Jump to content

UltraSurf


Guest Bugen
 Share

Recommended Posts

DETECTION C:\Users\*****\Downloads\u\u1103.exe Trojan.Agent

Has to do with proxies. http://ultrareach.com/

http://www.virustotal.com/file-scan/report.html?id=0c6b0c57b33d031a0e4937022c1ee1f180692740251e8c8339a5b449219e5bb9-1323701294

Antivirus results

AhnLab-V3 - 2011.12.11.00 - 2011.12.12 - -

AntiVir - 7.11.19.67 - 2011.12.12 - -

Antiy-AVL - 2.0.3.7 - 2011.12.12 - NetTool/Win32.UltraSurf.gen

Avast - 6.0.1289.0 - 2011.12.12 - -

AVG - 10.0.0.1190 - 2011.12.12 - -

BitDefender - 7.2 - 2011.12.12 - -

ByteHero - 1.0.0.1 - 2011.12.07 - -

CAT-QuickHeal - 12.00 - 2011.12.12 - NetTool.UltraSurf.ku (Not a Virus)

ClamAV - 0.97.3.0 - 2011.12.12 - -

Commtouch - 5.3.2.6 - 2011.12.11 - W32/MalCrypt.E.gen!Eldorado

Comodo - 10932 - 2011.12.12 - -

DrWeb - 5.0.2.03300 - 2011.12.12 - Trojan.DownLoader5.18271

Emsisoft - 5.1.0.11 - 2011.12.12 - Packed.Win32.Themida.AMN!A2

eSafe - 7.0.17.0 - 2011.12.11 - -

eTrust-Vet - 37.0.9619 - 2011.12.12 - -

F-Prot - 4.6.5.141 - 2011.12.12 - W32/MalCrypt.E.gen!Eldorado

F-Secure - 9.0.16440.0 - 2011.12.12 - -

Fortinet - 4.3.388.0 - 2011.12.12 - -

GData - 22 - 2011.12.12 - -

Ikarus - T3.1.1.109.0 - 2011.12.12 - -

Jiangmin - 13.0.900 - 2011.12.12 - -

K7AntiVirus - 9.119.5640 - 2011.12.09 - -

Kaspersky - 9.0.0.837 - 2011.12.12 - not-a-virus:NetTool.Win32.UltraSurf.ku

McAfee - 5.400.0.1158 - 2011.12.12 - -

McAfee-GW-Edition - 2010.1E - 2011.12.12 - -

Microsoft - 1.7903 - 2011.12.12 - -

NOD32 - 6704 - 2011.12.12 - a variant of Win32/Packed.Themida

Norman - 6.07.13 - 2011.12.12 - -

nProtect - 2011-12-12.01 - 2011.12.12 - -

Panda - 10.0.3.5 - 2011.12.11 - Trj/CI.A

PCTools - 8.0.0.5 - 2011.12.12 - -

Prevx - 3.0 - 2011.12.12 - -

Rising - 23.88.00.02 - 2011.12.12 - -

Sophos - 4.72.0 - 2011.12.12 - -

SUPERAntiSpyware - 4.40.0.1006 - 2011.12.10 - -

Symantec - 20111.2.0.82 - 2011.12.12 - -

TheHacker - 6.7.0.1.356 - 2011.12.11 - -

TrendMicro - 9.500.0.1008 - 2011.12.12 - ADW_SCANNER

TrendMicro-HouseCall - 9.500.0.1008 - 2011.12.12 - ADW_SCANNER

VBA32 - 3.12.16.4 - 2011.12.12 - -

VIPRE - 11239 - 2011.12.12 - Trojan.Win32.Generic!BT

ViRobot - 2011.12.12.4821 - 2011.12.12 - Trojan.Win32.S.Themida.1249280

VirusBuster - 14.1.111.0 - 2011.12.12 - HackTool.UltraSurf!icgEMaAh37E

File info:

MD5 : 0fa5a44db46d695514eb288203ed3f15

SHA1 : 08a234aa86036fcd1a208994b88668ee5ac0b851

SHA256: 0c6b0c57b33d031a0e4937022c1ee1f180692740251e8c8339a5b449219e5bb9

ssdeep: 24576:2htOJF7fjodcrAh2LbBa4QhdvdL6sgMUQhG+oomy0r0DO/:2LO3LjouAh2LbOLdLAqooE

File size : 1249280 bytes

First seen: 2011-11-23 04:31:17

Last seen : 2011-12-12 14:48:14

Magic: MS-DOS executable PE for MS Windows (GUI) Intel 80386 32-bit

TrID:

Win32 Dynamic Link Library (generic) (65.4%)

Generic Win/DOS Executable (17.2%)

DOS Executable Generic (17.2%)

Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)

sigcheck:

publisher....: n/a

copyright....: n/a

product......: n/a

description..: n/a

original name: n/a

internal name: n/a

file version.: n/a

comments.....: n/a

signers......: -

signing date.: -

verified.....: Unsigned

ExifTool:

file metadata

CodeSize: 348160

EntryPoint: 0x691000

FileSize: 1220 kB

FileType: Win32 EXE

ImageVersion: 0.0

InitializedDataSize: 4734976

LinkerVersion: 6.0

MIMEType: application/octet-stream

MachineType: Intel 386 or later, and compatibles

OSVersion: 4.0

PEType: PE32

Subsystem: Windows GUI

SubsystemVersion: 4.0

TimeStamp: 2011:11:23 05:20:25+01:00

UninitializedDataSize: 0

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.