× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: fb46ea9617e0c8ead0e4358da6233f3706cfc6bbbeba86a87aaab28bb0b21241
File name: fb46ea9617e0c8ead0e4358da6233f3706cfc6bbbeba86a87aaab28bb0b21241
Detection ratio: 37 / 45
Analysis date: 2012-12-12 19:38:49 UTC ( 6 years, 3 months ago ) View latest
Antivirus Result Update
AhnLab-V3 Trojan/Win32.PornoAsset 20121212
AntiVir TR/Crypt.XPACK.Gen 20121212
Avast Win32:Kryptik-JUZ [Trj] 20121212
AVG PSW.Generic10.RVD 20121212
BitDefender Gen:Heur.PIF.4 20121212
ClamAV Win.Trojan.Agent-24041 20121212
Commtouch W32/Falab.F.gen!Eldorado 20121212
Comodo TrojWare.Win32.Kryptik.ALBY 20121212
DrWeb Trojan.FakeAV.13019 20121212
Emsisoft Trojan.Win32.AMN (A) 20121212
ESET-NOD32 a variant of Win32/Kryptik.ALBY 20121212
F-Prot W32/Falab.F.gen!Eldorado 20121212
F-Secure Gen:Heur.PIF.4 20121212
Fortinet W32/Yakes.AP!tr 20121212
GData Gen:Heur.PIF.4 20121212
Ikarus Trojan-Ransom.Win32.PornoAsset 20121212
Jiangmin Trojan/Generic.auwvr 20121212
K7AntiVirus Riskware 20121212
Kaspersky HEUR:Trojan.Win32.Generic 20121212
Kingsoft Win32.Troj.Undef.(kcloud) 20121210
Malwarebytes Trojan.Agent 20121212
McAfee PWS-Zbot.gen.als 20121212
McAfee-GW-Edition PWS-Zbot.gen.als 20121212
Microsoft VirTool:Win32/Obfuscator.PN 20121212
eScan Gen:Heur.PIF.4 20121212
NANO-Antivirus Trojan.Win32.XPACK.xovpr 20121212
Norman W32/Kryptik.BVB 20121212
Panda Trj/Genetic.gen 20121212
Sophos AV Mal/ZboCheMan-A 20121212
SUPERAntiSpyware Trojan.Agent/Gen-Kryptik 20121212
Symantec Infostealer.Dexter 20121212
TheHacker Trojan/Kryptik.alby 20121211
TotalDefense Win32/Zbot.AM!generic 20121212
TrendMicro TROJ_GEN.R47CFIG 20121212
TrendMicro-HouseCall TROJ_GEN.R47CFIG 20121212
VBA32 BScope.Trojan-Ransom.Winlock.1795 20121212
VIPRE Trojan.Win32.Generic!BT 20121212
Yandex 20121212
Antiy-AVL 20121212
ByteHero 20121212
CAT-QuickHeal 20121212
eSafe 20121212
nProtect 20121212
Rising 20121212
ViRobot 20121212
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2011-03-25 18:26:37
Entry Point 0x00004222
Number of sections 6
PE sections
PE imports
GetProcessHeap
StrToIntExA
GetMessageTime
GetQueueStatus
IsCharAlphaW
GetDoubleClickTime
PE exports
Number of PE resources by type
RT_DIALOG 2
Number of PE resources by language
ENGLISH US 2
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2011:03:25 19:26:37+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
38912

LinkerVersion
10.0

ImageFileCharacteristics
Executable, 32-bit

FileTypeExtension
exe

InitializedDataSize
12800

SubsystemVersion
5.1

EntryPoint
0x4222

OSVersion
5.1

ImageVersion
0.0

UninitializedDataSize
0

Compressed bundles
File identification
MD5 ed783ccea631bde958ac64185ca6e6b6
SHA1 0fcbd08ec62ce6a15f6247ac7b41ba29110b6bb9
SHA256 fb46ea9617e0c8ead0e4358da6233f3706cfc6bbbeba86a87aaab28bb0b21241
ssdeep
1536:ps9HIogEG69LHn9OuAC2pWfVW8Ehby2cmTA:wHIogf69LHnxrfVWje9aA

authentihash 5f8ff3341d244a1830aae428bab45ec4ee14b3369d90df0720b4c52be1b50d20
imphash 7b6b94418de38e5a55d0a8f6c85844c7
File size 51.5 KB ( 52736 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2012-09-16 14:17:32 UTC ( 6 years, 6 months ago )
Last submission 2018-11-10 05:19:50 UTC ( 4 months, 1 week ago )
File names dexter_fb46ea9617e0c8ead0e4358da6233f3706cfc6bbbeba86a87aaab28bb0b21241
dexter_fb46ea9617e0c8ead0e4358da6233f3706cfc6bbbeba86a87aaab28bb0b21241
file-4878986_exe
fb46ea9617e0c8ead0e4358da6233f3706cfc6bbbeba86a87aaab28bb0b21241.exe
GW8540Fq8.gif
fb46ea9617e0c8ead0e4358da6233f3706cfc6bbbeba86a87aaab28bb0b21241
ed783ccea631bde958ac64185ca6e6b6
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Copied files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs