× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: f345d73846d37e135570a5e85243a6e125405a4b222ccde98a4593f2567f6117
File name: 0220E25955DD2C9EFA7A3C364FAFD6A8
Detection ratio: 39 / 43
Analysis date: 2011-08-14 14:02:25 UTC ( 7 years, 2 months ago )
Antivirus Result Update
AhnLab-V3 Dropper/Malware.562947 20110814
AntiVir DR/Agent.ghl.1 20110812
Antiy-AVL Trojan/Win32.Vapsup.gen 20110814
Avast Win32:Adload-LN [Trj] 20110814
Avast5 Win32:Adload-LN [Trj] 20110814
AVG Adload_r.CL 20110814
BitDefender Generic.Adw.Rotator.2D49FE5B 20110814
CAT-QuickHeal AdWare.AdRotator (Not a Virus) 20110813
ClamAV Adware.AdRotator-10 20110813
Commtouch W32/AdRotator.B.gen!Eldorado 20110813
Comodo TrojWare.Win32.Trojan.AdClicker.GR1 20110814
DrWeb Adware.Adrotate.12 20110814
Emsisoft AdWare.Win32.AdRotator!IK 20110814
eTrust-Vet Win32/Puper.UN 20110812
F-Prot W32/AdRotator.B.gen!Eldorado 20110813
F-Secure Generic.Adw.Rotator.2D49FE5B 20110814
GData Generic.Adw.Rotator.2D49FE5B 20110814
Ikarus AdWare.Win32.AdRotator 20110814
K7AntiVirus Adware 20110812
Kaspersky not-a-virus:AdWare.Win32.Agent.ghl 20110814
McAfee Generic PUP.x 20110814
McAfee-GW-Edition Generic PUP.x 20110814
Microsoft BrowserModifier:Win32/Fotomoto 20110814
NOD32 probably a variant of Win32/TrojanDownloader.Zlob.EJOSAJF 20110814
Norman W32/Agent.UTGQ 20110812
nProtect Generic.Adw.Rotator.2D49FE5B 20110814
Panda Adware/VapSup 20110814
PCTools Adware.Agent.GEN 20110814
Prevx Medium Risk Malware 20110814
Rising Trojan.Win32.Vapsup.evz 20110812
Sophos AV Mal/Clicker-A 20110814
Symantec Adware.Gen 20110814
TheHacker Trojan/Downloader.Zlob.tym 20110813
TrendMicro TROJ_ADCLICK.SMB 20110814
TrendMicro-HouseCall ADW_ADROTATORP 20110814
VBA32 AdWare.Win32.Agent.ghl 20110813
VIPRE Adware.Win32.AdRotator.gen (v) 20110814
ViRobot Adware.Agent.562947 20110814
VirusBuster Adware.Adrotator.Gen.2 20110814
eSafe 20110810
Fortinet 20110814
Jiangmin 20110813
SUPERAntiSpyware 20110813
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file.
PE header basic information
Number of sections 5
PE sections
PE imports
RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA
ImageList_AddMasked
ImageList_Destroy
ImageList_Create
1 more function(s) imported by ordinal)
SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject
CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
GetWindowsDirectoryA
SetFileTime
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetTempPathA
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation
EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA
CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance
File identification
MD5 0220e25955dd2c9efa7a3c364fafd6a8
SHA1 1fb2afcc1564318fd198d0c61c32e46b0b3744a3
SHA256 f345d73846d37e135570a5e85243a6e125405a4b222ccde98a4593f2567f6117
ssdeep
12288:YPcNk6pQGOU6dWmHI5wzmohe9tFpSn6Kf6Vn7vfEj1AbG:YP0jNiVmkenFI6aOnLfC1Aq

File size 549.8 KB ( 562947 bytes )
File type Win32 EXE
Magic literal

TrID Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
VirusTotal metadata
First submission 2008-10-31 19:52:06 UTC ( 9 years, 11 months ago )
Last submission 2011-08-14 14:02:25 UTC ( 7 years, 2 months ago )
File names aa
0220E25955DD2C9EFA7A3C364FAFD6A8
lCLrAr.wsf
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!