backup.exe file analysis
--------------------------------------------------
Antivirus Version Last Update Result
AhnLab-V3 2008.6.13.1 2008.06.15 -
AntiVir 7.8.0.55 2008.06.15 TR/Crypt.XPACK.Gen
Authentium 5.1.0.4 2008.06.15 W32/Heuristic-210!Eldorado
Avast 4.8.1195.0 2008.06.15 -
AVG 7.5.0.516 2008.06.15 SHeur.BOZS
BitDefender 7.2 2008.06.15 Packer.Krunchy.A
CAT-QuickHeal 9.50 2008.06.14 (Suspicious) - DNAScan
ClamAV 0.92.1 2008.06.15 PUA.Packed.Krunchy
DrWeb 4.44.0.09170 2008.06.15 Trojan.Packed.162
eSafe 7.0.15.0 2008.06.15 -
eTrust-Vet 31.6.5873 2008.06.14 -
Ewido 4.0 2008.06.15 -
F-Prot 4.4.4.56 2008.06.12 W32/Heuristic-210!Eldorado
F-Secure 6.70.13260.0 2008.06.15 Trojan-Proxy.Win32.Agent.aon
Fortinet 3.14.0.0 2008.06.15 -
GData 2.0.7306.1023 2008.06.15 Trojan-Proxy.Win32.Agent.aon
Ikarus T3.1.1.26.0 2008.06.15 Packer.Krunchy.A
McAfee 5317 2008.06.13 -
Microsoft 1.3604 2008.06.15 -
NOD32v2 3188 2008.06.15 -
Norman 5.80.02 2008.06.13 W32/Smalltroj.EUPX
Panda 9.0.0.4 2008.06.15 Suspicious file
Prevx1 V2 2008.06.15 Malicious Software
Rising 20.48.62.00 2008.06.15 -
Sophos 4.30.0 2008.06.15 Mal/EncPk-BP
Sunbelt 3.0.1153.1 2008.06.15 -
Symantec 10 2008.06.15 -
TheHacker 6.2.92.350 2008.06.14 -
VBA32 3.12.6.7 2008.06.14 Trojan-Downloader.Win32.Delf.czz
VirusBuster 4.3.26:9 2008.06.12 Packed/FRBR
Webwasher-Gateway 6.6.2 2008.06.15 Trojan.Crypt.XPACK.Gen
Additional information
File size: 32256 bytes
MD5...: 12b191f592fcc5af78ca244fe60331f8
SHA1..: c14d3b295437a3f5b6c7862bee5d1fce172050c4
SHA256: 6bc6d4c5e1cf771b9e2845b0821628fd4084e8e009b1a2f4465c80964db6a537
SHA512: 5bd5019f405014ddec5a640decd99c16070b14acbcd24bdc16b9f32aeb5f6696
fba74c2e206b2080f9540e98918a70ff5a813cbe2e4159351dc37280bf5d60d9
PEiD..: kkrunchy -> Ryd
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x3e7bd5
timedatestamp.....: 0x472db526 (Sun Nov 04 12:03:50 2007)
machinetype.......: 0x14c (I386)
( 1 sections )
name viradd virsiz rawdsiz ntrpy md5
kkrunchy 0x1000 0x39bdb 0x6e00 7.99 e7241db9b20b13a1ca442378732fd8cc
( 1 imports )
> KERNEL32.DLL: LoadLibraryA, GetProcAddress
( 0 exports )
Prevx info:
http://info.prevx.com/aboutprogramtext.asp?PX5=65139B7700ABEEEA7EAE002544FDD000BCC4CB9F packers (F-Prot): Malware_Prot.J
packers (Authentium): Malware_Prot.J
-----------------------------------------------------------------------
sorry for that misunderstanding ^^