× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: f9a27662d60610cb34730d880687643c603788870d71a87076ae0e651b86c450
File name: vt-upload-lXCq1
Detection ratio: 38 / 45
Analysis date: 2013-08-30 14:17:59 UTC ( 7 months, 2 weeks ago )
Antivirus Result Update
AVG BackDoor.Generic17.GHR 20130830
Agnitum Backdoor.Pushdo!ahKamISERp8 20130829
AhnLab-V3 Trojan/Win32.Agent 20130830
AntiVir TR/Dropper.Gen 20130830
Avast Win32:Downloader-TGO [Trj] 20130830
BitDefender Trojan.GenericKDZ.17894 20130830
CAT-QuickHeal Trojan.Cutwail.AQ 20130830
Commtouch W32/Backdoor.EBBM-8452 20130830
Comodo TrojWare.Win32.Kryptik.BAVK 20130830
DrWeb BackDoor.Bulknet.893 20130830
ESET-NOD32 a variant of Win32/Kryptik.BCEJ 20130830
Emsisoft Trojan.GenericKDZ.17894 (B) 20130830
Fortinet W32/Pushdo.PYD!tr.bdr 20130830
GData Trojan.GenericKDZ.17894 20130830
Ikarus Backdoor.Win32.Pushdo 20130830
Jiangmin Backdoor/Pushdo.aak 20130830
K7AntiVirus Backdoor 20130830
K7GW Trojan 20130830
Kaspersky Backdoor.Win32.Pushdo.qdm 20130830
Malwarebytes Trojan.Cutwail 20130830
McAfee Cutwail-FBYD!4F6237F0F9A9 20130830
McAfee-GW-Edition Cutwail-FBYD!4F6237F0F9A9 20130829
MicroWorld-eScan Trojan.GenericKDZ.17894 20130830
Microsoft TrojanDownloader:Win32/Cutwail.BS 20130830
NANO-Antivirus Trojan.Win32.Pushdo.cbixji 20130830
Norman Pushdo.J 20130830
PCTools Malware.Pilleuz 20130830
Panda Trj/CI.A 20130830
SUPERAntiSpyware Trojan.Agent/Gen-Cutwail 20130830
Sophos Mal/Generic-S 20130830
Symantec W32.Pilleuz!gen39 20130830
TheHacker Trojan/Kryptik.bcej 20130830
TrendMicro TROJ_SPNR.1AFC13 20130830
TrendMicro-HouseCall TROJ_SPNR.1AFC13 20130830
VBA32 Backdoor.Pushdo 20130829
VIPRE Trojan-Downloader.Win32.Cutwail.bx (v) 20130830
ViRobot Trojan.Win32.S.Agent.38400.AC 20130830
nProtect Trojan/W32.Small.38400.OF 20130830
Antiy-AVL 20130830
ByteHero 20130814
ClamAV 20130830
F-Prot 20130830
Kingsoft 20130829
Rising 20130830
TotalDefense 20130829
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2008-05-08 16:18:40
Entry Point 0x00001019
Number of sections 4
PE sections
PE imports
GetVersion
GetModuleHandleA
GetProcAddress
GetDCEx
MessageBoxW
Number of PE resources by type
RT_DIALOG 3
RT_BITMAP 1
RT_MENU 1
Number of PE resources by language
ENGLISH US 5
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2008:05:08 17:18:40+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
1024

LinkerVersion
5.12

EntryPoint
0x1019

InitializedDataSize
36352

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 4f6237f0f9a970099406e6a3790726ab
SHA1 88de7706cbe6453b84a7510922faea4b2cdc88f8
SHA256 f9a27662d60610cb34730d880687643c603788870d71a87076ae0e651b86c450
ssdeep
768:cBCpzyE3ifiHV+og29g0lV3ktfd7Tk7LZ0Tuam2iRB4g1B/:2diHV02bltshTk7dmynLB

File size 37.5 KB ( 38400 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
Clipper DOS Executable (11.7%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2013-05-14 16:27:12 UTC ( 11 months, 1 week ago )
Last submission 2013-07-11 20:47:29 UTC ( 9 months, 1 week ago )
File names file-5493081_virus
XUTWEZUQCECL.EXE
vt-upload-lXCq1
xutwezuqcecl.exe
vti-rescan
m252.exe
xutwezuqcecl.exe.vir
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!