× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: f058cc4d745dcb845f331511c6c10124acb92554f35cca54522d15fb115095e1
File name: 8820d159ae7402f9bd5f5f669fce85e3
Detection ratio: 49 / 51
Analysis date: 2014-04-05 11:33:03 UTC ( 5 years ago )
Antivirus Result Update
Ad-Aware Trojan.Generic.5044501 20140405
Yandex Trojan.Kryptik!umle8t4IeJc 20140404
AhnLab-V3 Win-Trojan/Patcher2.Gen 20140404
AntiVir TR/Dropper.Gen 20140405
Antiy-AVL Trojan[PSW]/Win32.Qbot 20140405
Avast Win32:Oficla-AF [Trj] 20140405
AVG Win32/Heri 20140405
Baidu-International Trojan.Win32.InfoStealer.aL 20140405
BitDefender Trojan.Generic.5044501 20140405
Bkav W32.FahuPTG.Trojan 20140405
CAT-QuickHeal Trojan.DroopTroop.A 20140405
ClamAV Trojan.Dropper-27476 20140405
CMC Generic.Win32.8820d159ae!CMCRadar 20140404
Commtouch W32/Bamital.D.gen!Eldorado 20140405
Comodo TrojWare.Win32.Bamital.EO 20140405
DrWeb Trojan.PWS.Panda.387 20140405
Emsisoft Trojan.Generic.5044501 (B) 20140405
ESET-NOD32 a variant of Win32/Kryptik.HJF 20140405
F-Prot W32/Bamital.D.gen!Eldorado 20140405
F-Secure Trojan.Generic.5044501 20140405
Fortinet W32/Krypt.D!tr.dldr 20140404
GData Trojan.Generic.5044501 20140405
Ikarus Trojan.Win32.Oficla 20140405
Jiangmin TrojanDropper.Drooptroop.bdu 20140405
K7AntiVirus Password-Stealer ( 001d0dcc1 ) 20140404
K7GW Password-Stealer ( 001d0dcc1 ) 20140404
Kaspersky Trojan-PSW.Win32.Qbot.aem 20140405
Kingsoft Win32.Troj.Drooptroop.(kcloud) 20140405
Malwarebytes Spyware.Passwords.XGen 20140405
McAfee PWS-Zbot.gen.by 20140405
McAfee-GW-Edition Heuristic.BehavesLike.Win32.Suspicious-BAY.K 20140405
Microsoft PWS:Win32/Zbot.gen!Y 20140405
eScan Trojan.Generic.5044501 20140405
NANO-Antivirus Trojan.Win32.Drooptroop.bpqxs 20140405
Norman Qakbot.CB 20140404
nProtect Trojan-Dropper/W32.Drooptroop.146432.B 20140404
Panda Bck/Qbot.AO 20140405
Qihoo-360 Win32/Trojan.PSW.d2a 20140405
Rising PE:Trojan.Win32.Generic.1252D13A!307417402 20140405
Sophos AV Mal/Oficla-A 20140405
SUPERAntiSpyware Trojan.Agent/Gen-Kryptik 20140405
Symantec Trojan.Bamital!gen1 20140405
TheHacker Trojan/Dropper.Drooptroop.gwt 20140404
TotalDefense Win32/Zbot.CYU 20140405
TrendMicro TROJ_FAKEAV.BMC 20140405
TrendMicro-HouseCall WORM_QAKBOT.SME1 20140405
VBA32 BScope.Trojan.Oficla 20140404
VIPRE Lookslike.Win32.Sirefef.p (v) 20140405
ViRobot Dropper.Drooptroop.146432 20140405
AegisLab 20140405
ByteHero 20140405
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
File version 8.9.6
Description (C) 53
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2010-10-18 13:05:30
Entry Point 0x000010C0
Number of sections 10
PE sections
PE imports
GetModuleHandleA
lstrcatA
VirtualProtect
HeapAlloc
CreateFileA
GetCommandLineA
GetProcAddress
GetProcessHeap
LoadIconA
Number of PE resources by type
RT_MANIFEST 1
RT_DIALOG 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 3
PE resources
ExifTool file metadata
SubsystemVersion
5.0

LinkerVersion
9.0

ImageVersion
0.0

FileVersionNumber
8.8.50.95

UninitializedDataSize
0

LanguageCode
Unknown (FFFF)

FileFlagsMask
0x0000

CharacterSet
ASCII

InitializedDataSize
141312

MIMEType
application/octet-stream

FileVersion
8.9.6

TimeStamp
2010:10:18 14:05:30+01:00

FileType
Win32 EXE

PEType
PE32

FileAccessDate
2014:04:05 12:33:54+01:00

ProductVersion
1.0.73

FileDescription
(C) 53

OSVersion
5.0

FileCreateDate
2014:04:05 12:33:54+01:00

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
3584

FileSubtype
0

ProductVersionNumber
5.6.9.0

EntryPoint
0x10c0

ObjectFileType
Unknown

File identification
MD5 8820d159ae7402f9bd5f5f669fce85e3
SHA1 d71a4a6811300a10b8b90f67bfd6c0e3e84be73e
SHA256 f058cc4d745dcb845f331511c6c10124acb92554f35cca54522d15fb115095e1
ssdeep
3072:R6efZGi8P9mkYFZtjVDvMd4Yr657lEYj0+3Y1110RzLc3iO:R6efZC8PjtjV7M7r5Yw+3c11gtO

imphash 61f919739c5c29d6102ba865dcf227e9
File size 143.0 KB ( 146432 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe

VirusTotal metadata
First submission 2010-10-19 11:07:05 UTC ( 8 years, 6 months ago )
Last submission 2014-04-05 11:33:03 UTC ( 5 years ago )
File names 8820d159ae7402f9bd5f5f669fce85e3
zvWq.reg
8820d159ae7402f9bd5f5f669fce85e3.exe
aa
AOJj7mC.xltx
Behaviour characterization
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!