× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 0548d6d61e87042c0c078e8ac69f56b89e33a2361abf09176653ad0d636b8bdc
File name: 23E7785ACD24B724226592105977F614
Detection ratio: 44 / 56
Analysis date: 2016-05-16 13:05:38 UTC ( 2 years, 9 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.2690567 20160516
AegisLab DangerousObject.Multi.Generic!c 20160516
AhnLab-V3 Trojan/Win32.Bublik 20160516
ALYac Trojan.GenericKD.2690567 20160516
Antiy-AVL Trojan/Win32.TSGeneric 20160516
Arcabit Trojan.Generic.D290E07 20160516
Avast Win32:Malware-gen 20160516
AVG VBCrypt.GEK 20160516
AVware Trojan.Win32.Generic!BT 20160511
Baidu Win32.Trojan.WisdomEyes.151026.9950.9999 20160516
BitDefender Trojan.GenericKD.2690567 20160516
Bkav W32.Clod6fc.Trojan.090d 20160516
Comodo Backdoor.Win32.Leenstic.~AA 20160516
Cyren W32/Trojan.RVIV-3089 20160516
DrWeb Trojan.Qhost.4469 20160516
Emsisoft Trojan.Win32.QHost (A) 20160516
ESET-NOD32 Win32/Qhost.PLQ 20160516
F-Secure Trojan.GenericKD.2690567 20160516
Fortinet W32/Qhost.PLQ!tr 20160516
GData Trojan.GenericKD.2690567 20160516
Ikarus Backdoor.Win32.Leenstic 20160516
K7AntiVirus Trojan ( 004c8d161 ) 20160516
K7GW Trojan ( 004c8d161 ) 20160516
Kaspersky HEUR:Trojan.Win32.Generic 20160516
Malwarebytes Backdoor.Bot 20160516
McAfee RDN/Generic Qhost 20160516
McAfee-GW-Edition BehavesLike.Win32.PWSZbot.ch 20160516
Microsoft Trojan:Win32/Bagsu!rfn 20160516
eScan Trojan.GenericKD.2690567 20160516
NANO-Antivirus Trojan.Win32.Qhost.dvxhrj 20160516
nProtect Trojan.GenericKD.2690567 20160513
Panda Trj/Genetic.gen 20160515
Qihoo-360 HEUR/QVM03.0.Malware.Gen 20160516
Sophos AV Mal/Generic-S 20160516
SUPERAntiSpyware Trojan.Agent/Gen-Injector 20160516
Symantec Trojan.Gen.2 20160516
Tencent Win32.Trojan.Generic.Hsix 20160516
TheHacker Trojan/Qhost.plq 20160516
TrendMicro TROJ_LEENSTIC.A 20160516
TrendMicro-HouseCall TROJ_LEENSTIC.A 20160516
VIPRE Trojan.Win32.Generic!BT 20160516
ViRobot Trojan.Win32.Z.Qhost.180224.A[h] 20160516
Yandex Trojan.Qhost!7pcinIojiEA 20160515
Zillya Trojan.Qhost.Win32.16025 20160516
Alibaba 20160516
Baidu-International 20160516
CAT-QuickHeal 20160516
ClamAV 20160516
CMC 20160516
F-Prot 20160516
Jiangmin 20160516
Kingsoft 20160516
Rising 20160516
TotalDefense 20160516
VBA32 20160516
Zoner 20160516
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-09-30 10:11:05
Entry Point 0x000013D8
Number of sections 3
PE sections
PE imports
_adj_fdiv_m32
__vbaChkstk
__vbaVarDup
__vbaAryLock
EVENT_SINK_QueryInterface
_allmul
Ord(516)
__vbaStrMove
_adj_fdivr_m64
__vbaErase
_adj_fprem
__vbaLenBstr
Ord(685)
_adj_fpatan
__vbaFreeObjList
Ord(681)
__vbaUI1Str
Ord(717)
__vbaMidStmtBstr
__vbaExceptHandler
__vbaSetSystemError
__vbaFreeVarList
Ord(632)
__vbaRedim
DllFunctionCall
__vbaFPException
__vbaAryVar
__vbaStrVarMove
__vbaPowerR8
Ord(578)
__vbaVar2Vec
_adj_fdiv_r
Ord(100)
__vbaDerefAry1
__vbaFreeVar
__vbaVarTstNe
_adj_fprem1
__vbaI2Str
Ord(619)
_CItan
__vbaFreeObj
__vbaFileOpen
_adj_fdiv_m64
__vbaStrBool
__vbaHresultCheckObj
__vbaStrVarVal
_CIsin
Ord(711)
Ord(606)
__vbaStrCopy
_CIsqrt
EVENT_SINK_Release
Ord(713)
__vbaFreeStr
_adj_fptan
__vbaGet3
__vbaFileClose
Ord(581)
__vbaI4Var
_CIcos
__vbaAryUnlock
__vbaObjSet
__vbaAryCopy
_CIlog
_CIatan
Ord(608)
__vbaNew2
Ord(644)
__vbaVarCat
_adj_fdivr_m32i
Ord(631)
__vbaAryDestruct
_CIexp
__vbaStrI2
__vbaStrToAnsi
__vbaStrI4
_adj_fdivr_m32
__vbaStrCat
Ord(537)
__vbaFreeStrList
__vbaI2I4
__vbaFpI2
CallWindowProcW
Number of PE resources by type
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 1
ENGLISH US 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2012:09:30 11:11:05+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
28672

LinkerVersion
6.0

FileTypeExtension
exe

InitializedDataSize
147456

SubsystemVersion
4.0

EntryPoint
0x13d8

OSVersion
4.0

ImageVersion
6.544

UninitializedDataSize
0

Compressed bundles
File identification
MD5 23e7785acd24b724226592105977f614
SHA1 02357cfc31f56d3a98e6fc08e50807dfe12681f3
SHA256 0548d6d61e87042c0c078e8ac69f56b89e33a2361abf09176653ad0d636b8bdc
ssdeep
3072:nc858tsyqPlOW+SekvAc0+SPlOWEXTOWY0tSPlOW+S40+SPlOW+S40+SPlOW+S40:nhzyqPfekv0vPOMPfvvPfvvPfvvPfvvv

authentihash d6cc5c6c44e85251011ec3641beceff97f426cf358b7c2427f8f9bd78172f539
imphash e0889cd332ec944b8fed722a0432c9e4
File size 176.0 KB ( 180224 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (88.6%)
Win32 Executable (generic) (4.8%)
OS/2 Executable (generic) (2.1%)
Generic Win/DOS Executable (2.1%)
DOS Executable Generic (2.1%)
Tags
peexe

VirusTotal metadata
First submission 2015-08-31 09:14:17 UTC ( 3 years, 5 months ago )
Last submission 2018-05-19 23:47:52 UTC ( 9 months, 1 week ago )
File names 23e7785acd24b724226592105977f614
23e7785acd24b724226592105977f614.vir
609484.exe
23e7785acd24b724226592105977f614
23e7785acd24b724226592105977f614
02357cfc31f56d3a98e6fc08e50807dfe12681f3.exe
binary
23e7785acd24b724226592105977f614
bTHfgz.msc
Botoness1.exe
23E7785ACD24B724226592105977F614
372476.exe
Botoness1.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Opened mutexes
Hooking activity
Runtime DLLs
Additional details
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.