× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: fc6949bd068c482ec6dc5c0e308f9c7c106ce0cee369c708188c1ee7c96616e5
File name: d6aed23d0088f70cb91634f72ad
Detection ratio: 19 / 42
Analysis date: 2012-08-23 14:36:06 UTC ( 6 years, 6 months ago )
Antivirus Result Update
AntiVir TR/VB.Krypt.BMQ 20120823
Avast Win32:VBCrypt-BMQ [Trj] 20120823
AVG Dropper.Generic6.BAXK 20120823
ByteHero Virus.Win32.Heur.c 20120822
Comodo UnclassifiedMalware 20120823
Emsisoft Trojan-Dropper.Win32.Injector!IK 20120823
eSafe Suspicious File 20120823
ESET-NOD32 Win32/Spatet.I 20120822
Fortinet W32/Injector.FPHR!tr 20120823
GData Win32:VBCrypt-BMQ 20120823
K7AntiVirus Trojan 20120822
Kaspersky Trojan-Dropper.Win32.Injector.fphr 20120823
McAfee Artemis!D6AED23D0088 20120823
McAfee-GW-Edition Heuristic.BehavesLike.Win32.Suspicious-DTR.G 20120823
Norman W32/Suspicious_Gen4.AUZQR 20120823
Panda Suspicious file 20120823
TrendMicro Possible_Virus 20120823
TrendMicro-HouseCall Possible_Virus 20120823
VIPRE Trojan.Win32.Generic!BT 20120823
AhnLab-V3 20120823
Antiy-AVL 20120822
BitDefender 20120823
CAT-QuickHeal 20120823
ClamAV 20120823
Commtouch 20120823
DrWeb 20120823
F-Prot 20120823
F-Secure 20120823
Ikarus 20120818
Jiangmin 20120823
Microsoft 20120823
nProtect 20120823
PCTools 20120823
Rising 20120823
Sophos AV 20120823
SUPERAntiSpyware 20120823
Symantec 20120823
TheHacker 20120822
TotalDefense 20120823
VBA32 20120823
ViRobot 20120823
VirusBuster 20120823
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
F-PROT UPX
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1970-03-16 20:45:04
Entry Point 0x00008780
Number of sections 3
PE sections
PE imports
Ord(581)
VirtualFree
ExitProcess
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
Number of PE resources by type
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 1
SPANISH MODERN 1
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
1970:03:16 21:45:04+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
8192

LinkerVersion
6.0

Warning
Invalid Version Info block

EntryPoint
0x8780

InitializedDataSize
4096

SubsystemVersion
4.0

ImageVersion
1.0

OSVersion
4.0

UninitializedDataSize
24576

File identification
MD5 d6aed23d0088f70cb91634f72ad2777e
SHA1 50a2d85ab242b49b28b5c51f3d580f7d126f1b7d
SHA256 fc6949bd068c482ec6dc5c0e308f9c7c106ce0cee369c708188c1ee7c96616e5
ssdeep
6144:2Nl2LQY1+jdVEqgWwhFPsT4Y8bLBbJfFxd0PVLOm:2/TY1+vlxwEZ8bLDra5V

File size 300.0 KB ( 307200 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 EXE Yoda's Crypter (67.9%)
Win32 Executable Generic (21.8%)
Generic Win/DOS Executable (5.1%)
DOS Executable Generic (5.1%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe upx

VirusTotal metadata
First submission 2012-08-23 14:36:06 UTC ( 6 years, 6 months ago )
Last submission 2012-08-23 14:36:06 UTC ( 6 years, 6 months ago )
File names d6aed23d0088f70cb91634f72ad
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Hooking activity
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.