Here's a Virustotal analysis:
http://www.virustotal.com/analisis/0...ecf-1245784956
Code:
File altbinz.exe received on 2009.06.23 19:22:36 (UTC
Current status: finished
Result: 22/41 (53.66%)
Antivirus Version Last Update Result
a-squared 4.5.0.18 2009.06.23 Riskware.PSWTool.Win32.Messen!IK
AhnLab-V3 5.0.0.2 2009.06.23 -
AntiVir 7.9.0.193 2009.06.23 DR/PSW.NetPass.FV.4
Antiy-AVL 2.0.3.1 2009.06.23 PSWTool/Win32.NetPass.gen
Authentium 5.1.2.4 2009.06.23 W32/Virut.AI!Generic
Avast 4.8.1335.0 2009.06.23 -
AVG 8.5.0.339 2009.06.23 Dropper.Small
BitDefender 7.2 2009.06.23 -
CAT-QuickHeal 10.00 2009.06.22 -
ClamAV 0.94.1 2009.06.23 -
Comodo 1401 2009.06.23 -
DrWeb 5.0.0.12182 2009.06.23 Tool.PassView.117
eSafe 7.0.17.0 2009.06.23 Win32.PSWTool.NetPas
eTrust-Vet 31.6.6575 2009.06.23 Win32/Inpect.10
F-Prot 4.4.4.56 2009.06.23 W32/Virut.AI!Generic
F-Secure 8.0.14470.0 2009.06.23 PSWTool.Win32.NetPass.fv
Fortinet 3.117.0.0 2009.06.23 HackerTool/Multidr
GData 19 2009.06.23 -
Ikarus T3.1.1.59.0 2009.06.23 not-a-virus:PSWTool.Win32.Messen
Jiangmin 11.0.706 2009.06.23 -
K7AntiVirus 7.10.768 2009.06.19 -
Kaspersky 7.0.0.125 2009.06.23 not-a-virus:PSWTool.Win32.NetPass.fv
McAfee 5655 2009.06.23 MultiDropper-BU
McAfee+Artemis 5655 2009.06.23 MultiDropper-BU
McAfee-GW-Edition 6.7.6 2009.06.23 Trojan.Dropper.PSW.NetPass.FV.4
Microsoft 1.4803 2009.06.23 -
NOD32 4181 2009.06.23 probably unknown CRYPT.WIN32
Norman 6.01.09 2009.06.23 -
nProtect 2009.1.8.0 2009.06.23 -
Panda 10.0.0.16 2009.06.23 -
PCTools 4.4.2.0 2009.06.22 -
Prevx 3.0 2009.06.23 Medium Risk Malware Dropper
Rising 21.35.14.00 2009.06.23 -
Sophos 4.42.0 2009.06.23 Mal/Generic-A
Sunbelt 3.2.1858.2 2009.06.23 VIPRE.Suspicious
Symantec 1.4.4.12 2009.06.23 -
TheHacker 6.3.4.3.351 2009.06.22 -
TrendMicro 8.950.0.1094 2009.06.23 -
VBA32 3.12.10.7 2009.06.23 -
ViRobot 2009.6.23.1800 2009.06.23 Not_a_virus:PSWTool.Messen.2343936
VirusBuster 4.6.5.0 2009.06.23 Win32.Vundo.EX
Additional information
File size: 2343936 bytes
MD5...: ef8bc3ea83f3989c4b8c196f65c3a4bf
SHA1..: 753e0e7e77f9f1ebed85929f9099a669a88aee13
SHA256: 08d8af59c3c2ec6d2814be7eeb5f3037b1a8de9f6ae9c889a0a45feb8c758ecf
ssdeep: 49152:3zWSyrROgSo0R1OJgna0CAup3a2CFUlhnQycgI8y5AP0jveNU:3zWhRjCn
G3aIVQFJYg
PEiD..: -
TrID..: File type identification
Win32 EXE Yoda's Crypter (64.5%)
Win32 Executable Generic (20.7%)
Win16/32 Executable Delphi generic (5.0%)
Generic Win/DOS Executable (4.8%)
DOS Executable Generic (4.8%)
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x4760bc
timedatestamp.....: 0x2a425e19 (Fri Jun 19 22:22:17 1992)
machinetype.......: 0x14c (I386)
( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
0x1000 0x32c000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
0x32d000 0x13b000 0x13a800 8.00 82dada95a1a5032c894e315af113d144
.rsrc 0x468000 0x102000 0x101800 7.99 1404b74b6b616af57b377b1b9bc5f7db
( 15 imports )
> KERNEL32.DLL: GetTempPathA, GetTempFileNameA, CreateFileA, WriteFile, CloseHandle, GetStartupInfoA, CreateProcessA, GetModuleHandleA, LoadLibraryA, GetProcAddress, VirtualProtect, VirtualAlloc, VirtualFree, ExitProcess
> advapi32.dll: RegFlushKey
> comctl32.dll: ImageList_Add
> comdlg32.dll: ChooseFontA
> crypt32.dll: CertFreeCertificateContext
> gdi32.dll: SaveDC
> imm32.dll: ImmGetContext
> ole32.dll: DoDragDrop
> oleaut32.dll: VariantCopy
> shell32.dll: DragFinish
> SHFolder.dll: SHGetFolderPathA
> user32.dll: GetDC
> version.dll: VerQueryValueA
> winmm.dll: PlaySoundA
> winspool.drv: OpenPrinterA
( 0 exports )
PDFiD.: -
RDS...: NSRL Reference Data Set
-
packers (Kaspersky): UPX, UPX, UPX, PE_Patch.UPX, UPX, UPX
Prevx info: <a href='http://info.prevx.com/aboutprogramtext.asp?PX5=4EAE4F40006F3399C4D023C86CF809001ADD86A1' target='_blank'>http://info.prevx.com/aboutprogramtext.asp?PX5=4EAE4F40006F3399C4D023C86CF809001ADD86A1</a>
As you can see, only about half the anti-virus apps flagged it.
Bookmarks