× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 0585d77de917fd72f3a938ebd349d1035abca3e6e4d40bc240594202348f6cbd
File name: RnmOvNz
Detection ratio: 60 / 67
Analysis date: 2017-10-23 16:06:19 UTC ( 11 months ago )
Antivirus Result Update
Ad-Aware Gen:Variant.VBInject.5 20171023
AegisLab Troj.W32.Jorik.SdBot.fs!c 20171023
AhnLab-V3 Dropper/Win32.VB.R2461 20171023
ALYac Gen:Variant.VBInject.5 20171023
Antiy-AVL Trojan[Backdoor]/Win32.SdBot 20171023
Arcabit Trojan.VBInject.5 20171023
Avast Win32:Rebhip-AC [Trj] 20171023
AVG Win32:Rebhip-AC [Trj] 20171023
Avira (no cloud) TR/SpamBot.Q 20171023
AVware LooksLike.Win32.Malware!vb (v) 20171023
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9978 20171023
BitDefender Gen:Variant.VBInject.5 20171023
Bkav W32.Ltzqai308QJ.Trojan 20171023
CAT-QuickHeal Trojan.Jorik.gp3 20171020
ClamAV Win.Trojan.VB-67958 20171023
CMC Trojan.Win32.Jorik.SdBot!O 20171023
Comodo Heur.Suspicious 20171023
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20171016
Cylance Unsafe 20171023
Cyren W32/Swizzor-based!Maximus 20171023
DrWeb Trojan.Click.50748 20171023
eGambit malicious_confidence_99% 20171023
Emsisoft Gen:Variant.VBInject.5 (B) 20171023
Endgame malicious (high confidence) 20171016
ESET-NOD32 IRC/SdBot 20171023
F-Prot W32/Swizzor-based!Maximus 20171023
F-Secure Gen:Variant.VBInject.5 20171023
Fortinet W32/Injector.VOX!tr 20171023
GData Gen:Variant.VBInject.5 20171023
Ikarus Trojan.Win32.Jorik 20171023
Sophos ML heuristic 20170914
Jiangmin Backdoor/SdBot.mlx 20171023
K7AntiVirus Backdoor ( 04c51a4c1 ) 20171023
K7GW Backdoor ( 04c51a4c1 ) 20171023
Kaspersky Trojan.Win32.VBKrypt.voex 20171023
MAX malware (ai score=86) 20171023
McAfee W32/IRCbot.gen.a 20171023
McAfee-GW-Edition W32/IRCbot.gen.a 20171023
Microsoft Exploit:Win32/ShellCode 20171023
eScan Gen:Variant.VBInject.5 20171023
NANO-Antivirus Trojan.Win32.Jorik.dwgkct 20171023
nProtect Trojan/W32.Jorik.86016.AD 20171023
Panda Trj/Jorik.H 20171023
Qihoo-360 Win32/Trojan.315 20171023
Rising Malware.Heuristic!ET#100% (RDM+:cmRtazqj7sTEzmbIOPtCFgC5OvIo) 20171023
SentinelOne (Static ML) static engine - malicious 20171019
Sophos AV Troj/Ircbrute-J 20171023
Symantec W32.Pilleuz 20171023
Tencent Win32.Backdoor.Sdbot.Pfsr 20171023
TheHacker Trojan/VB.gen 20171017
TotalDefense Win32/IRCBot.IWF 20171023
TrendMicro TROJ_IRCBRUTE.CH 20171023
TrendMicro-HouseCall TROJ_IRCBRUTE.CH 20171023
VBA32 SScope.Trojan.VB.01040 20171023
VIPRE LooksLike.Win32.Malware!vb (v) 20171023
ViRobot Trojan.Win32.Jorik.86016.C 20171023
Webroot W32.Malware.Gen 20171023
Yandex Trojan.IRCBrute!A4mqFTa/904 20171021
Zillya Trojan.Jorik.Win32.1742 20171021
ZoneAlarm by Check Point Trojan.Win32.VBKrypt.voex 20171023
Alibaba 20170911
Avast-Mobile 20171023
Kingsoft 20171023
Malwarebytes 20171023
Palo Alto Networks (Known Signatures) 20171023
SUPERAntiSpyware 20171023
Symantec Mobile Insight 20171011
Trustlook 20171023
WhiteArmor 20171016
Zoner 20171023
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Product RnmOvNz
Original name RnmOvNz.exe
Internal name RnmOvNz
File version 2.04
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2010-10-17 19:52:23
Entry Point 0x00001090
Number of sections 3
PE sections
PE imports
EVENT_SINK_QueryInterface
Ord(608)
__vbaExceptHandler
Ord(632)
MethCallEngine
DllFunctionCall
Ord(644)
Ord(665)
EVENT_SINK_Release
Ord(100)
EVENT_SINK_AddRef
Ord(598)
Ord(516)
Number of PE resources by type
RT_ICON 2
Struct(101) 1
Struct(143) 1
Struct(147) 1
Struct(146) 1
Struct(127) 1
Struct(144) 1
Struct(145) 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 3
BRETON NEUTRAL 1
ESPERANTO NEUTRAL 1
WALON NEUTRAL 1
INVARIANT NEUTRAL 1
WELSH NEUTRAL 1
ENGLISH US 1
CORNISH NEUTRAL 1
DIVEHI NEUTRAL 1
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
6.0

ImageVersion
2.4

FileSubtype
0

FileVersionNumber
2.4.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

CharacterSet
Unicode

InitializedDataSize
36864

EntryPoint
0x1090

OriginalFileName
RnmOvNz.exe

MIMEType
application/octet-stream

FileVersion
2.04

TimeStamp
2010:10:17 20:52:23+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
RnmOvNz

ProductVersion
2.04

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
GbpcOqML

CodeSize
45056

ProductName
RnmOvNz

ProductVersionNumber
2.4.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 bb3183f37b3d0dc78ddcf29face61650
SHA1 37b0b88f402c10eb720c216735e674017319cf96
SHA256 0585d77de917fd72f3a938ebd349d1035abca3e6e4d40bc240594202348f6cbd
ssdeep
1536:bBs0c1XA8Ge23U91Pvk9cyvQCUwljFf+NW4s:bxiQpy109cyvjtld

authentihash 5dfc36a005c9505c7000e36cbc0bb969fcc4bda84862025fe72908e3f0885419
imphash 3718be4ca963513b7f4189b38be4061f
File size 84.0 KB ( 86016 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (90.6%)
Win32 Executable (generic) (4.9%)
Generic Win/DOS Executable (2.2%)
DOS Executable Generic (2.2%)
Tags
peexe

VirusTotal metadata
First submission 2010-10-18 02:08:13 UTC ( 7 years, 11 months ago )
Last submission 2010-11-21 01:24:48 UTC ( 7 years, 10 months ago )
File names RnmOvNz
xifNDG.scr
RnmOvNz.exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!