× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: f06867926bcff4641d1308acdb7fddf1b99f9babaca83bb72e811f1345f8904b
File name: 4626de911152ae7618c9936d8d258577.exe
Detection ratio: 45 / 50
Analysis date: 2014-02-28 22:54:06 UTC ( 1 month, 2 weeks ago )
Antivirus Result Update
AVG Dialer.28.AV 20140228
Ad-Aware Trojan.Generic.3191324 20140301
Agnitum Adware.Vundo.Gen.20 20140228
AhnLab-V3 Dropper/MulDrop.208407 20140228
AntiVir DR/Gadge.208 20140301
Antiy-AVL Trojan[Downloader]/Win32.Murlo 20140228
Avast Win32:Susn-AA [Trj] 20140301
Baidu-International Trojan.Win32.Monder.AEwF 20140228
BitDefender Trojan.Generic.3191324 20140301
Bkav W32.CydoorL.Worm 20140228
CAT-QuickHeal AdWare.Virtumonde.edv.n4 (Not a Virus) 20140228
CMC Generic.Win32.2b9821a68d!MD 20140228
Commtouch W32/Trojan.CJUT-5785 20140301
DrWeb Trojan.Packed.155 20140301
ESET-NOD32 Win32/Adware.Virtumonde 20140228
Emsisoft Trojan.Generic.3191324 (B) 20140301
F-Prot W32/Trojan2.ADAW 20140301
F-Secure Trojan.Generic.3191324 20140301
Fortinet W32/BDoor.CVT!tr.bdr 20140228
GData Trojan.Generic.3191324 20140228
Ikarus Trojan-Downloader.Win32.Small 20140228
Jiangmin Trojan/BHO.bki 20140228
K7GW Adware ( 0001207e1 ) 20140228
Kaspersky Trojan.Win32.Monder.gen 20140228
Kingsoft Win32.Troj.Undef.(kcloud) 20140301
Malwarebytes Trojan.Downloader 20140228
McAfee Vundo!e 20140301
McAfee-GW-Edition Heuristic.BehavesLike.Win32.Suspicious-PKR.G 20140228
MicroWorld-eScan Trojan.Generic.3191324 20140301
Microsoft Trojan:Win32/Vundo.gen!A 20140301
NANO-Antivirus Riskware.Win32.Virtumonde.vnnw 20140228
Norman Vundo.gen91 20140228
Panda Spyware/Virtumonde 20140228
Qihoo-360 Win32/Trojan.Downloader.b34 20140301
Rising PE:Adware.Vundo!1.9827 20140228
SUPERAntiSpyware Trojan.Agent/Gen 20140301
Sophos Troj/Virtum-Gen 20140301
Symantec Trojan.Vundo 20140301
TotalDefense Win32/Harnig.FK 20140228
TrendMicro TSPY_ONLINEG.IPN 20140228
TrendMicro-HouseCall TSPY_ONLINEG.IPN 20140301
VBA32 Trojan-Dropper.Win32.Gen 20140228
VIPRE Trojan.Win32.Generic!BT 20140228
ViRobot Adware.Virtumonde.208407 20140228
nProtect Trojan-Clicker/W32.Virtumonde.208407 20140228
ByteHero 20140301
ClamAV 20140228
Comodo 20140228
K7AntiVirus 20140228
TheHacker 20140228
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
Command RAR, RAR, PecBundle, PECompact, RAR
F-PROT RAR, RAR, RAR, RAR, RAR, RAR, appended, RAR, RAR, RAR
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2007-04-16 09:47:22
Link date 10:47 AM 4/16/2007
Entry Point 0x00001000
Number of sections 4
PE sections
PE imports
LookupPrivilegeValueA
RegCloseKey
OpenProcessToken
RegSetValueExA
RegQueryValueExA
SetFileSecurityW
AdjustTokenPrivileges
RegCreateKeyExA
RegOpenKeyExA
SetFileSecurityA
GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError
DeleteObject
GetLastError
IsDBCSLeadByte
HeapFree
GetStdHandle
DosDateTimeToFileTime
ReadFile
FileTimeToSystemTime
lstrlenA
GetFileAttributesA
SystemTimeToFileTime
WaitForSingleObject
LoadLibraryA
FreeLibrary
FindNextFileA
ExitProcess
SetFileTime
GetVersionExA
GetFileAttributesW
GetModuleFileNameA
HeapAlloc
GetCurrentProcess
GetDateFormatA
FileTimeToLocalFileTime
GetLocaleInfoA
CreateDirectoryA
DeleteFileA
GetCurrentDirectoryA
MultiByteToWideChar
CreateDirectoryW
GetCommandLineA
GetProcAddress
GetProcessHeap
SetFileAttributesA
SetFilePointer
GetTempPathA
SetFileAttributesW
GetCPInfo
lstrcmpiA
GetModuleHandleA
FindNextFileW
WriteFile
FindFirstFileA
CloseHandle
GetTimeFormatA
DeleteFileW
FindFirstFileW
HeapReAlloc
MoveFileExA
ExpandEnvironmentStringsA
SetEnvironmentVariableA
GetFullPathNameA
MoveFileA
WideCharToMultiByte
GetNumberFormatA
CreateFileW
GlobalAlloc
LocalFileTimeToFileTime
FindClose
Sleep
GetFileType
SetEndOfFile
CreateFileA
GetTickCount
FindResourceA
SetCurrentDirectoryA
SetLastError
CompareStringA
CreateStreamOnHGlobal
CoCreateInstance
CLSIDFromString
OleInitialize
OleUninitialize
SHGetFileInfoA
ShellExecuteExA
SHChangeNotify
SHGetSpecialFolderLocation
SHBrowseForFolderA
SHGetPathFromIDListA
SHGetMalloc
SHFileOperationA
MapWindowPoints
GetMessageA
GetParent
UpdateWindow
EndDialog
SetFocus
DefWindowProcA
ShowWindow
LoadBitmapA
SetWindowPos
SendDlgItemMessageA
CharToOemBuffA
IsWindow
GetWindowRect
DispatchMessageA
EnableWindow
SetMenu
SetDlgItemTextA
PostMessageA
GetDlgItemTextA
MessageBoxA
PeekMessageA
SetWindowLongA
wvsprintfA
TranslateMessage
DialogBoxParamA
GetWindow
CharUpperA
GetSysColor
RegisterClassExA
SetWindowTextA
DestroyIcon
LoadStringA
wsprintfA
GetSystemMetrics
IsWindowVisible
SendMessageA
GetClientRect
GetDlgItem
OemToCharBuffA
OemToCharA
GetWindowLongA
FindWindowExA
CreateWindowExA
LoadCursorA
LoadIconA
CopyRect
WaitForInputIdle
GetClassNameA
GetWindowTextA
CharToOemA
DestroyWindow
Number of PE resources by type
RT_DIALOG 6
RT_STRING 4
RT_ICON 4
RT_RCDATA 1
RT_MANIFEST 1
RT_BITMAP 1
RT_GROUP_ICON 1
Number of PE resources by language
RUSSIAN 17
NEUTRAL 1
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2007:04:16 10:47:22+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
81920

LinkerVersion
5.0

FileAccessDate
2014:03:01 01:14:39+01:00

EntryPoint
0x1000

InitializedDataSize
28672

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

FileCreateDate
2014:03:01 01:14:39+01:00

UninitializedDataSize
0

File identification
MD5 4626de911152ae7618c9936d8d258577
SHA1 fd9bfdb7f52b626179503e92927dc6a3938beed2
SHA256 f06867926bcff4641d1308acdb7fddf1b99f9babaca83bb72e811f1345f8904b
ssdeep
3072:Z8U2yJN5f661xRZbALxB1Ojdgx8GYWHPuZp1xDITfzI3ybXnHPpMF0LJb0y:Z8U2qy6rRZb7jxGYWvsp3OI3oRMK10y

imphash bc5ce990cf54f8d435a68eb97512f73e
File size 203.5 KB ( 208407 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID WinRAR Self Extracting archive (94.3%)
Windows Screen Saver (2.3%)
Win32 Dynamic Link Library (generic) (1.1%)
Win32 Executable (generic) (0.8%)
Win32 Executable Watcom C++ (generic) (0.4%)
Tags
peexe

VirusTotal metadata
First submission 2008-01-30 09:54:54 UTC ( 6 years, 2 months ago )
Last submission 2014-02-28 22:54:06 UTC ( 1 month, 2 weeks ago )
File names 4626de911152ae7618c9936d8d258577.exe
4626DE911152AE7618C9936D8D258577
test (349).exe.dll
Advanced heuristic and reputation engines
ClamAV PUA
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: http://www.clamav.net/index.php?s=pua&lang=en .

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!