× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: f67ef63dbf05eb59e0d91fb95698613294987ea2332a9f0c17d299e601c84cef
File name: f67ef63dbf05eb59e0d91fb95698613294987ea2332a9f0c17d299e601c84cef
Detection ratio: 5 / 43
Analysis date: 2011-10-08 11:07:10 UTC ( 5 years, 11 months ago ) View latest
Antivirus Result Update
AntiVir TR/Dropper.Gen 20111007
Fortinet W32/PackedJkXtoobr.B!tr 20111008
Kaspersky Trojan.Win32.Jorik.Xtoober.aiz 20111008
TrendMicro TROJ_KRYPTK.SMHX 20111008
TrendMicro-HouseCall TROJ_KRYPTK.SMHX 20111008
AhnLab-V3 20111007
Antiy-AVL 20111008
Avast 20111008
AVG 20111007
BitDefender 20111008
ByteHero 20110923
CAT-QuickHeal 20111007
ClamAV 20111007
Commtouch 20111008
Comodo 20111008
DrWeb 20111008
Emsisoft 20111008
eSafe 20111006
eTrust-Vet 20111007
F-Prot 20111007
F-Secure 20111008
GData 20111008
Ikarus 20111008
Jiangmin 20111007
K7AntiVirus 20111007
McAfee 20111008
McAfee-GW-Edition 20111007
Microsoft 20111008
NOD32 20111008
Norman 20111007
nProtect 20111008
Panda 20111008
PCTools 20111008
Prevx 20111008
Rising 20111008
Sophos AV 20111008
SUPERAntiSpyware 20111008
Symantec 20111008
TheHacker 20111008
VBA32 20111007
VIPRE 20111008
ViRobot 20111008
VirusBuster 20111007
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2011-10-08 08:11:15
Entry Point 0x0000A310
Number of sections 7
PE sections
PE imports
CreateCompatibleDC, CreateDIBitmap, CreateFontIndirectW, CreateSolidBrush, DeleteDC, DeleteObject, Escape, ExtTextOutW, TranslateCharsetInfo, TextOutW, StretchBlt, SetTextColor, SetStretchBltMode, SetBkColor, SelectObject, PatBlt, GetTextMetricsW, GetTextFaceW, GetTextExtentPointW, GetTextExtentPoint32W, GetStockObject, GetDeviceCaps, BitBlt
GetModuleHandleW, LoadLibraryW, GetWindowsDirectoryA, lstrcatA, CreateFileA, GetModuleHandleA, LoadLibraryA, GetProcAddress
InvalidateRect, IsClipboardFormatAvailable, IsDialogMessageW, IsZoomed, LoadAcceleratorsW, LoadIconW, OpenClipboard, PeekMessageW, GetWindowPlacement, PostQuitMessage, RegisterWindowMessageW, ReleaseCapture, ReleaseDC, ScreenToClient, SetCapture, SetCursor, SetCursorPos, SetWindowTextW, SetWindowsHookExW, ShowCursor, ShowWindow, TranslateMDISysAccel, TranslateMessage, UpdateWindow, wsprintfW, GetSystemMetrics, GetSystemMenu, GetSysColor, GetSubMenu, GetMessageW, GetMenu, GetDlgItemInt, GetClipboardData, GetClientRect, FillRect, EnumChildWindows, EndPaint, EnableWindow, DrawMenuBar, DispatchMessageW, DestroyWindow, DefMDIChildProcW, DefFrameProcW, CreateDialogParamW, CloseClipboard, CheckMenuItem, CallNextHookEx, BeginPaint, PostMessageW
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2011:10:08 10:11:15+02:00

FileType
Win32 EXE

PEType
PE32

CodeSize
40448

LinkerVersion
9.0

EntryPoint
0xa310

InitializedDataSize
11264

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
0

File identification
MD5 b45a7769382234d13ac73f65ba43b7f7
SHA1 687af414ca194a886b6a6b7d757f6bfcd71acb5b
SHA256 f67ef63dbf05eb59e0d91fb95698613294987ea2332a9f0c17d299e601c84cef
ssdeep
768:F4AM/cTGKyf9IBejQsoYcw9RL18obfL2yqx1jbb4olDyP9:KAM/cSh168QzQL18OQ+

File size 51.5 KB ( 52736 bytes )
File type Win32 EXE
Magic literal
MS-DOS executable PE for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
VirusTotal metadata
First submission 2011-10-08 11:07:10 UTC ( 5 years, 11 months ago )
Last submission 2012-04-28 15:20:52 UTC ( 5 years, 4 months ago )
File names b45a7769382234d13ac73f65ba43b7f7
2011112
f67ef63dbf05eb59e0d91fb95698613294987ea2332a9f0c17d299e601c84cef
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!