× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 0788ac0e420e82201b202f7f00dc2d1b2808f8eaa5c31cae8000db5a47d5d915
File name: Deporter
Detection ratio: 43 / 57
Analysis date: 2016-12-06 22:36:49 UTC ( 3 months, 2 weeks ago )
Antivirus Result Update
Ad-Aware Gen:Heur.Jatif.47 20161206
AegisLab Troj.Spy.W32.Zbot.rnoc!c 20161206
AhnLab-V3 Trojan/Win32.VBKrypt.R97326 20161206
ALYac Gen:Heur.Jatif.47 20161206
Arcabit Trojan.Jatif.47 20161206
Avast Win32:Evo-gen [Susp] 20161206
AVG Generic_vb.AHN 20161206
Avira (no cloud) TR/Dropper.VB.bqlc 20161206
AVware Trojan.Win32.Zbot.pj (v) 20161206
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9994 20161206
BitDefender Gen:Heur.Jatif.47 20161206
Bkav W32.Clod1c8.Trojan.5a0e 20161206
CAT-QuickHeal TrojanSpy.Zbot.AS3 20161206
Comodo UnclassifiedMalware 20161206
CrowdStrike Falcon (ML) malicious_confidence_90% (W) 20161024
DrWeb Trojan.PWS.Panda.2401 20161206
Emsisoft Gen:Heur.Jatif.47 (B) 20161206
ESET-NOD32 a variant of Win32/Injector.AYZD 20161206
F-Secure Gen:Heur.Jatif.47 20161206
Fortinet W32/VB.ALO!tr 20161206
GData Gen:Heur.Jatif.47 20161206
Ikarus Win32.SuspectCrc 20161206
Invincea backdoor.win32.fynloski.k 20161202
Jiangmin TrojanSpy.Zbot.ffdp 20161206
K7AntiVirus Trojan ( 004b20061 ) 20161206
K7GW Trojan ( 004b20061 ) 20161206
Kaspersky Trojan-Spy.Win32.Zbot.rnoc 20161206
Malwarebytes Trojan.DorkBot.ED 20161206
McAfee Generic-FAUS!7046FD20679A 20161205
McAfee-GW-Edition Generic-FAUS!7046FD20679A 20161206
eScan Gen:Heur.Jatif.47 20161206
NANO-Antivirus Trojan.Win32.Zbot.cuhrvn 20161206
Panda Generic Malware 20161206
Qihoo-360 Win32/Trojan.Spy.295 20161206
Rising Trojan.Generic-K8d0VOYj6nF (cloud) 20161206
Sophos Mal/Generic-S 20161206
Symantec Heur.AdvML.C 20161206
Tencent Win32.Trojan-spy.Zbot.Aedy 20161206
TrendMicro TSPY_ZBOT.YYDDG 20161206
TrendMicro-HouseCall TSPY_ZBOT.YYDDG 20161206
VIPRE Trojan.Win32.Zbot.pj (v) 20161206
Yandex TrojanSpy.Zbot!9b9nAeCr20g 20161206
Zillya Trojan.Blocker.Win32.31968 20161205
Alibaba 20161206
Antiy-AVL 20161206
ClamAV 20161206
CMC 20161206
Cyren 20161206
F-Prot 20161206
Kingsoft 20161206
Microsoft 20161206
nProtect 20161206
SUPERAntiSpyware 20161206
TheHacker 20161130
TotalDefense 20161206
Trustlook 20161206
VBA32 20161206
ViRobot 20161206
WhiteArmor 20161125
Zoner 20161206
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Product Shtooks asyntrop pseudolo fagald
Original name Deporter.exe
Internal name Deporter
File version 1.04.0006
Signature verification The digital signature of the object did not verify.
Signing date 11:36 PM 12/6/2016
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-02-09 13:10:34
Entry Point 0x0000132C
Number of sections 3
PE sections
Overlays
MD5 f57cb9c93fa0237bd0e516334c5a126f
File type data
Offset 540672
Size 3089
Entropy 7.63
PE imports
_adj_fdiv_m32
__vbaChkstk
DllFunctionCall
__vbaLenVar
EVENT_SINK_Release
__vbaEnd
__vbaGenerateBoundsError
_allmul
_adj_fdivr_m64
Ord(527)
_adj_fprem
Ord(617)
_adj_fpatan
EVENT_SINK_AddRef
__vbaCyStr
_adj_fdiv_m32i
__vbaStrCopy
__vbaExceptHandler
__vbaSetSystemError
__vbaFpCy
__vbaStrCmp
__vbaFPException
__vbaStrVarMove
_adj_fdivr_m16i
_adj_fdiv_r
Ord(100)
__vbaFreeVar
_adj_fprem1
Ord(519)
_adj_fdiv_m64
__vbaFreeObj
__vbaHresultCheckObj
_CIsqrt
_CIsin
_CIlog
_CIcos
Ord(713)
EVENT_SINK_QueryInterface
_adj_fptan
__vbaI2Var
Ord(610)
Ord(582)
__vbaVarMove
Ord(703)
_CIatan
Ord(540)
__vbaNew2
_adj_fdivr_m32i
_CIexp
__vbaStrMove
Ord(588)
_adj_fdivr_m32
__vbaStrCat
_CItan
Ord(609)
Ord(598)
__vbaFreeStr
_adj_fdiv_m16i
Number of PE resources by type
RT_ICON 7
RT_MENU 2
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 8
ENGLISH US 3
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
6.0

ImageVersion
1.4

FileSubtype
0

FileVersionNumber
1.4.0.6

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

CharacterSet
Unicode

InitializedDataSize
401408

EntryPoint
0x132c

OriginalFileName
Deporter.exe

MIMEType
application/octet-stream

FileVersion
1.04.0006

TimeStamp
2014:02:09 14:10:34+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Deporter

ProductVersion
1.04.0006

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
CyberLink Downloader

CodeSize
151552

ProductName
Shtooks asyntrop pseudolo fagald

ProductVersionNumber
1.4.0.6

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 7046fd20679a44fa9c8fa97c5789794e
SHA1 840f31d80d5c90f9580c83bec2fff2a213532c50
SHA256 0788ac0e420e82201b202f7f00dc2d1b2808f8eaa5c31cae8000db5a47d5d915
ssdeep
12288:CTWVBIy3yy4vWVBIy3yyQYOJ7B34jbUSyZUNi+:WqB3YqB36Yq6brpI+

authentihash 3aff120c0eba65aab5c10b84115266c046e6625ef06b6756bc09904e1e075e1e
imphash 1f0ffad886792ea1ae80e82215e1059f
File size 531.0 KB ( 543761 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (84.4%)
Win32 Dynamic Link Library (generic) (6.7%)
Win32 Executable (generic) (4.6%)
Generic Win/DOS Executable (2.0%)
DOS Executable Generic (2.0%)
Tags
peexe overlay

VirusTotal metadata
First submission 2014-02-12 08:17:32 UTC ( 3 years, 1 month ago )
Last submission 2016-07-17 10:03:16 UTC ( 8 months, 1 week ago )
File names Deporter
adeola.exe
Deporter.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Code injections in the following processes
Terminated processes
Opened mutexes
Hooking activity
Runtime DLLs
Additional details
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.