× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 0a642896b61053d068d40549b2abec4217d5b3effdf079daa4c3923e22a8d3c3
File name: 81b15c26c639b7ab2cab5a0053ec344d.exe
Detection ratio: 25 / 51
Analysis date: 2014-03-27 06:26:11 UTC ( 3 years, 1 month ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Symmi.39744 20140327
AhnLab-V3 Spyware/Win32.Zbot 20140327
Avast Win32:Zbot-TBC [Drp] 20140327
AVG Win32/VBCrypt 20140327
BitDefender Gen:Variant.Symmi.39744 20140327
Bkav HW32.CDB.9a9e 20140326
ByteHero Virus.Win32.Heur.p 20140327
CAT-QuickHeal TrojanSpy.Zbot.VB3 20140327
CMC Heur.Win32.Veebee.1!O 20140326
Commtouch W32/PWS.LHUM-3773 20140327
Emsisoft Gen:Variant.Symmi.39744 (B) 20140327
ESET-NOD32 a variant of Win32/Injector.AZID 20140327
F-Secure Gen:Variant.Symmi.39744 20140327
GData Gen:Variant.Symmi.39744 20140327
Kaspersky Trojan-Spy.Win32.Zbot.rudv 20140327
Kingsoft Win32.Troj.Zbot.ru.(kcloud) 20140327
Malwarebytes Spyware.Zbot 20140327
McAfee PWSZbot-FLW!81B15C26C639 20140327
McAfee-GW-Edition PWSZbot-FLW!81B15C26C639 20140327
Microsoft PWS:Win32/Zbot 20140327
eScan Gen:Variant.Symmi.39744 20140327
Qihoo-360 Win32/Trojan.497 20140327
Rising PE:Malware.XPACK-HIE/Heur!1.9C48 20140327
TrendMicro-HouseCall TROJ_GEN.F0D1H00CD14 20140327
VIPRE Trojan.Win32.Zbot.pj (v) 20140326
AegisLab 20140327
Yandex 20140326
AntiVir 20140327
Antiy-AVL 20140327
Baidu-International 20140326
ClamAV 20140326
Comodo 20140327
DrWeb 20140327
F-Prot 20140327
Fortinet 20140327
Ikarus 20140327
Jiangmin 20140327
K7AntiVirus 20140326
K7GW 20140326
NANO-Antivirus 20140327
Norman 20140326
nProtect 20140326
Panda 20140326
Sophos 20140327
SUPERAntiSpyware 20140327
Symantec 20140327
TheHacker 20140327
TotalDefense 20140326
TrendMicro 20140327
VBA32 20140326
ViRobot 20140327
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Harebur superocc delirifa 2003

Publisher FileZilla
Product gorgonac
Original name Maleduca.exe
Internal name Maleduca
File version 1.25.0072
Description Eriophyl ludwi
Signature verification The digital signature of the object did not verify.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-03-13 04:45:36
Entry Point 0x0000134C
Number of sections 3
PE sections
PE imports
_adj_fdiv_m32
__vbaChkstk
DllFunctionCall
EVENT_SINK_Release
__vbaEnd
__vbaGenerateBoundsError
_allmul
Ord(695)
_adj_fdivr_m64
_adj_fprem
Ord(525)
_adj_fpatan
Ord(586)
EVENT_SINK_AddRef
Ord(693)
Ord(714)
_adj_fdiv_m32i
__vbaStrCopy
__vbaExceptHandler
__vbaSetSystemError
__vbaFreeVarList
__vbaStrCmp
__vbaFPException
__vbaStrVarMove
_adj_fdivr_m16i
Ord(563)
_adj_fdiv_r
Ord(100)
__vbaUI1I2
Ord(599)
__vbaFreeVar
Ord(536)
_adj_fdiv_m64
__vbaFreeObj
_CIsin
_CIsqrt
__vbaHresultCheckObj
_CIlog
Ord(614)
__vbaI2Cy
_CIcos
Ord(595)
EVENT_SINK_QueryInterface
_adj_fptan
__vbaI2Var
__vbaFpCSngR4
__vbaI4Var
Ord(667)
__vbaVarMove
__vbaErrorOverflow
_CIatan
Ord(540)
__vbaNew2
__vbaLateIdCallLd
_adj_fdivr_m32i
Ord(631)
_CIexp
__vbaStrMove
_adj_fprem1
_adj_fdivr_m32
__vbaStrCat
_CItan
Ord(609)
__vbaI2I4
__vbaFreeStr
_adj_fdiv_m16i
Number of PE resources by type
RT_ICON 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 2
ENGLISH US 1
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
6.0

ImageVersion
1.25

FileSubtype
0

FileVersionNumber
1.25.0.72

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

CharacterSet
Unicode

InitializedDataSize
20480

FileOS
Win32

MIMEType
application/octet-stream

LegalCopyright
Harebur superocc delirifa 2003

FileVersion
1.25.0072

TimeStamp
2014:03:13 05:45:36+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Maleduca

FileAccessDate
2014:03:27 07:26:23+01:00

ProductVersion
1.25.0072

FileDescription
Eriophyl ludwi

OSVersion
4.0

FileCreateDate
2014:03:27 07:26:23+01:00

OriginalFilename
Maleduca.exe

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
FileZilla

CodeSize
282624

ProductName
gorgonac

ProductVersionNumber
1.25.0.72

EntryPoint
0x134c

ObjectFileType
Executable application

File identification
MD5 81b15c26c639b7ab2cab5a0053ec344d
SHA1 0d36e971743b02f652e144f932cf3d86765a9e19
SHA256 0a642896b61053d068d40549b2abec4217d5b3effdf079daa4c3923e22a8d3c3
ssdeep
6144:TBlNl5DjkcdWcSJRjZ1nrhO9yFJxeUATomWQF5Z:/NXVdWcSrNxJmTaO

imphash 0dc375ac5611ec7bb9a0d77cae589dbd
File size 296.0 KB ( 303113 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (84.4%)
Win32 Dynamic Link Library (generic) (6.7%)
Win32 Executable (generic) (4.6%)
Generic Win/DOS Executable (2.0%)
DOS Executable Generic (2.0%)
Tags
peexe

VirusTotal metadata
First submission 2014-03-27 06:26:11 UTC ( 3 years, 1 month ago )
Last submission 2014-03-27 06:26:11 UTC ( 3 years, 1 month ago )
File names 81b15c26c639b7ab2cab5a0053ec344d.exe
Maleduca
Maleduca.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!