× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: f52bfac9637aea189ec918d05113c36f5bcf580f3c0de8a934fe3438107d3f0c
File name: scan001.pdf.exe
Detection ratio: 52 / 57
Analysis date: 2015-04-23 15:07:53 UTC ( 4 days, 9 hours ago )
Antivirus Result Update
ALYac Trojan.Generic.KD.504269 20150423
AVG Generic27.MBL 20150423
AVware Trojan.Win32.Generic!BT 20150423
Ad-Aware Trojan.Generic.KD.504269 20150423
Agnitum Trojan.Lebag!yEp9NXlqXHc 20150423
AhnLab-V3 Trojan/Win32.Lebag 20150423
Antiy-AVL Trojan[:HEUR]/Win32.Unknown 20150423
Avast Win32:Trojan-gen 20150423
Avira TR/Offend.KD.504269 20150423
Baidu-International Trojan.Win32.Lebag.klg 20150421
BitDefender Trojan.Generic.KD.504269 20150423
Bkav W32.UserinitJyngs.Trojan 20150423
CAT-QuickHeal Trojan.Lebag.rw3 20150423
CMC Packed.Win32.Katusha.3!O 20150423
Comodo TrojWare.Win32.Remex.bfja 20150423
Cyren W32/Downloader.QKMX-8258 20150423
DrWeb Trojan.Rmnet.8 20150423
ESET-NOD32 Win32/Ramnit.A 20150423
Emsisoft Trojan.Generic.KD.504269 (B) 20150423
F-Prot W32/Downldr2.IXID 20150423
F-Secure Trojan.Generic.KD.504269 20150423
Fortinet W32/Lebag.A!tr 20150423
GData Trojan.Generic.KD.504269 20150423
Ikarus Trojan.Win32.Lebag 20150423
Jiangmin Trojan/Gamarue.bx 20150422
K7AntiVirus Riskware ( 0015e4f01 ) 20150423
K7GW Riskware ( 0015e4f01 ) 20150423
Kaspersky Trojan.Win32.Lebag.klg 20150423
Kingsoft Win32.Troj.DeepScan.x.(kcloud) 20150423
Malwarebytes Trojan.Downloader 20150423
McAfee Generic.il 20150423
McAfee-GW-Edition Generic.il 20150422
MicroWorld-eScan Trojan.Generic.KD.504269 20150423
Microsoft Trojan:Win32/Ramnit.A 20150423
NANO-Antivirus Trojan.Win32.Lebag.bbuhut 20150423
Norman Kryptik.BDX 20150423
Panda Trj/Agent.NOK 20150423
Qihoo-360 Malware.Radar01.Gen 20150423
Rising PE:Trojan.Win32.Generic.12AF6823!313485347 20150423
SUPERAntiSpyware Trojan.Agent/Gen-Faker[desc] 20150423
Sophos Troj/Agent-AMIR 20150423
Symantec Trojan Horse 20150423
Tencent Trojan.Win32.Qudamah.Gen.5 20150423
TheHacker Trojan/Lebag.klg 20150422
TotalDefense Win32/Dofoil.A!generic 20150423
TrendMicro TSPY_SINOWAL.WC 20150423
TrendMicro-HouseCall TSPY_SINOWAL.WC 20150423
VBA32 BScope.Trojan.Ramnit.5112 20150423
VIPRE Trojan.Win32.Generic!BT 20150423
ViRobot Worm.Win32.Agent.135680.A[h] 20150423
Zillya Trojan.Lebag.Win32.1600 20150422
nProtect Trojan/W32.Agent.135680.LI 20150423
AegisLab 20150423
Alibaba 20150423
ByteHero 20150423
ClamAV 20150423
Zoner 20150422
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
F-PROT UPX
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2006-11-19 02:49:33
Link date 3:49 AM 11/19/2006
Entry Point 0x0003EBD0
Number of sections 3
PE sections
PE imports
InitCommonControls
VirtualFree
ExitProcess
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
StrCmpW
Number of PE resources by type
RT_STRING 15
RT_MENU 8
RT_DIALOG 4
RT_ICON 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 30
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
5.2

ImageVersion
10.3

FileSubtype
0

FileVersionNumber
2.6.0.0

UninitializedDataSize
122880

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
4096

FileOS
Windows NT 32-bit

MIMEType
application/octet-stream

LegalCopyright
Desk Koala Yam Sown 1998-2007

FileVersion
2.6

TimeStamp
2006:11:19 03:49:33+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Suzy Leaf Pearl

ProductVersion
2.6

FileDescription
Teak Quill Chloe

OSVersion
7.0

OriginalFilename
Aha.exe

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Bitrix

CodeSize
131072

ProductName
Dave Cloud Stormy

ProductVersionNumber
2.6.0.0

EntryPoint
0x3ebd0

ObjectFileType
Executable application

Execution parents
Compressed bundles
PCAP parents
File identification
MD5 607b2219fbcfbfe8e6ac9d7f3fb8d50e
SHA1 a7771cd3b99f7201b331323f03e2d596778b610e
SHA256 f52bfac9637aea189ec918d05113c36f5bcf580f3c0de8a934fe3438107d3f0c
ssdeep
3072:ZxmzLvbo87oUaVkvCZggzDkZs+2byXBA8tNo99yEYZ5:ZEvbo7UaW6VDkA6tO+EY

authentihash 66643889a150eb82534302f85da36c62df00be14d61fe726a309ce946f87abfd
imphash 4b9ed7e1a2254f9e1d3fd2d12ac14b7e
File size 132.5 KB ( 135680 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID UPX compressed Win32 Executable (42.3%)
Win32 EXE Yoda's Crypter (36.7%)
Win32 Dynamic Link Library (generic) (9.1%)
Win32 Executable (generic) (6.2%)
Generic Win/DOS Executable (2.7%)
Tags
peexe upx

VirusTotal metadata
First submission 2012-01-05 11:31:37 UTC ( 3 years, 3 months ago )
Last submission 2015-04-23 15:07:53 UTC ( 4 days, 9 hours ago )
File names Ramnit_607B2219FBCFBFE8E6AC9D7F3FB8D50E.exe
a7771cd3b99f7201b331323f03e2d596778b610e.bin
file
scan001.pdf.exe
info.exe
1164594
94f6dd4.exe
6247f8d.exe
607B2219FBCFBFE8E6AC9D7F3FB8D50E_Ramnit
nhptugtstukgwpyi.exe
607b2219fbcfbfe8e6ac9d7f3fb8d50e
18295.malware
134-128-2
2848 16.01.2012 06.52.08.290
contagio_f52bfac9637aea189ec918d05113c36f5bcf580f3c0de8a934fe3438107d3f0c
607B2219FBCFBFE8E6AC9D7F3FB8D50E_Ramnit
Ramnit_607B2219FBCFBFE8E6AC9D7F3FB8D50E
vcryserj.exe
Aha.exe
16
607b2219fbcfbfe8e6ac9d7f3fb8d5e
Ramnit_607B2219FBCFBFE8E6AC9D7F3FB8D50E
ducdmddvaeixegyi.exe
file-3373219_exe
lpeihbfb.exe
Advanced heuristic and reputation engines
ClamAV PUA
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: http://www.clamav.net/doc/pua.html .

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!