× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: f7fca74812707ec4b10b2302b8bb2a94a979f6b4d47c5557cea98f975efb1cec
File name: 554-0002.exe
Detection ratio: 45 / 56
Analysis date: 2014-12-01 16:36:30 UTC ( 3 years, 7 months ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Symmi.1434 20141201
Yandex FraudTool.FakeSysDef!oppt5Zm3hns 20141201
AhnLab-V3 Trojan/Win32.FakeAV 20141201
ALYac Gen:Variant.Symmi.1434 20141201
Antiy-AVL Trojan[FakeAV]/Win32.FakeSysDef 20141201
Avast Win32:FakeSysdef-PX [Trj] 20141201
AVG Generic29.BNBL 20141201
Avira (no cloud) TR/Crypt.EPACK.Gen2 20141201
AVware Trojan.Win32.FakeSysDef.ctj (v) 20141121
Baidu-International Trojan.Win32.Kryptik.bAMCO 20141201
BitDefender Gen:Variant.Symmi.1434 20141201
Bkav HW32.Packed.A9C6 20141201
CMC Packed.Win32.Fareit.2!O 20141201
Comodo UnclassifiedMalware 20141201
DrWeb Trojan.Fakealert.33688 20141201
Emsisoft Gen:Variant.Symmi.1434 (B) 20141201
ESET-NOD32 a variant of Win32/Kryptik.AMCO 20141201
F-Secure Gen:Variant.Symmi.1434 20141201
Fortinet W32/FakeAV.GFI!tr 20141129
GData Gen:Variant.Symmi.1434 20141201
Ikarus Trojan.Win32.FakeSysdef 20141201
Jiangmin Trojan/FakeSysDef.aml 20141201
K7AntiVirus Trojan ( 003ee4c41 ) 20141201
K7GW Trojan ( 003ee4c41 ) 20141201
Kaspersky HEUR:Trojan.Win32.Generic 20141201
Malwarebytes Trojan.FakeAV 20141201
McAfee FakeAlert-SysDef.ao 20141201
McAfee-GW-Edition BehavesLike.Win32.PWSZbot.fc 20141201
Microsoft Trojan:Win32/FakeSysdef 20141201
eScan Gen:Variant.Symmi.1434 20141201
NANO-Antivirus Trojan.Win32.Fakealert.bbwzum 20141201
Norman FakeAV.BIVL 20141201
nProtect Trojan/W32.Agent.380416.EG 20141201
Qihoo-360 HEUR/Malware.QVM07.Gen 20141201
Sophos AV Mal/FakeAV-OZ 20141201
SUPERAntiSpyware Trojan.Agent/Gen-FakeAlert 20141201
Symantec Trojan.Gen 20141201
Tencent Win32.Trojan-fakeav.Fakesysdef.Pcsi 20141201
TheHacker Trojan/Kryptik.amco 20141130
TrendMicro HS_FAKEAV.SM06 20141201
TrendMicro-HouseCall HS_FAKEAV.SM06 20141201
VBA32 TrojanFakeAV.FakeSysDef 20141201
VIPRE Trojan.Win32.FakeSysDef.ctj (v) 20141201
ViRobot Trojan.Win32.A.FakeSysDef.380416.O 20141201
Zillya Trojan.FakeSysDef.Win32.169 20141201
AegisLab 20141201
ByteHero 20141201
CAT-QuickHeal 20141201
ClamAV 20141201
Cyren 20141201
F-Prot 20141201
Kingsoft 20141201
Panda 20141201
Rising 20141201
TotalDefense 20141201
Zoner 20141127
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
PEiD Armadillo v1.71
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-09-21 18:04:41
Entry Point 0x00005A06
Number of sections 5
PE sections
PE imports
CloseEnhMetaFile
EndPage
DrawEscape
GetBkMode
EndDoc
Arc
GetBkColor
CreateSolidBrush
GetLastError
HeapFree
LocalLock
EnterCriticalSection
LCMapStringW
VirtualAllocEx
WaitForSingleObject
GetOEMCP
LCMapStringA
CopyFileA
HeapAlloc
GetThreadLocale
TlsAlloc
GetEnvironmentStringsW
LoadLibraryA
RtlUnwind
GetModuleFileNameA
GetStdHandle
FreeEnvironmentStringsA
DeleteCriticalSection
GetStartupInfoA
GetEnvironmentStrings
SetHandleCount
GetCPInfo
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
FreeEnvironmentStringsW
GetCommandLineA
GetUserDefaultLCID
HeapWalk
CreateMutexA
WideCharToMultiByte
GetStringTypeA
GetModuleHandleA
GetCurrentThreadId
GlobalReAlloc
WriteFile
GetCurrentProcess
ResetEvent
GetACP
HeapReAlloc
GetStringTypeW
GetProcAddress
TerminateProcess
InitializeCriticalSection
HeapCreate
VirtualFree
HeapDestroy
GetFileType
TlsSetValue
ExitProcess
GetVersion
OpenEventA
VirtualAlloc
SetLastError
LeaveCriticalSection
NetAuditWrite
NetAuditClear
NetConfigSet
NetConnectionEnum
NetFileGetInfo
NetUserDel
NetGetJoinInformation
NetGetJoinableOUs
Netbios
CompleteAuthToken
ApplyControlToken
EncryptMessage
AcceptSecurityContext
FreeCredentialsHandle
EndDeferWindowPos
CreateWindowExA
SetWindowTextA
GetDialogBaseUnits
IsWindow
SetDlgItemInt
GetClientRect
GetWindowTextA
ShowWindow
SetWindowPos
Number of PE resources by type
RT_ICON 1
RT_MANIFEST 1
RT_STRING 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 5
PE resources
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
430080

ImageVersion
0.0

FileVersionNumber
7.7.3.4

FileFlagsMask
0x0000

LinkerVersion
6.0

MIMEType
application/octet-stream

TimeStamp
2012:09:21 19:04:41+01:00

FileType
Win32 EXE

PEType
PE32

FileAccessDate
2014:12:01 17:36:34+01:00

SubsystemVersion
4.0

OSVersion
4.0

FileCreateDate
2014:12:01 17:36:34+01:00

FileOS
Unknown (0)

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
30208

FileSubtype
0

ProductVersionNumber
0.0.0.0

Warning
Possibly corrupt Version resource

EntryPoint
0x5a06

ObjectFileType
Unknown

File identification
MD5 b51c93fb8d8e55d1eb935c1ed5a749f7
SHA1 811c70ee4f61537c10a844f43ea31d309b8c95d7
SHA256 f7fca74812707ec4b10b2302b8bb2a94a979f6b4d47c5557cea98f975efb1cec
ssdeep
6144:g8jym4blJEixqx/EqXBs4xbnYD7yLx9GC+Q5zhxx+Nb+W5XzazWcAL:VmfJxNqxswVvzh7+gW5j3n

authentihash 55ce496568baabcdb00bcf76b88e554f4799b1396e031629beeef226de1c4de1
imphash 0ce01ec249ff8686821dbf481a53b017
File size 371.5 KB ( 380416 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe armadillo

VirusTotal metadata
First submission 2012-09-22 00:41:34 UTC ( 5 years, 10 months ago )
Last submission 2014-12-01 16:36:30 UTC ( 3 years, 7 months ago )
File names IzWg.chm
554-0002.exe
aa
b51c93fb8d8e55d1eb935c1ed5a749f7
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!