlwd 20140605
Kingsoft Win32.Troj.Dapato.dl.(kcloud) 20140606
Malwarebytes Rogue.FakeAV 20140605
McAfee FakeAlert-FTG!BE886EB66CC3 20140606
McAfee-GW-Edition FakeAlert-FTG!BE886EB66CC3 20140605
MicroWorld-eScan Trojan.GenericKD.1558296 20140606
Microsoft Rogue:Win32/FakePAV 20140605
NANO-Antivirus Trojan.Win32.Dapato.culekq 20140605
Norman FakeAV.STR 20140605
Panda Trj/Zbot.M 20140605
Qihoo-360 Win32/Trojan.Multi.daf 20140606
SUPERAntiSpyware Trojan.Agent/Gen-Dapato 20140605
Symantec Trojan.FakeAV 20140606
Tencent Win32.Trojan-dropper.Dapato.Pits 20140606
TrendMicro TROJ_FAKEAV.OUN 20140605
TrendMicro-HouseCall TROJ_FAKEAV.OUN 20140605
VBA32 TrojanDropper.Dapato 20140605
VIPRE Trojan.Win32.WindowsExpertConsole.af (v) 20140605
ViRobot Trojan.Win32.S.FakeAV.1084416 20140605
nProtect Trojan.GenericKD.1558296 20140605
AegisLab 20140605
Bkav 20140604
ByteHero 20140606
CMC 20140605
ClamAV 20140605
Commtouch 20140606
F-Prot 20140605
Rising 20140605
Sophos 20140605
TheHacker 20140602
TotalDefense 20140605
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
F-PROT UPX
PEiD UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-02-05 04:53:53
Link date 5:53 AM 2/5/2014
Entry Point 0x001A8090
Number of sections 3
PE sections
PE imports
RegOpenKeyW
_TrackMouseEvent
SaveDC
VirtualFree
ExitProcess
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
AlphaBlend
LresultFromObject
VariantClear
GetProcessImageFileNameW
DragFinish
PathIsUNCW
VerQueryValueW
InternetOpenA
OpenPrinterW
GetFileTitleW
GdipFree
DoDragDrop
OleUIBusyW
Number of PE resources by type
Struct(300) 58
RT_DATA 2
RT_ICON 1
RT_MANIFEST 1
RT_IMAGE 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 65
ExifTool file metadata
CodeSize
1011712

SubsystemVersion
4.0

Comments
GFH Ltd

LinkerVersion
8.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.2.2.1

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
GFH Ltd

CharacterSet
Unicode

InitializedDataSize
77824

FileOS
Win32

MIMEType
application/octet-stream

LegalCopyright
GFH Copyright (C) 2014

FileVersion
1, 2, 2, 1

TimeStamp
2014:02:05 05:53:53+01:00

FileType
Win32 EXE

PEType
PE32

FileAccessDate
2014:06:06 00:42:17+01:00

ProductVersion
1, 2, 2, 1

UninitializedDataSize
724992

OSVersion
4.0

FileCreateDate
2014:06:06 00:42:17+01:00

OriginalFilename
GFH Ltd

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
GFH Ltd

LegalTrademarks
GFH Ltd

ProductName
GFH Ltd

ProductVersionNumber
1.2.2.1

EntryPoint
0x1a8090

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 be886eb66cc39b0bbf3b237b476633a5
SHA1 36c3671f37f414ad6e0954e094a1a7bd0dcc34fc
SHA256 ee2107d3d4fd2cb3977376b38c15baa199f04f258263ca7e98cb28afc00d2dd0
ssdeep
24576:M2xJbbGmTvmN9BfQ0lc4Bt4Xsk2QkibF5BOWe8JH0:M6bb3MQ0lc434n2Qhh5kWe8JU

imphash 2b9e2b524dea3db6bd940c84f84c3a28
File size 1.0 MB ( 1084416 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID UPX compressed Win32 Executable (42.3%)
Win32 EXE Yoda's Crypter (36.7%)
Win32 Dynamic Link Library (generic) (9.1%)
Win32 Executable (generic) (6.2%)
Generic Win/DOS Executable (2.7%)
Tags
peexe upx

VirusTotal metadata
First submission 2014-02-05 06:52:51 UTC ( 1 year, 5 months ago )
Last submission 2014-02-07 18:14:32 UTC ( 1 year, 5 months ago )
File names setup[1].exe
svc-nheh.exe
svc-uges.exe
svc-dwhj.exe
svc-hjyl.exe
svc-xjvm.exe
svc-lbvq.exe
svc-ddrs.exe
file-6561257_exe
svc-nheh.exe.vir
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: http://www.clamav.net/doc/pua.html .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!