Download Link: hxxp://78.109.28.150/clear.exe
File Name: clear.exe
File size: 26112 bytes
MD5...: e844d38aeec5cc69619fe9ee04f419b7
SHA1..: 2faf81123a8051ea5c84ccfc4c057d5700d63a07
SHA256: b79c05c4eec83372d7384a7d7039ff12f3fe6fd953d6f4ed62bd45cc1806b669
SHA512: 426228c4fc4727e9634a839c4933599f51bb54a28e3be9acab3c0ff1130f2db1
27ce0bc86ccacd8bc9bca4552d66bdb1c2fa9fd6138bbaa8ed2f04ec9dcae536

VirusTotal Result: 11/31 (35.48%)
Scanned on 05.10.2008 23:19:21 (CET)
AntiVir 7.8.0.17 2008.05.09 TR/Dldr.Agent.rzf
CAT-QuickHeal 9.50 2008.05.10 (Suspicious) - DNAScan
eSafe 7.0.15.0 2008.05.07 Suspicious File
Ikarus T3.1.1.26.0 2008.05.10 Trojan-Downloader.Agent.rzf
Kaspersky 7.0.0.125 2008.05.10 Heur.Trojan.Generic
Panda 9.0.0.4 2008.05.10 Suspicious file
Prevx1 V2 2008.05.10 Malicious Software
Sophos 4.29.0 2008.05.10 Mal/Dropper-O
Sunbelt 3.0.1097.0 2008.05.07 VIPRE.Suspicious
Symantec 10 2008.05.10 Packed.Generic.110
Webwasher-Gateway 6.6.2 2008.05.09 Trojan.Dldr.Agent.rzf

PE Structure information

( base data )
entrypointaddress.: 0x401674
timedatestamp.....: 0x2a425e19 (Fri Jun 19 22:22:17 1992)
machinetype.......: 0x14c (I386)

( 6 sections )
name viradd virsiz rawdsiz ntrpy md5
Z_28 0x1000 0x694 0x800 7.08 0017b36ebde1c83f6ba17ef786f13bfd
eB 0x2000 0x4 0x200 0.07 1d7d80e8b5ce8c86e7c833467964b6ae
Os8 0x3000 0x79 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
z4KZ 0x4000 0x4c 0x200 0.55 f92a452f5f10e98926cfd03166475a78
eF 0x5000 0x74 0x200 1.77 c18a2870039bcefa1a509d4213ddcbf7
cm_lmh 0x6000 0x6000 0x5400 7.85 ac93e329019001d50ab56b16b674cf40

( 1 imports )
> kernel32.dll: DeleteAtom