× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: f06867926bcff4641d1308acdb7fddf1b99f9babaca83bb72e811f1345f8904b
File name: 4626de911152ae7618c9936d8d258577.exe
Detection ratio: 47 / 55
Analysis date: 2016-01-02 21:58:33 UTC ( 4 months, 3 weeks ago )
Antivirus Result Update
AVG Vundo 20160102
AVware Trojan.Win32.Generic!BT 20160102
Ad-Aware Trojan.Generic.3191324 20151224
Yandex Adware.Vundo.Gen.20 20160101
AhnLab-V3 Dropper/MulDrop.208407 20160102
Antiy-AVL Trojan/Win32.Monder 20160102
Arcabit Trojan.Mezzia.CY 20160102
Avast Win32:Susn-AA [Trj] 20160102
Avira (no cloud) DR/Gadge.208 20160102
Baidu-International Trojan.Win32.Monder.gen 20160102
BitDefender Trojan.Generic.3191324 20160102
Bkav W32.CydoorL.Worm 20151231
CAT-QuickHeal AdWare.Virtumonde.edv.n4 (Not a Virus) 20160102
CMC Generic.Win32.2b9821a68d!MD 20151231
ClamAV Trojan.BHO-1325 20160102
Comodo Application.Win32.TrojanDropper.Monder.~RAR 20160102
Cyren W32/Trojan.CJUT-5785 20160101
DrWeb Trojan.Virtumod.based 20160102
ESET-NOD32 Win32/Adware.Virtumonde 20151231
Emsisoft Trojan.Generic.3191324 (B) 20160102
F-Prot W32/Trojan2.ADAW 20160102
F-Secure Trojan.Generic.3191324 20160101
Fortinet W32/BDoor.CVT!tr.bdr 20160102
GData Trojan.Generic.3191324 20160102
Ikarus Trojan.Win32.Monder 20151231
Jiangmin Trojan/BHO.blu 20160102
K7GW Adware ( 004bc5671 ) 20160102
Kaspersky Trojan.Win32.Monder.gen 20160102
Malwarebytes RiskWare.Tool.CK 20160102
McAfee Vundo!e 20160102
McAfee-GW-Edition Vundo!e 20160102
eScan Trojan.Generic.3191324 20160102
Microsoft Trojan:Win32/Vundo.gen!A 20160102
NANO-Antivirus Riskware.Win32.Virtumonde.vnnw 20160102
Panda Trj/CI.A 20160102
Rising PE:Malware.Generic(Thunder)!1.A1C4 [F] 20160102
SUPERAntiSpyware Trojan.Agent/Gen 20160102
Sophos Troj/Virtum-Gen 20160102
Symantec Trojan Horse 20160102
TotalDefense Win32/Harnig.FK 20160101
TrendMicro TSPY_ONLINEG.IPN 20160102
TrendMicro-HouseCall TSPY_ONLINEG.IPN 20160102
VBA32 Trojan-Dropper.Win32.Gen 20160102
VIPRE Trojan.Win32.Generic!BT 20160102
ViRobot Adware.Virtumonde.208407[h] 20160102
Zillya Trojan.BHO.Win32.3578 20151231
nProtect Trojan-Clicker/W32.Virtumonde.208407 20151231
ALYac 20160102
AegisLab 20160102
Alibaba 20151208
ByteHero 20160102
K7AntiVirus 20160102
Tencent 20160102
TheHacker 20151231
Zoner 20160102
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
Command RAR, RAR, PecBundle, PECompact, RAR
F-PROT appended, RAR
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2007-04-16 09:47:22
Entry Point 0x00001000
Number of sections 4
PE sections
Overlays
MD5 3bb22bec5b9cf374a824cc63fea7a076
File type application/x-rar
Offset 102912
Size 105495
Entropy 8.00
PE imports
LookupPrivilegeValueA
RegCloseKey
OpenProcessToken
RegSetValueExA
RegQueryValueExA
SetFileSecurityW
AdjustTokenPrivileges
RegCreateKeyExA
RegOpenKeyExA
SetFileSecurityA
GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError
DeleteObject
GetLastError
IsDBCSLeadByte
HeapFree
GetStdHandle
DosDateTimeToFileTime
ReadFile
FileTimeToSystemTime
lstrlenA
GetFileAttributesA
SystemTimeToFileTime
WaitForSingleObject
LoadLibraryA
FreeLibrary
FindNextFileA
ExitProcess
SetFileTime
GetVersionExA
GetFileAttributesW
GetModuleFileNameA
HeapAlloc
GetCurrentProcess
GetDateFormatA
FileTimeToLocalFileTime
GetLocaleInfoA
CreateDirectoryA
DeleteFileA
GetCurrentDirectoryA
MultiByteToWideChar
CreateDirectoryW
GetCommandLineA
GetProcAddress
GetProcessHeap
SetFileAttributesA
SetFilePointer
GetTempPathA
SetFileAttributesW
GetCPInfo
lstrcmpiA
GetModuleHandleA
FindNextFileW
WriteFile
FindFirstFileA
CloseHandle
GetTimeFormatA
DeleteFileW
FindFirstFileW
HeapReAlloc
MoveFileExA
ExpandEnvironmentStringsA
SetEnvironmentVariableA
GetFullPathNameA
MoveFileA
WideCharToMultiByte
GetNumberFormatA
CreateFileW
GlobalAlloc
LocalFileTimeToFileTime
FindClose
Sleep
GetFileType
SetEndOfFile
CreateFileA
GetTickCount
FindResourceA
SetCurrentDirectoryA
SetLastError
CompareStringA
CreateStreamOnHGlobal
CoCreateInstance
CLSIDFromString
OleInitialize
OleUninitialize
SHGetFileInfoA
ShellExecuteExA
SHChangeNotify
SHGetSpecialFolderLocation
SHBrowseForFolderA
SHGetPathFromIDListA
SHGetMalloc
SHFileOperationA
MapWindowPoints
GetMessageA
GetParent
UpdateWindow
EndDialog
SetFocus
DefWindowProcA
ShowWindow
LoadBitmapA
SetWindowPos
SendDlgItemMessageA
CharToOemBuffA
IsWindow
GetWindowRect
DispatchMessageA
EnableWindow
SetMenu
SetDlgItemTextA
PostMessageA
GetDlgItemTextA
MessageBoxA
PeekMessageA
SetWindowLongA
wvsprintfA
TranslateMessage
DialogBoxParamA
GetWindow
CharUpperA
GetSysColor
RegisterClassExA
SetWindowTextA
DestroyIcon
LoadStringA
wsprintfA
GetSystemMetrics
IsWindowVisible
SendMessageA
GetClientRect
GetDlgItem
OemToCharBuffA
OemToCharA
GetWindowLongA
FindWindowExA
CreateWindowExA
LoadCursorA
LoadIconA
CopyRect
WaitForInputIdle
GetClassNameA
GetWindowTextA
CharToOemA
DestroyWindow
Number of PE resources by type
RT_DIALOG 6
RT_STRING 4
RT_ICON 4
RT_RCDATA 1
RT_MANIFEST 1
RT_BITMAP 1
RT_GROUP_ICON 1
Number of PE resources by language
RUSSIAN 17
NEUTRAL 1
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2007:04:16 09:47:22+00:00

FileType
Win32 EXE

PEType
PE32

CodeSize
81920

LinkerVersion
5.0

FileTypeExtension
exe

InitializedDataSize
28672

SubsystemVersion
4.0

EntryPoint
0x1000

OSVersion
4.0

ImageVersion
0.0

UninitializedDataSize
0

Compressed bundles
File identification
MD5 4626de911152ae7618c9936d8d258577
SHA1 fd9bfdb7f52b626179503e92927dc6a3938beed2
SHA256 f06867926bcff4641d1308acdb7fddf1b99f9babaca83bb72e811f1345f8904b
ssdeep
3072:Z8U2yJN5f661xRZbALxB1Ojdgx8GYWHPuZp1xDITfzI3ybXnHPpMF0LJb0y:Z8U2qy6rRZb7jxGYWvsp3OI3oRMK10y

authentihash 25329295ea14ad1bf1a583c3f00b26fcebec19344877656c14654d59dcb210b7
imphash bc5ce990cf54f8d435a68eb97512f73e
File size 203.5 KB ( 208407 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID WinRAR Self Extracting archive (94.3%)
Windows screen saver (2.3%)
Win32 Dynamic Link Library (generic) (1.1%)
Win32 Executable (generic) (0.8%)
Win32 Executable Watcom C++ (generic) (0.4%)
Tags
peexe overlay

VirusTotal metadata
First submission 2008-01-30 09:54:54 UTC ( 8 years, 3 months ago )
Last submission 2016-01-02 21:58:33 UTC ( 4 months, 3 weeks ago )
File names 4626de911152ae7618c9936d8d258577.exe
4626DE911152AE7618C9936D8D258577
test (349).exe.dll
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: http://www.clamav.net/doc/pua.html .

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!