× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: f52bfac9637aea189ec918d05113c36f5bcf580f3c0de8a934fe3438107d3f0c
File name: lpeihbfb.exe
Detection ratio: 47 / 51
Analysis date: 2014-04-13 17:15:14 UTC ( 5 days, 11 hours ago )
Antivirus Result Update
AVG Generic27.MBL 20140412
Ad-Aware Trojan.Generic.KD.504269 20140413
Agnitum Trojan.Lebag!yEp9NXlqXHc 20140412
AhnLab-V3 Trojan/Win32.Lebag 20140412
AntiVir TR/Offend.KD.504269 20140413
Avast Win32:Trojan-gen 20140413
Baidu-International Trojan.Win32.Lebag.AXwz 20140413
BitDefender Trojan.Generic.KD.504269 20140413
Bkav W32.UserinitJyngs.Trojan 20140412
CAT-QuickHeal Trojan.Lebag.klg.cw3 20140413
CMC Packed.Win32.Katusha.3!O 20140411
Commtouch W32/Downloader.QKMX-8258 20140413
Comodo TrojWare.Win32.Remex.bfja 20140413
DrWeb Trojan.Rmnet.8 20140413
ESET-NOD32 Win32/Ramnit.A 20140413
Emsisoft Trojan.Generic.KD.504269 (B) 20140413
F-Prot W32/Downldr2.IXID 20140413
F-Secure Trojan.Generic.KD.504269 20140413
Fortinet W32/Lebag.A!tr 20140413
GData Trojan.Generic.KD.504269 20140413
Ikarus Trojan.Win32.Lebag 20140413
Jiangmin Trojan/Gamarue.bx 20140413
K7AntiVirus Riskware ( 0015e4f01 ) 20140411
K7GW Riskware ( 0015e4f01 ) 20140411
Kaspersky Trojan.Win32.Lebag.klg 20140413
Kingsoft Win32.Troj.DeepScan.x.(kcloud) 20140413
Malwarebytes Trojan.Downloader 20140413
McAfee Generic.il 20140413
McAfee-GW-Edition Generic.il 20140413
MicroWorld-eScan Trojan.Generic.KD.504269 20140413
Microsoft Trojan:Win32/Ramnit.A 20140413
NANO-Antivirus Trojan.Win32.Lebag.bbuhut 20140413
Norman Kryptik.BDX 20140412
Panda Trj/Agent.NOK 20140413
Qihoo-360 Win32/Trojan.f6d 20140413
Rising PE:Trojan.Win32.Generic.12AF6823!313485347 20140412
SUPERAntiSpyware Trojan.Agent/Gen-Faker[desc] 20140413
Sophos Mal/ZboCheMan-F 20140413
Symantec Trojan Horse 20140413
TheHacker Trojan/Lebag.klg 20140411
TotalDefense Win32/Dofoil.A!generic 20140413
TrendMicro TSPY_SINOWAL.WC 20140413
TrendMicro-HouseCall TSPY_SINOWAL.WC 20140413
VBA32 BScope.Trojan.Ramnit.5112 20140411
VIPRE Trojan.Win32.Generic!BT 20140413
ViRobot Worm.Win32.Agent.135680.A 20140412
nProtect Trojan/W32.Agent.135680.LI 20140413
AegisLab 20140413
Antiy-AVL 20140413
ByteHero 20140413
ClamAV 20140413
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
F-PROT UPX
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2006-11-19 02:49:33
Link date 3:49 AM 11/19/2006
Entry Point 0x0003EBD0
Number of sections 3
PE sections
PE imports
InitCommonControls
VirtualFree
ExitProcess
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
StrCmpW
Number of PE resources by type
RT_STRING 15
RT_MENU 8
RT_DIALOG 4
RT_ICON 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 30
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
5.2

ImageVersion
10.3

FileSubtype
0

FileVersionNumber
2.6.0.0

UninitializedDataSize
122880

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
4096

FileOS
Windows NT 32-bit

MIMEType
application/octet-stream

LegalCopyright
Desk Koala Yam Sown 1998-2007

FileVersion
2.6

TimeStamp
2006:11:19 03:49:33+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Suzy Leaf Pearl

FileAccessDate
2014:04:13 18:15:15+01:00

ProductVersion
2.6

FileDescription
Teak Quill Chloe

OSVersion
7.0

FileCreateDate
2014:04:13 18:15:15+01:00

OriginalFilename
Aha.exe

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Bitrix

CodeSize
131072

ProductName
Dave Cloud Stormy

ProductVersionNumber
2.6.0.0

EntryPoint
0x3ebd0

ObjectFileType
Executable application

Compressed bundles
PCAP parents
File identification
MD5 607b2219fbcfbfe8e6ac9d7f3fb8d50e
SHA1 a7771cd3b99f7201b331323f03e2d596778b610e
SHA256 f52bfac9637aea189ec918d05113c36f5bcf580f3c0de8a934fe3438107d3f0c
ssdeep
3072:ZxmzLvbo87oUaVkvCZggzDkZs+2byXBA8tNo99yEYZ5:ZEvbo7UaW6VDkA6tO+EY

imphash 4b9ed7e1a2254f9e1d3fd2d12ac14b7e
File size 132.5 KB ( 135680 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID UPX compressed Win32 Executable (42.3%)
Win32 EXE Yoda's Crypter (36.7%)
Win32 Dynamic Link Library (generic) (9.1%)
Win32 Executable (generic) (6.2%)
Generic Win/DOS Executable (2.7%)
Tags
peexe upx

VirusTotal metadata
First submission 2012-01-05 11:31:37 UTC ( 2 years, 3 months ago )
Last submission 2014-04-13 17:15:14 UTC ( 5 days, 11 hours ago )
File names Ramnit_607B2219FBCFBFE8E6AC9D7F3FB8D50E.exe
a7771cd3b99f7201b331323f03e2d596778b610e.bin
file
2848 16.01.2012 06.52.08.290
info.exe
1164594
94f6dd4.exe
6247f8d.exe
607B2219FBCFBFE8E6AC9D7F3FB8D50E_Ramnit
nhptugtstukgwpyi.exe
607b2219fbcfbfe8e6ac9d7f3fb8d50e
18295.malware
134-128-2
607B2219FBCFBFE8E6AC9D7F3FB8D50E_Ramnit
Ramnit_607B2219FBCFBFE8E6AC9D7F3FB8D50E
vcryserj.exe
Aha.exe
16
607b2219fbcfbfe8e6ac9d7f3fb8d5e
Ramnit_607B2219FBCFBFE8E6AC9D7F3FB8D50E
ducdmddvaeixegyi.exe
file-3373219_exe
lpeihbfb.exe
f52bfac9637aea189ec918d05113c36f5bcf580f3c0de8a934fe3438107d3f0c.bin
607b2219fbcfbfe8e6ac9d7f3fb8d50e.exe
Advanced heuristic and reputation engines
ClamAV PUA
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: http://www.clamav.net/index.php?s=pua&lang=en .

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!