× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: f385776f9563f839cce8d163923545e5393d76944b3c6f3ccf2ea49f51d09123
File name: 10e.exe
Detection ratio: 50 / 56
Analysis date: 2016-03-01 17:33:59 UTC ( 2 years, 11 months ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Trojan.Heur.LmNfrr0IRjpib 20160301
AegisLab Troj.Downloader.W32.Agent.ewxm!c 20160301
Yandex Worm.Autoit.SR 20160228
AhnLab-V3 HEUR/Fakon.mwf 20160301
Antiy-AVL Worm[IM]/Win32.Sohanad.rg 20160301
Arcabit Trojan.Heur.LmNfrr0IRjpib 20160301
Avast HTML:Malware-gen 20160301
AVG Dropper.Generic3.XJQ 20160301
Avira (no cloud) TR/Dropper.Gen 20160301
AVware Trojan.Win32.AutoIT.gen (v) 20160301
Baidu-International Worm.Win32.AutoIt.agm 20160301
BitDefender Gen:Trojan.Heur.LmNfrr0IRjpib 20160301
ClamAV Win.Trojan.Autoit-1002 20160301
CMC Trojan-Downloader.Win32.Agent!O 20160301
Comodo TrojWare.Win32.Downloader.Agent.ewxm 20160301
Cyren W32/Trojan.MASJ-0546 20160301
DrWeb Trojan.Starter.1014 20160301
Emsisoft Gen:Trojan.Heur.LmNfrr0IRjpib (B) 20160229
ESET-NOD32 Win32/Autoit.GP 20160301
F-Prot W32/Trojan2.MFAR 20160301
F-Secure Gen:Trojan.Heur.LmNfrr0IRjpib 20160301
GData Gen:Trojan.Heur.LmNfrr0IRjpib 20160301
Ikarus Worm.Win32.Sohanad 20160301
Jiangmin Worm/AutoRun.sfx 20160301
K7AntiVirus Trojan ( 000720041 ) 20160301
K7GW Trojan ( 000720041 ) 20160301
Kaspersky Worm.Win32.AutoIt.agm 20160301
Malwarebytes Worm.Agent.LSA 20160301
McAfee W32/YahLover.worm.gen 20160301
McAfee-GW-Edition BehavesLike.Win32.Yahlover.jc 20160301
Microsoft Worm:Win32/Helompy!rfn 20160229
eScan Gen:Trojan.Heur.LmNfrr0IRjpib 20160301
NANO-Antivirus Trojan.Win32.Napad.ijfyd 20160301
nProtect Trojan-Spy/W32.KeyLogger_Packed.621301.B 20160229
Panda W32/Harakit.DD 20160229
Qihoo-360 Malware.Radar01.Gen 20160301
Rising PE:Worm.VobfusEx!1.99DF [F] 20160301
Sophos AV W32/AutoRun-BUC 20160301
SUPERAntiSpyware Trojan.Agent/Gen-Helompy 20160301
Symantec W32.Imaut 20160229
Tencent Win32.Worm.Autoit.Pegg 20160301
TheHacker Trojan/Autoit.wy 20160227
TotalDefense Win32/Yahlover.PV 20160301
TrendMicro Mal_OtorunN 20160301
TrendMicro-HouseCall Mal_OtorunN 20160301
VBA32 Trojan-Downloader.Autoit.gen 20160301
VIPRE Trojan.Win32.AutoIT.gen (v) 20160301
ViRobot Trojan.Win32.A.Starter.228692.A[UPX][h] 20160301
Zillya Worm.Autoit.Win32.1 20160301
Zoner I-Worm.Autoit.GP 20160301
Alibaba 20160301
ALYac 20160301
Bkav 20160301
ByteHero 20160301
CAT-QuickHeal 20160301
Fortinet 20160301
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
File version 0.0.0.0
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2007-07-11 08:21:32
Entry Point 0x0009B110
Number of sections 3
PE sections
Overlays
MD5 2a5c95742e3553dc0b814575cbfe5c5e
File type data
Offset 282112
Size 339189
Entropy 7.07
PE imports
RegCloseKey
ImageList_Remove
LineTo
VirtualFree
ExitProcess
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
WNetUseConnectionW
GetActiveObject
DragFinish
VerQueryValueW
timeGetTime
GetSaveFileNameW
CoInitialize
Number of PE resources by type
RT_ICON 15
RT_STRING 6
RT_GROUP_ICON 3
RT_DIALOG 1
RT_MANIFEST 1
RT_MENU 1
RT_VERSION 1
Number of PE resources by language
ENGLISH UK 28
PE resources
ExifTool file metadata
UninitializedDataSize
434176

InitializedDataSize
286720

ImageVersion
0.0

FileVersionNumber
0.0.0.0

LanguageCode
English (British)

FileFlagsMask
0x0000

CharacterSet
Unicode

LinkerVersion
7.1

FileTypeExtension
exe

MIMEType
application/octet-stream

FileVersion
0.0.0.0

TimeStamp
2007:07:11 09:21:32+01:00

FileType
Win32 EXE

PEType
PE32

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
0

FileSubtype
0

ProductVersionNumber
3.0.0.0

EntryPoint
0x9b110

ObjectFileType
Unknown

File identification
MD5 46ba5ce494d8b7b94ec7af81cc0f4d04
SHA1 c139c377844f8c75d47134cbf5b7c4c390fa65a4
SHA256 f385776f9563f839cce8d163923545e5393d76944b3c6f3ccf2ea49f51d09123
ssdeep
12288:vM5DSN6aAH0XNp7gGpWa7U8oico9hJMBex+gQL05:vM5D18NpEGZNVlxnF5

authentihash 0572c7df65633ab2e60aca45024d21709a4b761eacc80a826369dea3af672a5f
imphash fd50eeaa7137498c4740b429b41a482e
File size 606.7 KB ( 621301 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID UPX compressed Win32 Executable (43.5%)
Win32 EXE Yoda's Crypter (42.7%)
Win32 Executable (generic) (7.2%)
Generic Win/DOS Executable (3.2%)
DOS Executable Generic (3.2%)
Tags
peexe overlay

VirusTotal metadata
First submission 2010-02-26 10:54:04 UTC ( 8 years, 12 months ago )
Last submission 2017-07-15 13:35:56 UTC ( 1 year, 7 months ago )
File names kokookk.exe
lsass.exe
46ba5ce494d8b7b94ec7af81cc0f4d04
101MSDCF.exe
filename
appdata.exe
10e.exe
lsass.exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

TrendMicro-HouseCall
TrendMicro's heuristic engine has flagged this file as: Suspicious_GEN.F47V0808.

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!