× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: f05dbbb38c2bb92631a8b8be85e220d540c13e6d42a60b785473e41e78dbc6c5
File name: cd86a9495a49ae78d1a6cd5c55fce13c
Detection ratio: 27 / 43
Analysis date: 2011-10-26 16:11:34 UTC ( 7 years, 1 month ago )
Antivirus Result Update
AhnLab-V3 Win-Trojan/Downloader.67072.BZ 20111025
AntiVir TR/Spy.Gen 20111026
Avast Win32:Downloader-JBQ [Trj] 20111026
AVG BackDoor.Generic_r.UP 20111026
BitDefender Backdoor.Generic.691238 20111026
Comodo TrojWare.Win32.Agent.tmbl 20111026
DrWeb Trojan.DownLoader4.25511 20111026
Emsisoft Worm.Win32.Koobface!IK 20111026
eTrust-Vet Win32/Koobface.AJA 20111026
F-Secure Backdoor.Generic.691238 20111026
Fortinet W32/Spammer.K!tr 20111026
GData Backdoor.Generic.691238 20111026
Ikarus Worm.Win32.Koobface 20111026
K7AntiVirus NetWorm 20111025
Kaspersky Net-Worm.Win32.Koobface.jxk 20111026
McAfee Artemis!CD86A9495A49 20111026
McAfee-GW-Edition Artemis!CD86A9495A49 20111026
Microsoft Worm:Win32/Koobface.AV 20111026
NOD32 a variant of Win32/Spammer.Agent.K 20111026
Norman W32/Suspicious_Gen2.RMJMO 20111026
Panda Generic Malware 20111026
PCTools Downloader.Generic 20111026
Sophos AV Mal/Generic-L 20111026
Symantec Downloader 20111026
TheHacker Trojan/Spammer.Agent.k 20111026
VBA32 Worm.Koobface.1821 20111025
VIPRE Worm.Win32.Koobface.av (v) 20111026
Antiy-AVL 20111026
ByteHero 20110923
CAT-QuickHeal 20111026
ClamAV 20111026
Commtouch 20111026
eSafe 20111026
F-Prot 20111026
Jiangmin 20111026
nProtect 20111026
Prevx 20111026
Rising 20111026
SUPERAntiSpyware 20111026
TrendMicro 20111026
TrendMicro-HouseCall 20111026
ViRobot 20111026
VirusBuster 20111026
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
F-PROT UPX
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2011-07-29 09:36:08
Entry Point 0x0002CA90
Number of sections 3
PE sections
PE imports
RegOpenKeyExA
LoadLibraryA
GetProcAddress
VirtualProtect
VirtualAlloc
VirtualFree
ExitProcess
1 more function(s) imported by ordinal)
StrTrimA
ShowWindow
InternetGetConnectedState
1 more function(s) imported by ordinal)
CoInitialize
URLDownloadToFileA
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2011:07:29 11:36:08+02:00

FileType
Win32 EXE

PEType
PE32

CodeSize
65536

LinkerVersion
10.0

EntryPoint
0x2ca90

InitializedDataSize
4096

SubsystemVersion
5.1

ImageVersion
0.0

OSVersion
5.1

UninitializedDataSize
114688

File identification
MD5 cd86a9495a49ae78d1a6cd5c55fce13c
SHA1 50a9757b9387720718d161aa76b897ac8fd8d6ab
SHA256 f05dbbb38c2bb92631a8b8be85e220d540c13e6d42a60b785473e41e78dbc6c5
ssdeep
1536:2JPJFYtFKu+tCbFH6+7a1QdUDiwh3+IzmIUKc78A+e/BM+/:2JzoKhobFLWGd+pS+c78A+2Bv/

File size 65.3 KB ( 66872 bytes )
File type Win32 EXE
Magic literal

TrID UPX compressed Win32 Executable (39.5%)
Win32 EXE Yoda's Crypter (34.3%)
Win32 Executable Generic (11.0%)
Win32 Dynamic Link Library (generic) (9.8%)
Generic Win/DOS Executable (2.5%)
Tags
upx

VirusTotal metadata
First submission 2011-10-21 12:16:51 UTC ( 7 years, 1 month ago )
Last submission 2011-10-26 16:11:34 UTC ( 7 years, 1 month ago )
File names tumlike.1.exe
cd86a9495a49ae78d1a6cd5c55fce13c
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!