× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: ee751d655a736d73212ebec259a730465b2003585db1444333e56c04f1fb94f5
File name: d192b2f50232537bdf0d1fc819e5b194
Detection ratio: 44 / 51
Analysis date: 2014-06-06 13:35:44 UTC ( 3 years, 8 months ago )
Antivirus Result Update
Ad-Aware Trojan.Generic.KD.364656 20140606
Yandex Trojan.CL.Delf!dj1sZHJU1Y4 20140606
AhnLab-V3 Trojan/Win32.Clicker 20140606
AntiVir TR/Crypt.CFI.Gen 20140606
Avast Win32:Trojan-gen 20140606
AVG Clicker.AUAM 20140606
Baidu-International Trojan.Win32.Clicker.AA 20140606
BitDefender Trojan.Generic.KD.364656 20140606
Bkav W32.Clod3de.Trojan.d9bb 20140606
CMC Trojan-Clicker.Win32.Agent!O 20140606
Commtouch W32/Yeeha.A.gen!Eldorado 20140606
Comodo UnclassifiedMalware 20140606
DrWeb Trojan.Click1.62800 20140606
Emsisoft Trojan.Generic.KD.364656 (B) 20140606
ESET-NOD32 a variant of Win32/TrojanClicker.Delf.NNA 20140606
F-Prot W32/Yeeha.A.gen!Eldorado 20140606
F-Secure Trojan.Generic.KD.364656 20140606
Fortinet W32/Agent.UZJ!tr 20140606
GData Trojan.Generic.KD.364656 20140606
Ikarus Virus.Win32.Induc 20140606
K7AntiVirus Trojan ( 7000000f1 ) 20140606
K7GW Trojan ( 7000000f1 ) 20140606
Kaspersky Trojan-Clicker.Win32.Agent.uzj 20140606
Kingsoft Win32.Malware.Heur_Generic.B.(kcloud) 20140606
Malwarebytes Virus.Induc 20140606
McAfee Artemis!D192B2F50232 20140606
McAfee-GW-Edition Heuristic.LooksLike.Win32.Suspicious.C 20140606
Microsoft TrojanClicker:Win32/Yeeha.A 20140606
eScan Trojan.Generic.KD.364656 20140606
NANO-Antivirus Trojan.Win32.Agent.dthvw 20140606
Norman Suspicious_Gen2.QYNOY 20140606
nProtect Trojan/W32.Agent.246272.BV 20140605
Panda Trj/Genetic.gen 20140606
Qihoo-360 Win32/Trojan.Clicker.a39 20140606
Rising PE:Trojan.Win32.Generic.129A3199!312095129 20140606
Sophos AV Mal/Generic-S 20140606
Symantec Trojan.Gen 20140606
Tencent Win32.Trojan.Agent.dbjm 20140606
TheHacker Trojan/Clicker.Delf.nna 20140606
TotalDefense Win32/Yeeha.A 20140606
TrendMicro-HouseCall TROJ_GEN.USHXK11 20140606
VBA32 TrojanClicker.Agent 20140606
VIPRE Trojan.Win32.Generic.pak!cobra 20140606
ViRobot Trojan.Win32.A.Clicker.246272 20140606
AegisLab 20140606
Antiy-AVL 20140606
ByteHero 20140606
CAT-QuickHeal 20140606
ClamAV 20140606
SUPERAntiSpyware 20140606
TrendMicro 20140606
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
PEiD ASPack v2.12
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1992-06-19 22:22:17
Entry Point 0x000AA001
Number of sections 10
PE sections
PE imports
RegQueryValueExA
ImageList_SetIconSize
UnrealizeObject
GetProcAddress
GetModuleHandleA
LoadLibraryA
CreateStreamOnHGlobal
GetErrorInfo
SysFreeString
SafeArrayPtrOfIndex
CreateWindowExA
GetKeyboardType
VerQueryValueA
timeGetTime
WSACleanup
Number of PE resources by type
RT_STRING 24
RT_BITMAP 11
RT_GROUP_CURSOR 7
RT_CURSOR 7
RT_RCDATA 3
RT_ICON 2
RT_DIALOG 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 53
CHINESE SIMPLIFIED 3
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
1992:06:19 22:22:17+00:00

FileType
Win32 EXE

PEType
PE32

CodeSize
562176

LinkerVersion
2.25

FileAccessDate
2014:06:06 13:37:27+00:00

EntryPoint
0xaa001

InitializedDataSize
105984

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

FileCreateDate
2014:06:06 13:37:27+00:00

UninitializedDataSize
0

File identification
MD5 d192b2f50232537bdf0d1fc819e5b194
SHA1 a6fd3e257329bcb4305baa14b4e58272918da976
SHA256 ee751d655a736d73212ebec259a730465b2003585db1444333e56c04f1fb94f5
ssdeep
6144:nLKWrcvdL1UmwEj9vy0XgwI/D998MFDdM3uGa+sMm:n18p1D1tXO/8M9dM3ts

imphash c183e8b3b87796d4b5f68cd102ed0232
File size 240.5 KB ( 246272 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID ASPack compressed Win32 Executable (generic) (88.6%)
Win32 Dynamic Link Library (generic) (4.3%)
Win32 Executable (generic) (2.9%)
Win16/32 Executable Delphi generic (1.3%)
Generic Win/DOS Executable (1.3%)
Tags
peexe aspack

VirusTotal metadata
First submission 2011-09-24 21:09:28 UTC ( 6 years, 5 months ago )
Last submission 2014-06-06 13:35:44 UTC ( 3 years, 8 months ago )
File names d192b2f50232537bdf0d1fc819e5b194a6fd3e257329bcb4305baa14b4e58272918da976246272.exe
aa
d192b2f50232537bdf0d1fc819e5b194
click---.exe
_Rfc.tar.bz2
click.exe.dll
1023821
a6fd3e257329bcb4305baa14b4e58272918da976.bin
smona131711000982096325058
click.exe
w1kQUIMu.zip
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!