a-squared 4.5.0.50 2010.04.29 Trojan.Win32.Agent.bcn!A2
AhnLab-V3 2010.04.29.05 2010.04.29 -
AntiVir 8.2.1.224 2010.04.29 -
Antiy-AVL 2.0.3.7 2010.04.29 -
Authentium 5.2.0.5 2010.04.29 -
Avast 4.8.1351.0 2010.04.29 -
Avast5 5.0.332.0 2010.04.29 -
AVG 9.0.0.787 2010.04.29 -
BitDefender 7.2 2010.04.29 -
CAT-QuickHeal 10.00 2010.04.29 -
ClamAV 0.96.0.3-git 2010.04.29 -
Comodo 4710 2010.04.29 -
DrWeb 5.0.2.03300 2010.04.29 -
eSafe 7.0.17.0 2010.04.28 -
eTrust-Vet 35.2.7457 2010.04.29 -
F-Prot 4.5.1.85 2010.04.28 -
F-Secure 9.0.15370.0 2010.04.29 Suspicious:W32/Malware!Gemini
Fortinet 4.0.14.0 2010.04.27 -
GData 21 2010.04.29 -
Ikarus T3.1.1.80.0 2010.04.29 -
Jiangmin 13.0.900 2010.04.29 -
Kaspersky 7.0.0.125 2010.04.29 -
McAfee 5.400.0.1158 2010.04.29 -
McAfee-GW-Edition 6.8.5 2010.04.29 Heuristic.BehavesLike.Win32.Packed.C
Microsoft 1.5703 2010.04.29 -
NOD32 5071 2010.04.29 -
Norman 6.04.12 2010.04.29 -
nProtect 2010-04-29.01 2010.04.29 -
Panda 10.0.2.7 2010.04.28 Suspicious file
PCTools 7.0.3.5 2010.04.29 -
Prevx 3.0 2010.04.29 -
Rising 22.45.03.03 2010.04.29 -
Sophos 4.53.0 2010.04.29 -
Sunbelt 6235 2010.04.28 -
Symantec 20091.2.0.41 2010.04.29 -
TheHacker 6.5.2.0.272 2010.04.28 -
TrendMicro 9.120.0.1004 2010.04.29 -
VBA32 3.12.12.4 2010.04.29 -
ViRobot 2010.4.27.2295 2010.04.28 -
VirusBuster 5.0.27.0 2010.04.29 -
Additional information
File size: 293841 bytes
MD5 : b9ef0a9af4e9af9d446010571685f551
SHA1 : bdc439596c1ef5d88fac37404a9b8230789330e4
SHA256: 03632157ccf6f6a4372ba5c04dedf8cb663bc7563134bdc033 ed73d15f4b9f37
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0xB2B80
timedatestamp.....: 0x4BC81615 (Fri Apr 16 09:47:33 2010)
machinetype.......: 0x14C (Intel I386)
( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
UPX0 0x1000 0x70000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
UPX1 0x71000 0x42000 0x41E00 7.93 9527e3cf441cec70aff61655baedfd4c
.rsrc 0xB3000 0x2000 0x1A00 4.96 7786cf8dae0136f71e1ece17b2eb8ae8
( 16 imports )
> advapi32.dll: GetAce
> comctl32.dll: ImageList_Remove
> comdlg32.dll: GetSaveFileNameW
> gdi32.dll: LineTo
> kernel32.dll: LoadLibraryA, GetProcAddress, VirtualProtect, VirtualAlloc, VirtualFree, ExitProcess
> mpr.dll: WNetGetConnectionW
> ole32.dll: CoInitialize
> oleaut32.dll: -
> psapi.dll: EnumProcesses
> shell32.dll: DragFinish
> user32.dll: GetDC
> userenv.dll: LoadUserProfileW
> version.dll: VerQueryValueW
> wininet.dll: FtpOpenFileW
> winmm.dll: timeGetTime
> wsock32.dll: -
( 0 exports )
TrID : File type identification
UPX compressed Win32 Executable (39.5%)
Win32 EXE Yoda's Crypter (34.3%)
Win32 Executable Generic (11.0%)
Win32 Dynamic Link Library (generic) (9.8%)
Generic Win/DOS Executable (2.5%)
Symantec reputation: Suspicious.Insight
ssdeep: 6144:M1db49+rEg024fpLZazEjvE/rbay19tSt4bO2BaDmeBJe59683Rms:MjkArEN249AyE/rbaMct4bO2/V6ARV
sigcheck: publisher....: n/a
copyright....: n/a
product......: n/a
description..:
original name: n/a
internal name: n/a
file version.: 3, 3, 6, 1
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
PEiD : -
packers (Kaspersky): PE_Patch.UPX, UPX
packers (F-Prot): UPX
RDS : NSRL Reference Data Set
-
