× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 040893ed8b3ebf483f6892d1c0818c76bbb8d95b27736de8b31e3d6a84834e45
File name: BYVAZID1MIRBOILO7
Detection ratio: 26 / 50
Analysis date: 2014-02-20 14:41:50 UTC ( 3 years, 3 months ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKD.1573325 20140220
AntiVir TR/Dropper.VB.11448 20140220
AVG Zbot.FUH 20140220
BitDefender Trojan.GenericKD.1573325 20140220
Bkav HW32.CDB.B3aa 20140220
ByteHero Virus.Win32.Heur.p 20140220
Emsisoft Trojan.GenericKD.1573325 (B) 20140220
ESET-NOD32 Win32/Spy.Zbot.AAO 20140220
F-Secure Trojan.GenericKD.1573325 20140220
Fortinet W32/Zbot.ROLG!tr 20140220
GData Trojan.GenericKD.1573325 20140220
Kaspersky Trojan-Spy.Win32.Zbot.rolg 20140220
Kingsoft Win32.Troj.Generic.a.(kcloud) 20140220
Malwarebytes Trojan.LVBP 20140220
McAfee Artemis!500F2864E2C8 20140220
McAfee-GW-Edition Artemis!500F2864E2C8 20140220
Microsoft PWS:Win32/Zbot 20140220
eScan Trojan.GenericKD.1573325 20140220
nProtect Trojan.GenericKD.1573325 20140220
Panda Trj/CI.A 20140220
Qihoo-360 HEUR/Malware.QVM03.Gen 20140220
Sophos Mal/Generic-S 20140220
Symantec WS.Reputation.1 20140220
TrendMicro TROJ_FORUCON.BMC 20140220
TrendMicro-HouseCall TROJ_FORUCON.BMC 20140220
VIPRE Trojan.Win32.Generic!BT 20140220
Yandex 20140219
AhnLab-V3 20140220
Antiy-AVL 20140219
Avast 20140220
Baidu-International 20140220
CAT-QuickHeal 20140220
ClamAV 20140220
CMC 20140220
Commtouch 20140220
Comodo 20140220
DrWeb 20140220
F-Prot 20140220
Ikarus 20140220
Jiangmin 20140220
K7AntiVirus 20140219
K7GW 20140219
NANO-Antivirus 20140220
Norman 20140220
Rising 20140219
SUPERAntiSpyware 20140220
TheHacker 20140220
TotalDefense 20140219
VBA32 20140220
ViRobot 20140220
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Publisher Flash
Product Flash game jikverc gf ds zstf gfv ik vcetu necry muny.
Original name BYVAZID1MIRBOILO7.exe
Internal name BYVAZID1MIRBOILO7
File version 1.00.0032
Comments Flash game jikverc gf ds zstf gfv ik vcetu necry muny.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-02-17 21:36:28
Entry Point 0x00001550
Number of sections 3
PE sections
PE imports
_adj_fdivr_m64
__vbaGenerateBoundsError
_allmul
__vbaGet3
_adj_fprem
Ord(596)
__vbaAryMove
__vbaObjVar
__vbaVarAnd
__vbaRedim
__vbaForEachCollObj
_adj_fdiv_r
__vbaObjSetAddref
__vbaFixstrConstruct
_adj_fdiv_m64
__vbaHresultCheckObj
__vbaAryUnlock
_CIlog
Ord(595)
__vbaVarLateMemCallLd
_adj_fptan
__vbaFileClose
__vbaAryCopy
__vbaFreeStr
__vbaStrI2
__vbaStrI4
__vbaFreeStrList
__vbaI2I4
_adj_fdiv_m16i
EVENT_SINK_QueryInterface
__vbaLenBstr
__vbaResume
__vbaRedimPreserve
__vbaCheckType
__vbaStrToUnicode
__vbaInStr
_adj_fdiv_m32i
Ord(717)
__vbaExceptHandler
__vbaSetSystemError
DllFunctionCall
__vbaUbound
__vbaFreeVar
__vbaBoolVarNull
__vbaFileOpen
Ord(526)
__vbaAryLock
EVENT_SINK_Release
__vbaVarTstEq
Ord(610)
__vbaVarLateMemCallLdRf
_adj_fdivr_m32i
__vbaStrCat
__vbaVarDup
__vbaVarLateMemCallSt
__vbaChkstk
__vbaPrintFile
__vbaLsetFixstr
Ord(570)
__vbaErase
__vbaVarLateMemSt
__vbaFreeObjList
__vbaVarCmpGt
__vbaVar2Vec
__vbaFreeVarList
__vbaStrVarMove
__vbaCastObj
__vbaExitProc
__vbaAryConstruct2
__vbaFreeObj
_adj_fdivr_m32
__vbaStrVarVal
__vbaVarSub
Ord(660)
__vbaVarTstGt
_CIcos
__vbaVarMove
__vbaErrorOverflow
__vbaNew2
__vbaLateIdSt
__vbaVarCmpEq
__vbaAryDestruct
__vbaStrMove
_adj_fprem1
_adj_fdiv_m32
__vbaLenVar
__vbaEnd
__vbaLateMemSt
__vbaOnError
_adj_fpatan
Ord(712)
__vbaStrCopy
Ord(632)
__vbaFPException
_adj_fdivr_m16i
__vbaVarAdd
Ord(100)
EVENT_SINK_AddRef
__vbaNextEachCollObj
_CIsin
_CIsqrt
__vbaVarCopy
Ord(612)
_CIatan
__vbaVarDiv
__vbaLateMemCall
__vbaObjSet
Ord(644)
__vbaVarCat
_CIexp
__vbaStrToAnsi
_CItan
Ord(598)
GetUserNameA
TextOutA
CallWindowProcW
InternetGetLastResponseInfoA
Number of PE resources by type
RT_ICON 3
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 4
ENGLISH US 1
PE resources
ExifTool file metadata
jikvercgfdszstfgfvikvcetunecrymuny
nProductName

SubsystemVersion
4.0

Comments
Flash game jikverc gf ds zstf gfv ik vcetu necry muny.

InitializedDataSize
12288

ImageVersion
1.0

FileVersionNumber
1.0.0.32

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

CharacterSet
Unicode

LinkerVersion
6.0

AZID1MIRBOILO7
T,OriginalFilename

MIMEType
application/octet-stream

TimeStamp
2014:02:17 22:36:28+01:00

FileType
Win32 EXE

PEType
PE32

shgamejikvercgfdszstfgfvikvcetunecrymuny
4FileVersion

FileAccessDate
2014:02:20 15:41:45+01:00

UninitializedDataSize
0

OSVersion
4.0

FileCreateDate
2014:02:20 15:41:45+01:00

FileOS
Win32

Subsystem
Windows GUI

Tag00032
D$InternalName

MachineType
Intel 386 or later, and compatibles

CompanyName
Flash

CodeSize
32768

FileSubtype
0

ProductVersionNumber
1.0.0.32

EntryPoint
0x1550

ObjectFileType
Executable application

File identification
MD5 500f2864e2c8883f7dab4988b64bd170
SHA1 d674047d7b3e4c37d7f3d52e17b06587a3acf07c
SHA256 040893ed8b3ebf483f6892d1c0818c76bbb8d95b27736de8b31e3d6a84834e45
ssdeep
6144:T2b+770BoPUMQQ/aJO40i7DNnG/puHZazxNilTqlT2yFrUUR76V:T6kQaJK7DMNiZUT2cwq7i

imphash e43c63bdf1f7f59ea3d098b0dd8621e7
File size 264.1 KB ( 270446 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (84.4%)
Win32 Dynamic Link Library (generic) (6.7%)
Win32 Executable (generic) (4.6%)
Generic Win/DOS Executable (2.0%)
DOS Executable Generic (2.0%)
Tags
peexe

VirusTotal metadata
First submission 2014-02-18 18:13:17 UTC ( 3 years, 3 months ago )
Last submission 2014-02-18 19:50:43 UTC ( 3 years, 3 months ago )
File names BYVAZID1MIRBOILO7.exe
d674047d7b3e4c37d7f3d52e17b06587a3acf07c
x32c123.exe
BYVAZID1MIRBOILO7
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!