× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 07812a73a188913807b78249d12cde12a63dbf1aac8b678dc286cac69d4c459f
File name: ferer
Detection ratio: 56 / 62
Analysis date: 2017-06-13 09:45:50 UTC ( 3 months, 1 week ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKD.2399255 20170613
AegisLab Troj.W32.VBKrypt.sbeg!c 20170613
AhnLab-V3 Trojan/Win32.Bulta.R148838 20170613
ALYac Trojan.GenericKD.2399255 20170613
Antiy-AVL Trojan/Win32.VBKrypt 20170613
Arcabit Trojan.Generic.D249C17 20170613
Avast Win32:Malware-gen 20170613
AVG Win32:Malware-gen 20170613
Avira (no cloud) TR/Dropper.VB.31496 20170613
AVware Trojan.Win32.Generic!BT 20170613
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9991 20170613
BitDefender Trojan.GenericKD.2399255 20170613
Bkav W32.Cloddba.Trojan.a86d 20170613
CAT-QuickHeal Trojan.Emotet 20170613
Comodo TrojWare.Win32.Emotet.~SH 20170613
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20170420
Cyren W32/Emotet.D.gen!Eldorado 20170613
DrWeb Trojan.Emotet.89 20170613
Emsisoft Trojan.GenericKD.2399255 (B) 20170613
Endgame malicious (high confidence) 20170612
ESET-NOD32 Win32/Emotet.AD 20170613
F-Prot W32/Emotet.D.gen!Eldorado 20170613
F-Secure Trojan.GenericKD.2399255 20170613
Fortinet W32/Emotet.AD!tr 20170613
GData Win32.Trojan.Emotet.W 20170613
Ikarus Trojan.Win32.Bulta 20170613
Sophos ML heuristic 20170607
Jiangmin Trojan/VBKrypt.ifio 20170613
K7AntiVirus Trojan ( 004b8c611 ) 20170613
K7GW Trojan ( 004b8c611 ) 20170613
Kaspersky Trojan.Win32.VBKrypt.sbeg 20170613
Malwarebytes Trojan.Agent.HDLGen 20170613
McAfee Emotet-FGNI!5CECC66A44F7 20170613
McAfee-GW-Edition BehavesLike.Win32.VBObfus.dh 20170613
Microsoft Trojan:Win32/Emotet.G 20170613
eScan Trojan.GenericKD.2399255 20170613
NANO-Antivirus Trojan.Win32.VBKrypt.drqedp 20170613
nProtect Trojan/W32.VBKrypt.205851.B 20170613
Palo Alto Networks (Known Signatures) generic.ml 20170613
Panda Trj/Genetic.gen 20170612
Qihoo-360 HEUR/QVM03.0.Malware.Gen 20170613
SentinelOne (Static ML) static engine - malicious 20170516
Sophos AV Troj/VB-IPJ 20170613
SUPERAntiSpyware Trojan.Agent/Gen-Bot 20170613
Symantec W32.Cridex.B 20170613
Tencent Win32.Trojan.Vbkrypt.Tapo 20170613
TheHacker Trojan/Emotet.ag 20170612
TrendMicro TSPY_EMOTET.XXRH 20170613
TrendMicro-HouseCall TSPY_EMOTET.XXRH 20170613
VBA32 SScope.Malware-Cryptor.Zbot 20170612
VIPRE Trojan.Win32.Generic!BT 20170613
ViRobot Trojan.Win32.Agent.205851[h] 20170613
Webroot Trojan.Dropper.Gen 20170613
Yandex Trojan.VBKrypt!FiNPZDhw6xA 20170608
Zillya Trojan.VBKrypt.Win32.247096 20170612
ZoneAlarm by Check Point Trojan.Win32.VBKrypt.sbeg 20170613
Alibaba 20170613
ClamAV 20170613
CMC 20170613
Kingsoft 20170613
Rising 20170609
Symantec Mobile Insight 20170613
TotalDefense 20170613
Trustlook 20170613
WhiteArmor 20170608
Zoner 20170613
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Product wash, professional cleaning and food industry > Corporate website .
Original name ferer.exe
Internal name ferer
File version 2.07.0216
Description wash, professional cleaning and food industry > Corporate website .
Comments wash, professional cleaning and food industry > Corporate website .
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-05-12 05:38:30
Entry Point 0x00001430
Number of sections 3
PE sections
Overlays
MD5 93f8e881577e33e08beb33732a092d03
File type data
Offset 163840
Size 42011
Entropy 7.82
PE imports
_adj_fdivr_m64
__vbaGenerateBoundsError
_allmul
__vbaGet3
_adj_fprem
__vbaAryMove
__vbaObjVar
__vbaRedim
Ord(537)
_adj_fdiv_r
__vbaObjSetAddref
Ord(100)
__vbaHresultCheckObj
_CIlog
__vbaVarLateMemCallLd
_adj_fptan
__vbaFileClose
__vbaAryCopy
__vbaFreeStr
Ord(631)
__vbaVarNot
__vbaFreeStrList
_adj_fdiv_m16i
EVENT_SINK_QueryInterface
Ord(516)
__vbaI4Str
__vbaLenBstr
Ord(525)
_adj_fdiv_m32i
Ord(717)
__vbaExceptHandler
__vbaSetSystemError
DllFunctionCall
__vbaUbound
__vbaVarSetObjAddref
__vbaFreeVar
__vbaBoolVarNull
__vbaLbound
__vbaFileOpen
_CIsin
Ord(711)
__vbaAryLock
EVENT_SINK_Release
__vbaOnError
_adj_fdivr_m32i
__vbaStrCat
__vbaChkstk
__vbaStrCmp
Ord(570)
__vbaAryUnlock
__vbaVarLateMemSt
__vbaStrVarCopy
__vbaVar2Vec
__vbaFreeVarList
__vbaExitProc
__vbaAryConstruct2
__vbaFreeObj
_adj_fdivr_m32
__vbaVarTstGt
_CIcos
Ord(713)
__vbaVarMove
__vbaErrorOverflow
__vbaNew2
__vbaAryDestruct
__vbaStrMove
_adj_fprem1
Ord(563)
_adj_fdiv_m32
Ord(685)
_adj_fpatan
EVENT_SINK_AddRef
__vbaStrCopy
__vbaFPException
__vbaAryVar
_adj_fdivr_m16i
__vbaVarAdd
_adj_fdiv_m64
__vbaUI1I4
__vbaVargVar
__vbaUI1I2
_CIsqrt
_CIatan
__vbaLateMemCall
__vbaObjSet
_CIexp
_CItan
Ord(598)
Number of PE resources by type
RT_ICON 6
RT_STRING 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 8
DUTCH BELGIAN 1
PE resources
ExifTool file metadata
LegalTrademarks
wash, professional cleaning and food industry > Corporate website .

SubsystemVersion
4.0

Comments
wash, professional cleaning and food industry > Corporate website .

LinkerVersion
6.0

ImageVersion
2.7

FileSubtype
0

FileVersionNumber
2.7.0.216

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

FileDescription
wash, professional cleaning and food industry > Corporate website .

CharacterSet
Unicode

InitializedDataSize
57344

EntryPoint
0x1430

OriginalFileName
ferer.exe

MIMEType
application/octet-stream

FileVersion
2.07.0216

TimeStamp
2015:05:12 06:38:30+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
ferer

ProductVersion
2.07.0216

UninitializedDataSize
0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
wash, professional cleaning and food industry > Corporate website .

CodeSize
102400

ProductName
wash, professional cleaning and food industry > Corporate website .

ProductVersionNumber
2.7.0.216

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 5cecc66a44f7d893cb7a9085b923ded7
SHA1 f0fd23027888e0e990b8dfd36eb20bed172755c2
SHA256 07812a73a188913807b78249d12cde12a63dbf1aac8b678dc286cac69d4c459f
ssdeep
3072:GjDKetSzNQNvrmatMYQOF77wouvWBFqDKetSzNQNvrmatMYQOF77woulOOzGajVo:Es7VMrK

authentihash 85df754a8263bddbb8575e3477cedcd9a11e07602dba5db91141c43fc874d074
imphash 73cfd7ee4d9d0ea2289aadc5b2c32b54
File size 201.0 KB ( 205851 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (69.4%)
Win64 Executable (generic) (23.3%)
Win32 Executable (generic) (3.8%)
Generic Win/DOS Executable (1.6%)
DOS Executable Generic (1.6%)
Tags
peexe overlay

VirusTotal metadata
First submission 2015-05-12 06:28:52 UTC ( 2 years, 4 months ago )
Last submission 2016-05-24 19:28:19 UTC ( 1 year, 3 months ago )
File names Status_zu_Sendung_009348467373265__12_05_2015___lang___De_de___00_05_17___Message__ID12_DHL.xex
Status_zu_Sendung_009348467373265__12_05_2015___lang___De_de___00_05_17___Message__ID12_DHL.exe
07812A73A188913807B78249D12CDE12A63DBF1AAC8B678DC286CAC69D4C459F.exe
Status_zu_Sendung_009348467373265__12_05_2015___lang___De_de___00_05_17___Message__ID12_DHL.exe_
output.69135687.txt
ferer.exe
07812a73a188913807b78249d12cde12a63dbf1aac8b678dc286cac69d4c459f.exe.000
ab67346e2b4409aa2617edf144f84b2.exe
69135687
Status_zu_Sendung_009348467373265__12_05_2015___lang___De_de___00_05_17___Message__ID12_DHL.ex
ferer
6d2de024c4fe94d0642baa95d20550f8.exe
9049.exe
Status_zu_Sendung_009348467373265__12_05_2015___lang___De_de___00_05_17___Message__ID12_DHL_exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!