Micky, I did mail the file to virus@avast.com from gmail. Though the file was gzipped, gmail said it would not allow an exe so I renamed it to .blah and sent it across. By the way, f-prot is currently scanning my windows partitions and I came across another virus ignored by Avast. I ran it through virustotal again and it said it had already been checked in the past. I’m going to have a nervous breakdown if more viruses unseen by Avast pop up!
The results are below:
File fakedel.exe received on 2009.02.26 19:07:27 (UTC)
Antivirus Version Last Update Result
a-squared 4.0.0.101 2009.02.26 Joke.Win32.FakeDelete!IK
AntiVir 7.9.0.93 2009.02.26 JOKE/DelWindows
Authentium 5.1.0.4 2009.02.26 W32/Hupigon.HEG
Avast 4.8.1335.0 2009.02.25 -
AVG 8.0.0.237 2009.02.26 -
BitDefender 7.2 2009.02.26 Application.Joke.Fakedel.A
CAT-QuickHeal 10.00 2009.02.26 -
ClamAV 0.94.1 2009.02.26 Joke.DelWindows.A
Comodo 986 2009.02.20 -
DrWeb 4.44.0.09170 2009.02.26 Joke.WinDel
eSafe 7.0.17.0 2009.02.26 Suspicious File
eTrust-Vet 31.6.6375 2009.02.26 -
F-Prot 4.4.4.56 2009.02.26 W32/Hupigon.HEG
F-Secure 8.0.14470.0 2009.02.26 -
Fortinet 3.117.0.0 2009.02.26 Joke/Fakedel
GData 19 2009.02.26 Application.Joke.Fakedel.A
Ikarus T3.1.1.45.0 2009.02.26 Joke.Win32.FakeDelete
K7AntiVirus 7.10.648 2009.02.26 -
Kaspersky 7.0.0.125 2009.02.26 -
McAfee 5537 2009.02.26 potentially unwanted program Joke-FakeDel
McAfee+Artemis 5537 2009.02.26 potentially unwanted program Joke-FakeDel
Microsoft 1.4306 2009.02.26 Joke:Win32/FakeDelete
NOD32 3893 2009.02.26 probably a variant of Win32/Hupigon
Norman 6.00.06 2009.02.26 GrayBird.HWQ
nProtect 2009.1.8.0 2009.02.26 -
Panda 10.0.0.10 2009.02.26 Joke/Fakedel.A
PCTools 4.4.2.0 2009.02.26 Backdoor.Hupigon.CDDG
Prevx1 V2 2009.02.26 Medium Risk Malware
Rising 21.18.32.00 2009.02.26 -
SecureWeb-Gateway 6.0.0 2009.02.26 Joke.DelWindows
Sophos 4.39.0 2009.02.26 Joke Delete
Sunbelt 3.2.1858.2 2009.02.25 Trojan-Dropper.DelWindows.A
Symantec 10 2009.02.26 Backdoor.Graybird
TheHacker 6.3.2.5.265 2009.02.25 -
TrendMicro 8.700.0.1004 2009.02.26 -
VBA32 3.12.10.0 2009.02.26 -
ViRobot 2009.2.26.1625 2009.02.26 -
VirusBuster 4.5.11.0 2009.02.26 Backdoor.Hupigon.CDDG
Additional information
File size: 141312 bytes
MD5 : 2edf16a6e60f469d80f7a4a727ecfc84
SHA1 : bbca32df725b02488d4ab92cf9cf6a333dc8281c
SHA256: bd0adc9a502064de070a1df1ecbb4158e41c101afc451aba339e3d82cb292756
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x2C97
timedatestamp…: 0x33CCCD55 (Wed Jul 16 15:32:05 1997)
machinetype…: 0x14C (Intel I386)
( 7 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x397E 0x3A00 6.32 14981ff00f715b4a029db820c6c0320e
.rdata 0x5000 0x93 0x200 1.82 b8a1d35f2839a820a1cc4fcec23bdeb4
.data 0x6000 0x14F5 0xC00 6.63 be1ff45607a9903bdf488698ed6c58c7
.idata 0x8000 0x868 0xA00 4.57 07f838824e87dc7d9eb95d01d83b4969
.rsrc 0x9000 0x504 0x600 3.11 ae2f69aa92dbc0b37b47923f376a027f
.reloc 0xA000 0x76C 0x800 5.98 8b37d9be627e11b3c87d414194283818
winzip 0xB000 0x1D000 0x1C400 8.00 ce9a307ba763308e9652bdedf16bdd05
( 3 imports )
> gdi32.dll: SetBkColor, SetTextAlign, GetTextExtentPoint32A, GetBkColor, SetTextColor, DeleteObject, ExtTextOutA, CreateDCA, GetDeviceCaps, CreateFontIndirectA, DeleteDC, SelectObject
> kernel32.dll: CreateDirectoryA, _lwrite, RtlUnwind, SetFileTime, GetModuleHandleA, SetErrorMode, GetCommandLineA, GetTempPathA, GetModuleFileNameA, GetVersion, GetWindowsDirectoryA, LocalFree, GlobalUnlock, LocalAlloc, GlobalFree, GlobalAlloc, GlobalHandle, GetProfileStringA, lstrcmpiA, GlobalLock, _llseek, _lclose, WinExec, lstrlenA, _lread, _lopen, FindClose, FindFirstFileA, SetCurrentDirectoryA, _lcreat, lstrcpyA, lstrcatA, LocalFileTimeToFileTime, DosDateTimeToFileTime
> user32.dll: DefWindowProcA, GetClientRect, GetSystemMetrics, BeginPaint, GetSysColor, SetWindowWord, SetRect, EndPaint, RegisterClassA, UpdateWindow, GetWindowWord, LoadCursorA, OemToCharA, OemToCharBuffA, EnableWindow, SetWindowTextA, SendMessageA, ShowWindow, PostMessageA, GetLastActivePopup, KillTimer, SetTimer, GetWindowRect, DialogBoxIndirectParamA, SetCursor, SetWindowPos, GetDlgItemTextA, EndDialog, GetKeyState, PeekMessageA, TranslateMessage, DispatchMessageA, GetParent, SetDlgItemTextA, SendDlgItemMessageA, GetDlgItem, InvalidateRect, wsprintfA, MessageBoxA
( 0 exports )
TrID : File type identification
Winzip Win32 self-extracting archive (generic) (53.3%)
Win32 Executable Generic (19.7%)
Win32 Dynamic Link Library (generic) (17.5%)
Generic Win/DOS Executable (4.6%)
DOS Executable Generic (4.6%)
ssdeep: 3072:DzQt5Vbfm4xP/LNcyoj7VTyIzXZ6llUjqneMav55dlO3jJp0fZiSGuYQ:8/bu4xP/DWT/6laOnsqzJerFY
Prevx Info: http://info.prevx.com/aboutprogramtext.asp?PX5=83E53D670032BEC5D6EF01EAA2FBA50031E7590C
PEiD : WinZip (32-bit) 6.x
packers (Kaspersky): ASPack
packers (F-Prot): ZIP
CWSandbox: http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=2edf16a6e60f469d80f7a4a727ecfc84
packers (Authentium): ZIP
RDS : NSRL Reference Data Set