× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: f9cb4a21a5998d902db952fd2bbdec2071c56a7d4f5db714b5452abbe5ef5294
File name: VirusShare_7b3d9e48deac8d0b33f6fc4235361cbd
Detection ratio: 40 / 50
Analysis date: 2014-03-06 09:15:24 UTC ( 1 month, 2 weeks ago )
Antivirus Result Update
AVG BackDoor.Generic17.BGBA 20140305
Ad-Aware Trojan.GenericKD.1223054 20140306
Agnitum Backdoor.Androm!C6qc6r6zpTo 20140305
AhnLab-V3 Trojan/Win32.ZAccess 20140305
AntiVir BDS/Androm.apac 20140306
Antiy-AVL Trojan[Spy]/Win32.Zbot 20140306
Avast Win32:Fareit-IY [Trj] 20140306
Baidu-International Backdoor.Win32.Androm.ASa 20140306
BitDefender Trojan.GenericKD.1223054 20140306
Bkav W32.HfsAutoA.87af 20140305
CAT-QuickHeal Trojan.VBInject 20140306
Comodo TrojWare.Win32.Injector.AMDV 20140306
DrWeb Trojan.Spambot.12318 20140306
ESET-NOD32 Win32/Delf.ONC 20140306
Emsisoft Trojan.GenericKD.1223054 (B) 20140306
F-Secure Trojan.GenericKD.1223054 20140306
Fortinet W32/Zbot.PLZN!tr 20140306
GData Trojan.GenericKD.1223054 20140306
Ikarus Trojan-PWS.Win32.Fareit 20140306
Jiangmin Backdoor/Androm.cdu 20140306
K7GW Trojan ( 004561211 ) 20140305
Kaspersky HEUR:Trojan.Win32.Generic 20140306
Kingsoft Win32.Troj.Generic.a.(kcloud) 20140306
Malwarebytes Trojan.Agent.ED 20140306
McAfee RDN/Generic BackDoor!tk 20140306
McAfee-GW-Edition RDN/Generic BackDoor!tk 20140306
MicroWorld-eScan Trojan.GenericKD.1223054 20140306
Microsoft VirTool:Win32/VBInject 20140306
NANO-Antivirus Trojan.Win32.Spambot.crvaat 20140306
Norman Suspicious_Gen5.AEWSO 20140306
Panda Trj/dtcontx.G 20140305
Qihoo-360 HEUR/Malware.QVM01.Gen 20140306
Rising PE:Trojan.Win32.Generic.15D9999C!366582172 20140305
Sophos Troj/Inject-AKN 20140306
Symantec Trojan.Zbot 20140306
TrendMicro TROJ_SPNR.35JA13 20140306
TrendMicro-HouseCall TROJ_SPNR.35JA13 20140306
VBA32 TrojanSpy.Zbot 20140305
VIPRE Trojan.Win32.Zbot.c (v) 20140306
nProtect Trojan.GenericKD.1223054 20140305
ByteHero 20140306
CMC 20140228
ClamAV 20140305
Commtouch 20140306
F-Prot 20140306
K7AntiVirus 20140305
SUPERAntiSpyware 20140306
TheHacker 20140305
TotalDefense 20140306
ViRobot 20140306
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-08-31 10:40:43
Link date 11:40 AM 8/31/2013
Entry Point 0x00001240
Number of sections 5
PE sections
PE imports
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
CreateToolbarEx
PropertySheetA
MenuHelp
DestroyPropertySheetPage
InitCommonControls
ImageList_Add
GetEffectiveClientRect
CreatePropertySheetPageA
CreateMappedBitmap
CloseFigure
CreateFontA
EndPath
CancelDC
CreateColorSpaceA
SetUnhandledExceptionFilter
GetModuleHandleA
ExitProcess
VirtualProtectEx
_cexit
__p__fmode
malloc
__p__environ
signal
_onexit
atexit
_setmode
__getmainargs
_iob
sin
__set_app_type
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2013:08:31 11:40:43+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
59392

LinkerVersion
2.56

FileAccessDate
2014:03:06 10:16:54+01:00

EntryPoint
0x1240

InitializedDataSize
19968

SubsystemVersion
4.0

ImageVersion
1.0

OSVersion
4.0

FileCreateDate
2014:03:06 10:16:54+01:00

UninitializedDataSize
512

Compressed bundles
File identification
MD5 7b3d9e48deac8d0b33f6fc4235361cbd
SHA1 383b587b045eed8f61ebfff03562eee6694fe998
SHA256 f9cb4a21a5998d902db952fd2bbdec2071c56a7d4f5db714b5452abbe5ef5294
ssdeep
768:5F0DdiwNm8pBYKPkYBDt3x4LFCM950DDsXzbHzWX+:MddNlLkYBhwQEXX6

imphash 2929e28e0559de058f3ef6618a29f02c
File size 108.0 KB ( 110592 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (61.6%)
Win32 Dynamic Link Library (generic) (14.6%)
Win32 Executable (generic) (10.0%)
Win16/32 Executable Delphi generic (4.6%)
Generic Win/DOS Executable (4.4%)
Tags
peexe

VirusTotal metadata
First submission 2013-08-31 15:51:48 UTC ( 7 months, 3 weeks ago )
Last submission 2014-01-01 20:16:17 UTC ( 3 months, 2 weeks ago )
File names 383b587b045eed8f61ebfff03562eee6694fe998-7b3d9e48deac8d0b33f6fc4235361cbd.01.exe.vir
b1c66eeeaebe8bc15499e9927a23bc1dab4c76f1
output.14639172.txt
VirusShare_7b3d9e48deac8d0b33f6fc4235361cbd
14639172
Advanced heuristic and reputation engines
ClamAV PUA
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: http://www.clamav.net/index.php?s=pua&lang=en .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!