× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: f72a63c004508855a526779798c2d8ae035c87d2f43467cd9e1b0467dad67fa8
File name: f72a63c004508855a526779798c2d8ae035c87d2f43467cd9e1b0467dad67fa8
Detection ratio: 19 / 46
Analysis date: 2013-02-05 13:32:00 UTC ( 6 years, 1 month ago ) View latest
Antivirus Result Update
AntiVir TR/Agent.128000.40 20130205
Antiy-AVL Trojan/Win32.Agent.gen 20130205
Avast Win32:Trojan-gen 20130205
AVG PSW.Generic10.BBLR 20130205
BitDefender Trojan.Generic.8527646 20130205
ESET-NOD32 a variant of Win32/Spy.POSCardStealer.A 20130204
F-Secure Trojan.Generic.8527646 20130205
Fortinet W32/Trackr!tr 20130205
GData Trojan.Generic.8527646 20130205
Ikarus Trojan-Banker.Win32.Agent 20130205
Jiangmin Trojan/Banker.Agent.bwu 20121221
McAfee Generic-FRAX!AEF00DCD16D6 20130205
McAfee-GW-Edition Generic-FRAX!AEF00DCD16D6 20130205
eScan Trojan.Generic.8527646 20130205
Norman Suspicious_Gen4.BVGTJ 20130205
nProtect Trojan.Generic.8527646 20130205
Sophos AV Troj/Trackr-Gen 20130204
Symantec WS.Reputation.1 20130205
TrendMicro-HouseCall TROJ_GEN.R4FH1AF 20130205
Yandex 20130204
AhnLab-V3 20130205
ByteHero 20130204
CAT-QuickHeal 20130205
ClamAV 20130205
Commtouch 20130205
Comodo 20130205
DrWeb 20130205
Emsisoft 20130205
eSafe 20130204
F-Prot 20130201
K7AntiVirus 20130204
Kaspersky 20130204
Kingsoft 20130204
Malwarebytes 20130205
Microsoft 20130205
NANO-Antivirus 20130205
Panda 20130205
PCTools 20130205
Rising 20130205
SUPERAntiSpyware 20130205
TheHacker 20130205
TotalDefense 20130205
TrendMicro 20130205
VBA32 20130205
VIPRE 20130205
ViRobot 20130205
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1992-06-19 22:22:17
Entry Point 0x0001B4C4
Number of sections 8
PE sections
PE imports
CloseServiceHandle
RegCloseKey
StartServiceCtrlDispatcherA
OpenServiceA
SetServiceStatus
CreateServiceA
QueryServiceStatus
RegQueryValueExA
ControlService
DeleteService
RegOpenKeyExA
OpenSCManagerA
RegisterServiceCtrlHandlerA
GetLastError
EnumCalendarInfoA
GetStdHandle
EnterCriticalSection
FileTimeToDosDateTime
lstrlenA
GetStringTypeExA
WaitForSingleObject
FreeLibrary
QueryPerformanceCounter
GetTickCount
GetThreadLocale
GetVersionExA
GetModuleFileNameA
RtlUnwind
DuplicateHandle
GetLocalTime
DeleteCriticalSection
GetStartupInfoA
GetDateFormatA
LoadLibraryExA
GetLocaleInfoA
LocalAlloc
OpenProcess
VirtualQueryEx
CreateDirectoryA
DeleteFileA
GetCPInfo
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
ReadProcessMemory
GetCommandLineA
GetProcAddress
GetCurrentThread
GetFullPathNameA
SuspendThread
SetFilePointer
RaiseException
CompareStringA
CloseHandle
WideCharToMultiByte
GetModuleHandleA
FindFirstFileA
FormatMessageA
WriteFile
GetCurrentProcess
ReadFile
ResetEvent
lstrcpynA
FindNextFileA
GetACP
GetDiskFreeSpaceA
GetCurrentThreadId
FileTimeToLocalFileTime
SetFileAttributesA
SetEvent
LocalFree
ResumeThread
InitializeCriticalSection
VirtualQuery
VirtualFree
CreateEventA
FindClose
InterlockedDecrement
Sleep
GetFileType
SetEndOfFile
TlsSetValue
CreateFileA
ExitProcess
GetVersion
LeaveCriticalSection
VirtualAlloc
GetFileSize
InterlockedIncrement
VariantChangeType
SafeArrayGetLBound
SafeArrayPtrOfIndex
SysAllocStringLen
VariantClear
SafeArrayCreate
SysReAllocStringLen
SafeArrayGetUBound
VariantCopy
SysFreeString
VariantInit
GetSystemMetrics
LoadStringA
CharLowerA
CharNextA
CharUpperBuffA
MessageBoxA
CharUpperA
GetKeyboardType
CharToOemA
Number of PE resources by type
RT_STRING 7
RT_RCDATA 2
Number of PE resources by language
NEUTRAL 9
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
1992:06:19 23:22:17+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
108544

LinkerVersion
2.25

ImageFileCharacteristics
Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi

EntryPoint
0x1b4c4

InitializedDataSize
18432

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 aef00dcd16d6aad056a345ac320a8d99
SHA1 48db3a315d9e8bc0bce2c99cfde3bb9224af3dce
SHA256 f72a63c004508855a526779798c2d8ae035c87d2f43467cd9e1b0467dad67fa8
ssdeep
3072:giYkr6DJ2ZUSlcCwDesr/QOOGXbn4DQFu/U3buRKlemZ9DnGAeJo5CQh6BrUO3ss:Bv+KFiDXL4DQFu/U3buRKlemZ9DnGAeK

authentihash ea0df53cab4c3d51c0f786cd20afa9f50b76ee50a67bf7b48bcfc45266ced842
imphash b0f03f27e403bf09785047273f8a9c01
File size 125.0 KB ( 128000 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win32 Executable Borland Delphi 7 (95.2%)
Win32 Executable Delphi generic (2.0%)
Win32 Dynamic Link Library (generic) (0.9%)
Win32 Executable (generic) (0.6%)
Win16/32 Executable Delphi generic (0.2%)
Tags
peexe

VirusTotal metadata
First submission 2013-02-05 08:46:49 UTC ( 6 years, 1 month ago )
Last submission 2016-08-18 12:18:12 UTC ( 2 years, 7 months ago )
File names aef00dcd16d6aad056a345ac320a8d99
vti-rescan
f72a63c004508855a526779798c2d8ae035c87d2f43467cd9e1b0467dad67fa8
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files