aajxit.exe: Result: 31/33 (93.94%)
Loading server information...
Your file is queued in position: ___.
Estimated start time is between ___ and ___ .
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Compact
Print results Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.
You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email:
Antivirus Version Last Update Result
AhnLab-V3 2008.6.13.1 2008.06.16 Win32/IRCBot.worm.Gen
AntiVir 7.8.0.55 2008.06.16 Worm/Rbot.210944
Authentium 5.1.0.4 2008.06.16 W32/Ircbot.1!Generic
Avast 4.8.1195.0 2008.06.15 Win32:DCom-F
AVG 7.5.0.516 2008.06.16 BackDoor.Agent.11.Y
BitDefender 7.2 2008.06.16 Generic.Malware.G!K!WX!!g.1E3C4782
CAT-QuickHeal 9.50 2008.06.14 Backdoor.Rbot.aea
ClamAV 0.93.1 2008.06.16 Exploit.DCOM.Gen
DrWeb 4.44.0.09170 2008.06.16 Win32.HLLW.MyBot.based
eSafe 7.0.15.0 2008.06.15 -
eTrust-Vet 31.6.5878 2008.06.16 Win32/Rbot!generic
Ewido 4.0 2008.06.16 Backdoor.Rbot.aea
F-Prot 4.4.4.56 2008.06.12 W32/Ircbot.1!Generic
F-Secure 6.70.13260.0 2008.06.16 W32/Backdoor
Fortinet 3.14.0.0 2008.06.16 -
GData 2.0.7306.1023 2008.06.16 Backdoor.Win32.Rbot.aea
Ikarus T3.1.1.26.0 2008.06.16 Backdoor.Win32.Rbot.aeu
Kaspersky 7.0.0.125 2008.06.16 Backdoor.Win32.Rbot.aea
McAfee 5317 2008.06.13 W32/Sdbot.worm.gen.g
Microsoft 1.3604 2008.06.16 Backdoor:Win32/Rbot.gen
NOD32v2 3191 2008.06.16 a variant of Win32/Rbot
Norman 5.80.02 2008.06.16 W32/Backdoor
Panda 9.0.0.4 2008.06.15 W32/Gaobot.gen.worm
Prevx1 V2 2008.06.16 Suspicious
Rising 20.49.02.00 2008.06.16 Backdoor.SdBot.vdd
Sophos 4.30.0 2008.06.16 W32/Rbot-Fam
Sunbelt 3.0.1153.1 2008.06.15 Backdoor.Rbot
Symantec 10 2008.06.16 W32.Spybot.Worm
TheHacker 6.2.92.351 2008.06.16 W32/SdBot.worm.gen
TrendMicro 8.700.0.1004 2008.06.16 WORM_SPYBOT.GEN
VBA32 3.12.6.7 2008.06.16 suspected of Backdoor.xBot.1 (paranoid heuristics)
VirusBuster 4.3.26:9 2008.06.12 Worm.RBot.Gen.5
Webwasher-Gateway 6.6.2 2008.06.16 Worm.Rbot.210944
Additional information
File size: 337999 bytes
MD5...: f14f8ea00d6cf22025bf6f6e81d892f5
SHA1..: 3fb657e6c7acdc7893db6ce3558faceb838525e3
SHA256: 395af7da8e737c4441c2e6dc4850a37614d63862d0b62dedb82a07f634690739
SHA512: b25b521df00518a4d4881e5d7fa7ce84f0b2e07f3944f10d3ce4cc003cd8fc62
353cec9b93ef15faf7f9b0ab182c7e3fa7aa22667c7f01d05cf4d5bd2d5a7967
PEiD..: InstallShield 2000
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x4253d0
timedatestamp.....: 0x477b39d1 (Wed Jan 02 07:14:25 2008)
machinetype.......: 0x14c (I386)
( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x3ca2f 0x3cc00 6.20 52ed25731b8ca45450dc2318ce63f5a1
.rdata 0x3e000 0x1fa8 0x2000 5.88 d75c06da22bdff01419dd56008734f3f
.data 0x40000 0x3b9e8 0xea00 4.89 e752818b40e1ab8767039d70582c17c5
.idata 0x7c000 0xe8c 0x1000 5.24 5b563fd69393d6427e10e1889e71c0b0
.reloc 0x7d000 0x3c6a 0x3e00 6.59 0b0bc1c8800355df7b892db945cee5d6
( 2 imports )
> USER32.dll: wsprintfA
> KERNEL32.dll: CreateMutexA, SetEnvironmentVariableA, GetLastError, Sleep, CreateThread, GetModuleFileNameA, ExitThread, LeaveCriticalSection, EnterCriticalSection, GetTickCount, InitializeCriticalSectionAndSpinCount, DeleteCriticalSection, GetLocalTime, CloseHandle, WriteFile, CreateFileA, ReadFile, SetFilePointer, GetFileSize, GetSystemDirectoryA, MultiByteToWideChar, TransactNamedPipe, QueryPerformanceCounter, QueryPerformanceFrequency, ExitProcess, CreateProcessA, FindClose, FindNextFileA, FindFirstFileA, FreeLibrary, GetEnvironmentVariableW, GetProcAddress, LoadLibraryA, HeapFree, HeapAlloc, GetProcessHeap, FileTimeToSystemTime, FileTimeToLocalFileTime, VirtualQueryEx, ReadProcessMemory, GetSystemInfo, OpenProcess, GetTimeFormatA, GetDateFormatA, GetFileAttributesA, GetModuleHandleA, FormatMessageA, GlobalUnlock, GlobalLock, UnmapViewOfFile, MapViewOfFile, CreateFileMappingA, SetFileTime, GetFileTime, ExpandEnvironmentStringsA, SetFileAttributesA, GetTempPathA, WideCharToMultiByte, GetComputerNameA, CopyFileA, CreateDirectoryA, GetCurrentProcess, TerminateProcess, lstrcpynA, lstrcmpA, lstrcpyA, lstrlenA, DeleteFileA, GetCurrentProcessId, WaitForSingleObject, MoveFileA, TerminateThread, GetExitCodeProcess, PeekNamedPipe, DuplicateHandle, CreatePipe, SetConsoleCtrlHandler, GetLocaleInfoA, GetVersionExA, GetLogicalDrives, WaitForMultipleObjects, GenerateConsoleCtrlEvent, GlobalMemoryStatus, IsBadWritePtr, IsBadReadPtr, HeapValidate, InterlockedDecrement, InterlockedIncrement, RtlUnwind, GetStartupInfoA, GetCommandLineA, GetVersion, DebugBreak, GetStdHandle, OutputDebugStringA, GetCurrentThreadId, TlsSetValue, TlsAlloc, TlsFree, SetLastError, TlsGetValue, GetCurrentThread, InitializeCriticalSection, FatalAppExitA, HeapReAlloc, VirtualFree, VirtualAlloc, GetEnvironmentVariableA, HeapDestroy, HeapCreate, LCMapStringA, LCMapStringW, GetCPInfo, GetACP, GetOEMCP, UnhandledExceptionFilter, FreeEnvironmentStringsA, FreeEnvironmentStringsW, GetEnvironmentStrings, GetEnvironmentStringsW, SetHandleCount, GetFileType, GetStringTypeA, GetStringTypeW, SetStdHandle, FlushFileBuffers, IsValidLocale, IsValidCodePage, EnumSystemLocalesA, GetUserDefaultLCID, SetUnhandledExceptionFilter, IsBadCodePtr, SetEndOfFile, GetTimeZoneInformation, GetLocaleInfoW, CompareStringA, CompareStringW
( 0 exports )
Norman Sandbox: [ General information ]
* **IMPORTANT: PLEASE SEND THE SCANNED FILE TO: ANALYSIS@NORMAN.NO - REMEMBER TO ENCRYPT IT (E.G. ZIP WITH PASSWORD)**.
* **Locates window \"NULL [class mIRC]\" on desktop.
* File length: 337999 bytes.
[ Changes to filesystem ]
* Creates file C:\WINDOWS\SYSTEM32\rbraci.exe.
* Deletes file 43.
[ Changes to registry ]
* Creates value \"Microsoft Update Machine\"=\"rbraci.exe\" in key \"HKLM\Software\Microsoft\Windows\CurrentVersion\Run\".
* Creates value \"Microsoft Update Machine\"=\"rbraci.exe\" in key \"HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices\".
* Creates value \"Microsoft Update Machine\"=\"rbraci.exe\" in key \"HKCU\Software\Microsoft\Windows\CurrentVersion\Run\".
[ Network services ]
* Looks for an Internet connection.
* Connects to \"shadow.incomplete-warez.com\" on port 6667 (TCP).
* Connects to IRC server.
[ Process/window information ]
* Creates a mutex 11.
* Creates process \"rbraci.exe\".
* Will automatically restart after boot (I'll be back...).
Prevx info:
http://info.prevx.com/aboutprogramtext.asp?PX5=09ADD66E4F92057C280C059D1E36590042F150CE