× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: fd618ad6467d90ff6f325df1400eda1679d8b4d830745a1ba3a8974100857ecb
File name: x1.exe-cDgELf
Detection ratio: 38 / 45
Analysis date: 2013-03-17 19:53:21 UTC ( 5 years, 6 months ago )
Antivirus Result Update
Yandex Trojan.DR.Mudrop!dLVPGySHsZo 20130317
AhnLab-V3 Dropper/Win32.Rootkit 20130317
AntiVir TR/ATRAPS.Gen2 20130317
Avast Win32:Dogrobot-C [Rtk] 20130317
AVG Dropper.Generic2.AEC 20130317
BitDefender Trojan.Agent.AQSJ 20130317
CAT-QuickHeal TrojanDropper.Mudrop.hvq 20130316
Commtouch W32/Busky.B.gen!Eldorado 20130317
Comodo TrojWare.Win32.NTRootkit.ABCD 20130317
DrWeb Trojan.MulDrop3.40590 20130317
Emsisoft Trojan.Agent.AQSJ (B) 20130317
eSafe Win32.TRATRAPS 20130313
ESET-NOD32 a variant of Win32/AntiAV.NFL 20130317
F-Prot W32/Busky.B.gen!Eldorado 20130317
F-Secure Trojan.Agent.AQSJ 20130317
Fortinet W32/Mudrop.HNN!tr 20130317
GData Trojan.Agent.AQSJ 20130317
Ikarus Trojan-Dropper.Win32.Mudrop 20130317
Jiangmin TrojanDropper.Mudrop.bou 20130317
Kaspersky Trojan-Dropper.Win32.Mudrop.hvq 20130317
Kingsoft Win32.Troj.Undef.(kcloud) 20130311
McAfee Artemis!8CB799E29A29 20130317
McAfee-GW-Edition Artemis!8CB799E29A29 20130317
Microsoft TrojanDownloader:Win32/Dogrobot.D 20130317
eScan Trojan.Agent.AQSJ 20130317
NANO-Antivirus Trojan.Win32.Mudrop.sffx 20130317
Norman Dogrobot.H 20130317
nProtect Trojan/W32.Small.43008.T 20130317
Panda Trj/Downloader.MDW 20130317
PCTools Trojan.Dropper 20130315
Sophos AV Mal/Generic-L 20130317
Symantec Trojan.Dropper 20130317
TheHacker Trojan/Dropper.Mudrop.hvq 20130315
TrendMicro TROJ_DROPPER.PNW 20130317
TrendMicro-HouseCall TROJ_DROPPER.PNW 20130317
VBA32 SScope.Trojan.Sysload.26105 20130315
VIPRE Trojan.Win32.Killav.smw (v) 20130317
ViRobot Trojan.Win32.MulDrop.43008.A 20130317
Antiy-AVL 20130317
ByteHero 20130315
ClamAV 20130317
K7AntiVirus 20130315
Malwarebytes 20130317
SUPERAntiSpyware 20130317
TotalDefense 20130317
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
Command UPX
F-PROT UPX
PEiD UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2010-04-12 07:46:05
Entry Point 0x00023F10
Number of sections 3
PE sections
PE imports
OpenProcessToken
VirtualFree
ExitProcess
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
SetupDiGetINFClassA
wsprintfA
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2010:04:12 08:46:05+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
45056

LinkerVersion
6.0

EntryPoint
0x23f10

InitializedDataSize
4096

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
102400

Compressed bundles
File identification
MD5 8cb799e29a29cdd080d2aa67941a172c
SHA1 edad7385c00f219c9849b15b24bc1cb44276346e
SHA256 fd618ad6467d90ff6f325df1400eda1679d8b4d830745a1ba3a8974100857ecb
ssdeep
768:SLFtPxgh6ySO6zYxrbRlkzxXx+HQOg/kIPuFylbIAdd3Vs8hTdXuz+TT1dhNnScg:S5tPxagOCkD6RBkCuFyVd3VLTdezoxTh

File size 42.0 KB ( 43008 bytes )
File type Win32 EXE
Magic literal
MS-DOS executable PE for MS Windows (GUI) Intel 80386 32-bit, UPX compressed

TrID UPX compressed Win32 Executable (39.5%)
Win32 EXE Yoda's Crypter (34.3%)
Win32 Executable Generic (11.0%)
Win32 Dynamic Link Library (generic) (9.8%)
Generic Win/DOS Executable (2.5%)
Tags
peexe upx

VirusTotal metadata
First submission 2010-04-19 08:53:05 UTC ( 8 years, 5 months ago )
Last submission 2013-03-17 19:53:21 UTC ( 5 years, 6 months ago )
File names 8CB799E29A29CDD080D2AA67941A172C
x1.exe-cDgELf
ezv4AUw.inf
vYsvh5tU.dll
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!