| SHA256: | fc6949bd068c482ec6dc5c0e308f9c7c106ce0cee369c708188c1ee7c96616e5 |
| File name: | d6aed23d0088f70cb91634f72ad |
| Detection ratio: | 19 / 42 |
| Analysis date: | 2012-08-23 14:36:06 UTC ( 6 years, 6 months ago ) |
| Antivirus | Result | Update |
|---|---|---|
| AntiVir | TR/VB.Krypt.BMQ | 20120823 |
| Avast | Win32:VBCrypt-BMQ [Trj] | 20120823 |
| AVG | Dropper.Generic6.BAXK | 20120823 |
| ByteHero | Virus.Win32.Heur.c | 20120822 |
| Comodo | UnclassifiedMalware | 20120823 |
| Emsisoft | Trojan-Dropper.Win32.Injector!IK | 20120823 |
| eSafe | Suspicious File | 20120823 |
| ESET-NOD32 | Win32/Spatet.I | 20120822 |
| Fortinet | W32/Injector.FPHR!tr | 20120823 |
| GData | Win32:VBCrypt-BMQ | 20120823 |
| K7AntiVirus | Trojan | 20120822 |
| Kaspersky | Trojan-Dropper.Win32.Injector.fphr | 20120823 |
| McAfee | Artemis!D6AED23D0088 | 20120823 |
| McAfee-GW-Edition | Heuristic.BehavesLike.Win32.Suspicious-DTR.G | 20120823 |
| Norman | W32/Suspicious_Gen4.AUZQR | 20120823 |
| Panda | Suspicious file | 20120823 |
| TrendMicro | Possible_Virus | 20120823 |
| TrendMicro-HouseCall | Possible_Virus | 20120823 |
| VIPRE | Trojan.Win32.Generic!BT | 20120823 |
| AhnLab-V3 | 20120823 | |
| Antiy-AVL | 20120822 | |
| BitDefender | 20120823 | |
| CAT-QuickHeal | 20120823 | |
| ClamAV | 20120823 | |
| Commtouch | 20120823 | |
| DrWeb | 20120823 | |
| F-Prot | 20120823 | |
| F-Secure | 20120823 | |
| Ikarus | 20120818 | |
| Jiangmin | 20120823 | |
| Microsoft | 20120823 | |
| nProtect | 20120823 | |
| PCTools | 20120823 | |
| Rising | 20120823 | |
| Sophos AV | 20120823 | |
| SUPERAntiSpyware | 20120823 | |
| Symantec | 20120823 | |
| TheHacker | 20120822 | |
| TotalDefense | 20120823 | |
| VBA32 | 20120823 | |
| ViRobot | 20120823 | |
| VirusBuster | 20120823 |
The file being studied is a Portable Executable file!
More specifically, it is a Win32 EXE
file
for the Windows GUI subsystem.
Packers identified
F-PROT UPX
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1970-03-16 20:45:04
Entry Point 0x00008780
Number of sections 3
PE sections
PE imports
Number of PE resources by type
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 1
SPANISH MODERN 1
ExifTool file metadata
MIMEType
application/octet-stream
Subsystem
Windows GUI
MachineType
Intel 386 or later, and compatibles
TimeStamp
1970:03:16 21:45:04+01:00
FileType
Win32 EXE
PEType
PE32
CodeSize
8192
LinkerVersion
6.0
Warning
Invalid Version Info block
EntryPoint
0x8780
InitializedDataSize
4096
SubsystemVersion
4.0
ImageVersion
1.0
OSVersion
4.0
UninitializedDataSize
24576
File identification
MD5 d6aed23d0088f70cb91634f72ad2777e
SHA1 50a2d85ab242b49b28b5c51f3d580f7d126f1b7d
SHA256 fc6949bd068c482ec6dc5c0e308f9c7c106ce0cee369c708188c1ee7c96616e5
ssdeep
6144:2Nl2LQY1+jdVEqgWwhFPsT4Y8bLBbJfFxd0PVLOm:2/TY1+vlxwEZ8bLDra5V
File size
300.0 KB ( 307200 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit
| TrID |
Win32 EXE Yoda's Crypter (67.9%) Win32 Executable Generic (21.8%) Generic Win/DOS Executable (5.1%) DOS Executable Generic (5.1%) Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%) |
Tags
peexe
upx
VirusTotal metadata
First submission
2012-08-23 14:36:06 UTC ( 6 years, 6 months ago )
Last submission
2012-08-23 14:36:06 UTC ( 6 years, 6 months ago )
| File names |
d6aed23d0088f70cb91634f72ad |
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the
scanned file presents certain characteristics which depending on the
user policies and environment may or may not represent a threat. For
full details see:
https://www.clamav.net/documents/potentially-unwanted-applications-pua
.
Symantec reputation
Suspicious.Insight
No comments.
No VirusTotal Community member has commented on this item yet, be the first one to do so!
You have not signed in. Only registered users can leave comments, sign in and have a voice!
No votes.
No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the
behaviour of the file when executed in a controlled environment. The actions
and events described were either performed by the file itself or by any other
process launched by the executed file or subjected to code injection by the
executed file.
Opened files
Hooking activity
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the
DeviceIoControl
Windows API function.
The file installs an application-defined hook procedure into a hook chain. You
would install a hook procedure to monitor the system for certain types of
events. These events are associated either with a specific thread or with all
threads in the same desktop as the calling thread. This is done making use of
the
SetWindowsHook Windows API function.