× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: f1a5707963a7e33a925111f09209a92b03732fa9292697b37e528ad941076a8d
File name: 942013.exe
Detection ratio: 39 / 48
Analysis date: 2013-09-25 08:44:11 UTC ( 6 months, 3 weeks ago )
Antivirus Result Update
AVG Generic34.BXAH 20130925
Agnitum Trojan.Inject!3hIhKoA+Tt0 20130924
AhnLab-V3 Trojan/Win32.Androm 20130925
AntiVir TR/Inject.gdhj 20130925
Antiy-AVL Trojan/Win32.Inject.gen 20130925
Avast Win32:Napolar-J [Cryp] 20130925
Baidu-International Trojan.Win32.Inject.gdhj 20130925
BitDefender Trojan.GenericKDV.1242585 20130925
Bkav HW32.CDB.Bdd2 20130925
CAT-QuickHeal Win32.Trojan-Dropper.Agent.airs.3.Pack 20130925
Commtouch W32/Trojan.KYBH-3024 20130925
Comodo UnclassifiedMalware 20130925
DrWeb Trojan.DownLoader10.13820 20130925
ESET-NOD32 Win32/Phorpiex.A 20130925
Emsisoft Worm.Win32.Phorpiex (A) 20130925
F-Secure Trojan.GenericKDV.1242585 20130925
Fortinet W32/Inject.A!tr 20130925
GData Trojan.GenericKDV.1242585 20130925
Ikarus Worm.Win32.Agent 20130925
K7AntiVirus Riskware 20130924
K7GW Riskware 20130924
Kaspersky Trojan.Win32.Inject.gdhj 20130925
Kingsoft Win32.Troj.Inject.gd.(kcloud) 20130829
Malwarebytes Trojan.Inject 20130925
McAfee RDN/Generic.dx!cq3 20130925
McAfee-GW-Edition RDN/Generic.dx!cq3 20130925
MicroWorld-eScan Trojan.GenericKDV.1242585 20130925
Microsoft Trojan:Win32/Napolar.A 20130925
NANO-Antivirus Trojan.Win32.Inject.cfysoa 20130925
Norman Inject.BEHY 20130925
Panda Trj/dtcontx.G 20130924
Sophos Mal/Generic-S 20130925
Symantec Downloader 20130925
TheHacker Trojan/Phorpiex.a 20130924
TrendMicro TROJ_GEN.R0CBC0DIG13 20130925
TrendMicro-HouseCall TROJ_GEN.R0CBC0DIG13 20130925
VBA32 Trojan.Inject 20130924
VIPRE Trojan.Win32.Generic!BT 20130925
ViRobot Trojan.Win32.S.Inject.164864.F 20130925
ByteHero 20130924
ClamAV 20130925
F-Prot 20130925
Jiangmin 20130903
PCTools 20130925
Rising 20130925
SUPERAntiSpyware 20130925
TotalDefense 20130924
nProtect 20130925
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1992-06-19 22:22:17
Entry Point 0x000848D0
Number of sections 3
PE sections
PE imports
VirtualFree
ExitProcess
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
RegCloseKey
SysFreeString
GetCursor
Number of PE resources by type
RT_STRING 5
RT_BITMAP 2
Number of PE resources by language
NEUTRAL 5
ENGLISH US 2
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
1992:06:19 23:22:17+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
163840

LinkerVersion
2.25

EntryPoint
0x848d0

InitializedDataSize
4096

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
376832

Compressed bundles
File identification
MD5 61fd4c9405e168557ab279c86131634b
SHA1 6efb93f9cb415c9ff6eb3f7f918b1516a522f7bf
SHA256 f1a5707963a7e33a925111f09209a92b03732fa9292697b37e528ad941076a8d
ssdeep
3072:eqy7uceRu8Vv4MojyoH5UIBtyPR2FOdxWNie0h/qabblZ/Vicx:ePCceF54MoeS5UIjqa0h/p3lZw

File size 161.0 KB ( 164864 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID UPX compressed Win32 Executable (41.1%)
Win32 EXE Yoda's Crypter (35.7%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Win16/32 Executable Delphi generic (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2013-09-06 04:38:29 UTC ( 7 months, 2 weeks ago )
Last submission 2013-09-14 02:09:59 UTC ( 7 months, 1 week ago )
File names output.14808287.txt
malekal_61fd4c9405e168557ab279c86131634b
f1a5707963a7e33a925111f09209a92b03732fa9292697b37e528ad941076a8d
6EFB93F9CB415C9FF6EB3F7F918B1516A522F7BF.exe
942013.exe
14808287
blob
Advanced heuristic and reputation engines
ClamAV PUA
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: http://www.clamav.net/index.php?s=pua&lang=en .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Created processes
Opened mutexes
Runtime DLLs
UDP communications