× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: f52bfac9637aea189ec918d05113c36f5bcf580f3c0de8a934fe3438107d3f0c
File name: contagio_f52bfac9637aea189ec918d05113c36f5bcf580f3c0de8a934fe3438...
Detection ratio: 51 / 57
Analysis date: 2015-02-18 10:06:37 UTC ( 1 month, 1 week ago )
Antivirus Result Update
ALYac Trojan.Generic.KD.504269 20150218
AVG Generic27.MBL 20150218
AVware Trojan.Win32.Generic!BT 20150218
Ad-Aware Trojan.Generic.KD.504269 20150218
Agnitum Trojan.Lebag!yEp9NXlqXHc 20150218
AhnLab-V3 Trojan/Win32.Lebag 20150218
Antiy-AVL Trojan[:HEUR]/Win32.Unknown 20150218
Avast Win32:Trojan-gen 20150218
Avira TR/Offend.KD.504269 20150218
Baidu-International Trojan.Win32.Lebag.awIH 20150218
BitDefender Trojan.Generic.KD.504269 20150218
Bkav W32.UserinitJyngs.Trojan 20150213
CAT-QuickHeal Trojan.Lebag.rw3 20150218
CMC Packed.Win32.Katusha.3!O 20150214
Comodo TrojWare.Win32.Remex.bfja 20150218
Cyren W32/Downloader.QKMX-8258 20150218
DrWeb Trojan.Rmnet.8 20150218
ESET-NOD32 Win32/Ramnit.A 20150218
Emsisoft Trojan.Generic.KD.504269 (B) 20150218
F-Prot W32/Downldr2.IXID 20150218
F-Secure Trojan.Generic.KD.504269 20150218
Fortinet W32/Lebag.A!tr 20150218
GData Trojan.Generic.KD.504269 20150218
Ikarus Trojan.Win32.Lebag 20150218
Jiangmin Trojan/Gamarue.bx 20150216
K7AntiVirus Riskware ( 0015e4f01 ) 20150218
K7GW Riskware ( 0015e4f01 ) 20150218
Kaspersky Trojan.Win32.Lebag.klg 20150218
Kingsoft Win32.Troj.DeepScan.x.(kcloud) 20150218
Malwarebytes Trojan.Downloader 20150218
McAfee Generic.il 20150218
McAfee-GW-Edition BehavesLike.Win32.VBObfus.cc 20150218
MicroWorld-eScan Trojan.Generic.KD.504269 20150218
Microsoft Trojan:Win32/Ramnit.A 20150218
NANO-Antivirus Trojan.Win32.Lebag.bbuhut 20150218
Norman Kryptik.BDX 20150218
Qihoo-360 Malware.Radar01.Gen 20150218
Rising PE:Trojan.Win32.Generic.12AF6823!313485347 20150218
SUPERAntiSpyware Trojan.Agent/Gen-Faker[desc] 20150218
Sophos Mal/ZboCheMan-F 20150218
Symantec Trojan Horse 20150218
Tencent Win32.Virus.Ramnit.Wmjb 20150218
TheHacker Trojan/Lebag.klg 20150218
TotalDefense Win32/Dofoil.A!generic 20150218
TrendMicro TSPY_SINOWAL.WC 20150218
TrendMicro-HouseCall TSPY_SINOWAL.WC 20150218
VBA32 BScope.Trojan.Ramnit.5112 20150218
VIPRE Trojan.Win32.Generic!BT 20150218
ViRobot Worm.Win32.Agent.135680.A[h] 20150218
Zillya Trojan.Lebag.Win32.1600 20150218
nProtect Trojan/W32.Agent.135680.LI 20150218
AegisLab 20150218
Alibaba 20150218
ByteHero 20150218
ClamAV 20150218
Panda 20150218
Zoner 20150218
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
F-PROT UPX
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2006-11-19 02:49:33
Link date 3:49 AM 11/19/2006
Entry Point 0x0003EBD0
Number of sections 3
PE sections
PE imports
InitCommonControls
VirtualFree
ExitProcess
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
StrCmpW
Number of PE resources by type
RT_STRING 15
RT_MENU 8
RT_DIALOG 4
RT_ICON 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 30
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
5.2

ImageVersion
10.3

FileSubtype
0

FileVersionNumber
2.6.0.0

UninitializedDataSize
122880

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
4096

FileOS
Windows NT 32-bit

MIMEType
application/octet-stream

LegalCopyright
Desk Koala Yam Sown 1998-2007

FileVersion
2.6

TimeStamp
2006:11:19 03:49:33+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Suzy Leaf Pearl

ProductVersion
2.6

FileDescription
Teak Quill Chloe

OSVersion
7.0

OriginalFilename
Aha.exe

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Bitrix

CodeSize
131072

ProductName
Dave Cloud Stormy

ProductVersionNumber
2.6.0.0

EntryPoint
0x3ebd0

ObjectFileType
Executable application

Execution parents
Compressed bundles
PCAP parents
File identification
MD5 607b2219fbcfbfe8e6ac9d7f3fb8d50e
SHA1 a7771cd3b99f7201b331323f03e2d596778b610e
SHA256 f52bfac9637aea189ec918d05113c36f5bcf580f3c0de8a934fe3438107d3f0c
ssdeep
3072:ZxmzLvbo87oUaVkvCZggzDkZs+2byXBA8tNo99yEYZ5:ZEvbo7UaW6VDkA6tO+EY

authentihash 66643889a150eb82534302f85da36c62df00be14d61fe726a309ce946f87abfd
imphash 4b9ed7e1a2254f9e1d3fd2d12ac14b7e
File size 132.5 KB ( 135680 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID UPX compressed Win32 Executable (42.3%)
Win32 EXE Yoda's Crypter (36.7%)
Win32 Dynamic Link Library (generic) (9.1%)
Win32 Executable (generic) (6.2%)
Generic Win/DOS Executable (2.7%)
Tags
peexe upx

VirusTotal metadata
First submission 2012-01-05 11:31:37 UTC ( 3 years, 2 months ago )
Last submission 2015-02-18 10:06:37 UTC ( 1 month, 1 week ago )
File names Ramnit_607B2219FBCFBFE8E6AC9D7F3FB8D50E.exe
a7771cd3b99f7201b331323f03e2d596778b610e.bin
file
2848 16.01.2012 06.52.08.290
info.exe
1164594
94f6dd4.exe
6247f8d.exe
607B2219FBCFBFE8E6AC9D7F3FB8D50E_Ramnit
nhptugtstukgwpyi.exe
607b2219fbcfbfe8e6ac9d7f3fb8d50e
18295.malware
134-128-2
contagio_f52bfac9637aea189ec918d05113c36f5bcf580f3c0de8a934fe3438107d3f0c
607B2219FBCFBFE8E6AC9D7F3FB8D50E_Ramnit
Ramnit_607B2219FBCFBFE8E6AC9D7F3FB8D50E
vcryserj.exe
Aha.exe
16
607b2219fbcfbfe8e6ac9d7f3fb8d5e
Ramnit_607B2219FBCFBFE8E6AC9D7F3FB8D50E
ducdmddvaeixegyi.exe
file-3373219_exe
lpeihbfb.exe
f52bfac9637aea189ec918d05113c36f5bcf580f3c0de8a934fe3438107d3f0c.bin
Advanced heuristic and reputation engines
ClamAV PUA
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: http://www.clamav.net/doc/pua.html .

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!