× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 08618cdeb3bfacf17a07e8bef7702c5965d5b39286f70fe868ca17e0ce17480c
File name: Planilha.exe
Detection ratio: 52 / 67
Analysis date: 2018-02-16 06:16:06 UTC ( 8 months, 1 week ago )
Antivirus Result Update
Ad-Aware Gen:Trojan.Heur.ZGY.7 20180216
AegisLab W32.W.Generic!c 20180216
AhnLab-V3 Downloader/Win32.Genome.R210164 20180215
Avast Win32:VBCrypt-AEB [Trj] 20180216
AVG Win32:VBCrypt-AEB [Trj] 20180216
Avira (no cloud) TR/Virtool.Vbcrypt.EF.74 20180215
AVware Trojan.Win32.VBInject.gen (v) 20180216
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9921 20180208
BitDefender Gen:Trojan.Heur.ZGY.7 20180216
ClamAV Win.Trojan.Banbra-1037 20180216
Comodo TrojWare.Win32.TrojanDownloader.VB.vvd 20180216
CrowdStrike Falcon (ML) malicious_confidence_60% (D) 20170201
Cybereason malicious.30ce48 20180205
Cylance Unsafe 20180216
Cyren W32/Backdoor.BING-1922 20180216
DrWeb Trojan.PWS.Banker1.984 20180216
eGambit Unsafe.AI_Score_95% 20180216
Emsisoft Gen:Trojan.Heur.ZGY.7 (B) 20180216
Endgame malicious (high confidence) 20180214
ESET-NOD32 Win32/Spy.Bancos.OIX 20180216
F-Prot W32/Backdoor2.HQAZ 20180216
F-Secure Gen:Trojan.Heur.ZGY.7 20180216
Fortinet W32/Banbra.APBG!tr 20180216
GData Gen:Trojan.Heur.ZGY.7 20180216
Ikarus Trojan-PWS.Banker6 20180215
Sophos ML heuristic 20180121
K7AntiVirus Trojan ( 003d23081 ) 20180216
K7GW Trojan ( 003d23081 ) 20180216
Kaspersky Worm.Win32.WBNA.ajvv 20180216
MAX malware (ai score=100) 20180216
McAfee Artemis!53CBB1A30CE4 20180216
McAfee-GW-Edition BehavesLike.Win32.Trojan.dm 20180216
Microsoft Trojan:Win32/Camec.B 20180216
eScan Gen:Trojan.Heur.ZGY.7 20180216
NANO-Antivirus Trojan.Win32.Banbra.uszde 20180216
Panda Generic Malware 20180215
Qihoo-360 Malware.Radar01.Gen 20180216
Rising Malware.Undefined!8.C (TFE:3:7qCb5DpPApH) 20180216
Sophos AV Mal/Generic-L 20180216
Symantec Trojan.Gen 20180216
Tencent Win32.Worm.Wbna.Swlf 20180216
TheHacker Trojan/Spy.Bancos.oix 20180213
TotalDefense Win32/Camec.AZ 20180216
TrendMicro TSPY_BANKER.PRJ 20180216
TrendMicro-HouseCall TSPY_BANKER.PRJ 20180216
VBA32 TrojanBanker.Banbra 20180215
VIPRE Trojan.Win32.VBInject.gen (v) 20180216
ViRobot Trojan.Win32.A.Banbra.1015808 20180216
Webroot W32.Rogue.Gen 20180216
Yandex TrojanSpy.Bancos!WqUtc8wyYgI 20180214
Zillya Trojan.Bancos.Win32.11194 20180215
ZoneAlarm by Check Point Worm.Win32.WBNA.ajvv 20180216
Alibaba 20180209
ALYac 20180216
Arcabit 20180216
Avast-Mobile 20180215
Bkav 20180212
CAT-QuickHeal 20180216
CMC 20180216
Jiangmin 20180216
Kingsoft 20180216
Malwarebytes 20180216
nProtect 20180216
Palo Alto Networks (Known Signatures) 20180216
SentinelOne (Static ML) 20180115
SUPERAntiSpyware 20180216
Symantec Mobile Insight 20180215
Trustlook 20180216
WhiteArmor 20180205
Zoner 20180216
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Product Project1
Original name REs.exe
Internal name REs
File version 1.00
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-03-06 02:29:59
Entry Point 0x00001574
Number of sections 3
PE sections
PE imports
_adj_fdivr_m64
__vbaGenerateBoundsError
_allmul
_adj_fprem
__vbaAryMove
__vbaObjVar
Ord(537)
__vbaVarSetObj
_adj_fdiv_r
__vbaObjSetAddref
Ord(100)
__vbaHresultCheckObj
__vbaI2Var
__vbaR8Str
_CIlog
Ord(595)
_adj_fptan
__vbaFileClose
Ord(581)
__vbaI4Var
__vbaFreeVar
__vbaFreeStr
Ord(631)
__vbaStrI2
__vbaFreeStrList
__vbaI2I4
_adj_fdiv_m16i
EVENT_SINK_QueryInterface
Ord(516)
__vbaLenBstr
Ord(594)
_adj_fdiv_m32i
Ord(600)
__vbaFreeVarg
__vbaExceptHandler
DllFunctionCall
__vbaFileOpen
Ord(608)
__vbaPowerR8
__vbaNew
EVENT_SINK_Release
Ord(593)
Ord(667)
Ord(716)
__vbaOnError
_adj_fdivr_m32i
__vbaStrCat
__vbaVarDup
__vbaChkstk
__vbaPrintFile
__vbaStrCmp
__vbaBoolVar
__vbaFreeObjList
__vbaVar2Vec
__vbaVarForNext
__vbaFreeVarList
__vbaStrVarMove
Ord(626)
__vbaCastObj
__vbaExitProc
__vbaVarTstNe
__vbaVarXor
Ord(618)
__vbaLateMemCallLd
__vbaFreeObj
_adj_fdivr_m32
__vbaStrVarVal
__vbaVarTstGt
_CIcos
__vbaVarMove
__vbaFPInt
__vbaErrorOverflow
__vbaNew2
__vbaR8IntI4
__vbaAryDestruct
__vbaStrMove
_adj_fprem1
_adj_fdiv_m32
Ord(560)
__vbaEnd
__vbaPutOwner3
Ord(685)
Ord(572)
_adj_fpatan
EVENT_SINK_AddRef
__vbaVarForInit
__vbaVarVargNofree
__vbaStrCopy
__vbaFPException
_adj_fdivr_m16i
__vbaVarAdd
_adj_fdiv_m64
_CIsin
_CIsqrt
__vbaVarCopy
_CIatan
__vbaLateMemCall
_CItan
Ord(529)
Ord(613)
__vbaObjSet
__vbaVarCat
_CIexp
__vbaFpR8
__vbaFpI4
Ord(598)
__vbaFpI2
Number of PE resources by type
RT_ICON 12
CUSTOM 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 13
PORTUGUESE BRAZILIAN 1
ENGLISH US 1
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
6.0

ImageVersion
1.0

FileSubtype
0

FileVersionNumber
1.0.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

CharacterSet
Unicode

InitializedDataSize
987136

EntryPoint
0x1574

OriginalFileName
REs.exe

MIMEType
application/octet-stream

FileVersion
1.0

TimeStamp
2012:03:06 03:29:59+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
REs

ProductVersion
1.0

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
24576

ProductName
Project1

ProductVersionNumber
1.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 53cbb1a30ce483593f4d28a20e2ffc0f
SHA1 8d0ff23da79681cec422d14c04195724be15984e
SHA256 08618cdeb3bfacf17a07e8bef7702c5965d5b39286f70fe868ca17e0ce17480c
ssdeep
6144:mTK2TRn5ACubiMs/3qbrV3nsvE3tgHbXejrHv7H77HX7z//TTn3Y7iLMDmlA2xue:mDtnQCPjJO3NfCUjSOAS0wWNF8OYJ

authentihash 499622186744480e4a359a280d6da0df9d94f64b1d4a68a575cc52261d04d7d6
imphash 89342988cd90ff663980a203d160576a
File size 992.0 KB ( 1015808 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Windows ActiveX control (48.2%)
Win32 Executable Microsoft Visual Basic 6 (34.0%)
Win64 Executable (generic) (11.4%)
Win32 Dynamic Link Library (generic) (2.7%)
Win32 Executable (generic) (1.8%)
Tags
peexe

VirusTotal metadata
First submission 2012-03-14 18:25:28 UTC ( 6 years, 7 months ago )
Last submission 2018-02-16 06:16:06 UTC ( 8 months, 1 week ago )
File names Planilha.exe.vir
R47bA3Z.msc
53CBB1A30CE483593F4D28A20E2FFC0F
08618cdeb3bfacf17a07e8bef7702c5965d5b39286f70fe868ca17e0ce17480c
1327487
Planilha.exe
8d0ff23da79681cec422d14c04195724be15984e.exe
output.1327487.txt
file
REs.exe
Planilha.exe-dNZ4my
224086_8d0ff23da79681cec422d14c04195724be15984e_Planilha.ex
REs
Co9tcY0.bmp
aa
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!