× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: ef8cd4118352aea924f4fba5b1c783e1039b2987c0c41afc1283959761ca0b96
File name: 9189d5b9a1fef7e8fabde0acfca3db72
Detection ratio: 48 / 51
Analysis date: 2014-04-06 05:37:45 UTC ( 4 years, 6 months ago )
Antivirus Result Update
Ad-Aware Trojan.Generic.3104819 20140406
Yandex Trojan.DR.Agent!iLWgW78DdQ4 20140405
AhnLab-V3 Win-Trojan/Fakeav.274973 20140405
AntiVir TR/Dropper.Gen 20140405
Antiy-AVL Trojan[Downloader]/Win32.FraudLoad 20140406
Avast Win32:FakeAlert-HM [Trj] 20140406
AVG Generic16.AYSO 20140405
Baidu-International Trojan.Win32.FraudLoa.aBZ 20140405
BitDefender Trojan.Generic.3104819 20140406
Bkav W32.installerAV.Trojan 20140405
ClamAV Trojan.Fraudload-3246 20140406
CMC Trojan-Downloader.Win32.FraudLoad!O 20140404
Commtouch W32/Risk.ALOY-6629 20140406
Comodo TrojWare.Win32.TrojanDownloader.Fraudload.~glk 20140406
DrWeb Trojan.DownLoad1.39037 20140406
Emsisoft Trojan.Generic.3104819 (B) 20140406
ESET-NOD32 Win32/Adware.NoNameAntivirus.A 20140405
F-Prot W32/MalwareF.LYDE 20140406
F-Secure Trojan.Generic.3104819 20140406
Fortinet W32/FakeAlert.AT!tr.dldr 20140405
GData Trojan.Generic.3104819 20140406
Ikarus Gen.Malware 20140406
Jiangmin TrojanDownloader.FraudLoad.lpf 20140406
K7AntiVirus Adware ( 0048dea41 ) 20140404
K7GW Adware ( 0048dea41 ) 20140404
Kaspersky Trojan-Downloader.Win32.FraudLoad.glk 20140406
Kingsoft Win32.TrojDownloader.FraudLoad.(kcloud) 20140406
Malwarebytes Trojan.FakeAlert 20140406
McAfee FakeAlert-WinwebSecurity.gen 20140406
McAfee-GW-Edition FakeAlert-WinwebSecurity.gen 20140405
Microsoft Rogue:Win32/FakeXPA 20140406
eScan Trojan.Generic.3104819 20140406
NANO-Antivirus Trojan.Win32.FraudLoad.lxpt 20140406
Norman Smalltroj.WLQD 20140406
nProtect Trojan-Downloader/W32.FraudLoad.274973 20140404
Panda Trj/Downloader.XIO 20140405
Qihoo-360 Win32/Trojan.Downloader.cee 20140406
Rising PE:Trojan.Win32.FakeAV.ayn!1075306393 20140405
Sophos AV Troj/FakeAV-ATD 20140406
SUPERAntiSpyware Trojan.Agent/Gen 20140405
Symantec Downloader.MisleadApp 20140406
TheHacker Trojan/Downloader.FraudLoad.glk 20140404
TotalDefense Win32/JustProtectPc.A 20140405
TrendMicro TROJ_FRAUD.SMLK 20140406
TrendMicro-HouseCall TROJ_FRAUD.SMLK 20140406
VBA32 TrojanDownloader.FraudLoad 20140404
VIPRE Trojan.Win32.Generic.pak!cobra 20140406
ViRobot Spyware.FraudLoad.Do.274973 20140406
AegisLab 20140406
ByteHero 20140406
CAT-QuickHeal 20140405
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2009-11-05 11:00:15
Entry Point 0x00003D2F
Number of sections 4
PE sections
PE imports
GlobalFindAtomW
GlobalReAlloc
lstrcatA
EnumSystemLocalesW
EndUpdateResourceW
CreateProcessW
GetDateFormatW
GetAtomNameW
VirtualProtect
DeleteFileW
GetModuleHandleW
Number of PE resources by type
RT_ICON 1
RT_MANIFEST 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 3
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2009:11:05 12:00:15+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
15872

LinkerVersion
6.0

FileAccessDate
2014:04:06 06:37:16+01:00

EntryPoint
0x3d2f

InitializedDataSize
249344

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

FileCreateDate
2014:04:06 06:37:16+01:00

UninitializedDataSize
0

File identification
MD5 9189d5b9a1fef7e8fabde0acfca3db72
SHA1 7859a081d51aa8074e037abce93d4b2656a39ab5
SHA256 ef8cd4118352aea924f4fba5b1c783e1039b2987c0c41afc1283959761ca0b96
ssdeep
6144:3TSlJqvfotn2bg50OuEkEsVAmwqnQkkZe:3T8qvf82bg50OuEkEbtkkZe

imphash fc09a412c570a631c5943dbdf6ab5cf5
File size 268.5 KB ( 274973 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (71.2%)
Win32 Executable (generic) (10.2%)
Win16/32 Executable Delphi generic (4.7%)
Clipper DOS Executable (4.6%)
Generic Win/DOS Executable (4.5%)
Tags
peexe

VirusTotal metadata
First submission 2010-02-08 15:50:04 UTC ( 8 years, 8 months ago )
Last submission 2014-04-06 05:37:45 UTC ( 4 years, 6 months ago )
File names 9189D5B9A1FEF7E8FABDE0ACFCA3DB72
7QtD.rtf
9189d5b9a1fef7e8fabde0acfca3db72
aa
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Opened mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.