× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: f5bae4af644b63a568ad476e2d045197a0550b90abc8d5885ee1f7a3b1804340
File name: G41U_l.tiff
Detection ratio: 40 / 43
Analysis date: 2010-12-30 09:20:31 UTC ( 6 years, 10 months ago )
Antivirus Result Update
AhnLab-V3 Win-Trojan/Malware.91136.AH 20101230
AntiVir TR/Crypt.XPACK.Gen 20101229
Antiy-AVL Trojan/Win32.Bancos.gen 20101230
Avast Win32:Zbot-MNT 20101229
Avast5 Win32:Zbot-MNT 20101229
AVG unknown virus Win32/DH.CAFF8402A2 20101230
BitDefender Trojan.Generic.CJ.AKBO 20101230
CAT-QuickHeal TrojanBanker.Bancos.lte 20101230
ClamAV Trojan.Zbot-8505 20101230
Command W32/VirTool.BVB 20101230
Comodo TrojWare.Win32.TrojanSpy.Zbot.Gen 20101230
DrWeb Trojan.PWS.Panda.122 20101230
Emsisoft Trojan-Banker.Win32.Bancos!IK 20101230
eSafe Win32.VirToolObfusca 20101228
eTrust-Vet Win32/Zbot.AFY 20101230
F-Prot W32/VirTool.BVB 20101229
F-Secure Trojan.Generic.CJ.AKBO 20101230
GData Trojan.Generic.CJ.AKBO 20101230
Ikarus Trojan-Banker.Win32.Bancos 20101230
Jiangmin Trojan/Pakes.jho 20101230
K7AntiVirus Trojan 20101229
Kaspersky Packed.Win32.Katusha.o 20101230
McAfee Generic.dx!ljc 20101230
McAfee-GW-Edition Heuristic.LooksLike.Win32.SuspiciousPE.C 20101229
Microsoft PWS:Win32/Zbot 20101230
NOD32 a variant of Win32/Kryptik.BTJ 20101229
Norman W32/Bancos.ANMW 20101229
nProtect Trojan.Generic.CJ.AKBO 20101230
Panda Trj/CI.A 20101229
PCTools Trojan.Generic 20101230
Prevx Medium Risk Malware 20101230
Sophos AV Mal/EncPk-NS 20101230
Symantec Trojan Horse 20101230
TheHacker Trojan/Spy.Zbot.aeic 20101230
TrendMicro TSPY_ZBOT.FAG 20101230
TrendMicro-HouseCall TSPY_ZBOT.FAG 20101230
VBA32 Malware-Cryptor.Win32.Vals.21 20101228
VIPRE Trojan.Win32.Generic!BT 20101230
ViRobot Trojan.Win32.S.Bancos.91136 20101230
VirusBuster Trojan.PWS.Bancos!mAVqTl5RTlc 20101229
Fortinet 20101230
Rising 20101230
SUPERAntiSpyware 20101230
The file being studied is a Portable Executable file! More specifically, it is a DOS EXE file.
PE header basic information
Number of sections 8
PE sections
PE imports
PrivilegedServiceAuditAlarmA
RegCloseKey
RegDeleteKeyA
RegEnumKeyA
RegGetKeySecurity
RegOpenKeyA
RegQueryValueA
RevertToSelf
SetSecurityDescriptorControl
SetTokenInformation
CopyMetaFileA
EndDoc
FillPath
SetBkColor
SetTextColor
CompareStringA
EnumSystemLocalesA
GetCommandLineA
GetExitCodeProcess
GetFileSize
GetModuleHandleA
GetProcAddress
GetTickCount
GetVersion
GlobalLock
IsDebuggerPresent
LoadLibraryA
SwitchToThread
UnmapViewOfFile
VirtualAlloc
VirtualFree
lstrcmpA
lstrcpyA
lstrlenA
ClientToScreen
ClipCursor
EqualRect
FindWindowExA
GetMenu
GetMessagePos
GetTopWindow
InvalidateRect
IsCharUpperA
IsWindow
LoadCursorA
MonitorFromRect
PeekMessageA
SetCaretPos
ShowCaret
ShowCursor
SwitchDesktop
TrackMouseEvent
TrackPopupMenuEx
ExifTool file metadata
MIMEType
application/octet-stream

FileType
DOS EXE

File identification
MD5 a5b21d1601b0cd72609a94120cbf29e2
SHA1 c6401b6b5d14c8c1ecd20ef08d59aaae62fd60f4
SHA256 f5bae4af644b63a568ad476e2d045197a0550b90abc8d5885ee1f7a3b1804340
ssdeep
1536:FtfPWR0DardAYqUHoVYQYLfqYdr30XTQFKzyWRazzaVXeoYHn:/fPUModlqqoVHYDqWwjAKx4suoYHn

File size 89.0 KB ( 91136 bytes )
File type DOS EXE
Magic literal

TrID Win32 Executable Generic (67.8%)
Generic Win/DOS Executable (15.9%)
DOS Executable Generic (15.9%)
VXD Driver (0.2%)
VirusTotal metadata
First submission 2010-01-17 19:46:20 UTC ( 7 years, 10 months ago )
Last submission 2010-12-30 09:20:31 UTC ( 6 years, 10 months ago )
File names G41U_l.tiff
Behaviour characterization
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!