× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 0b97742b60cc47e5fa3fe177e62d29703ca1dfce770e60588cec89e40239572e
File name: vbs.exe
Detection ratio: 29 / 66
Analysis date: 2018-09-26 06:04:58 UTC ( 7 months, 4 weeks ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Jaik.31283 20180926
ALYac Gen:Variant.Jaik.31283 20180926
Arcabit Trojan.Jaik.D7A33 20180926
Avast FileRepMalware 20180926
AVG FileRepMalware 20180926
Avira (no cloud) TR/Kryptik.zakpd 20180926
BitDefender Gen:Variant.Jaik.31283 20180926
Cylance Unsafe 20180926
Cyren W32/VBKrypt.EU.gen!Eldorado 20180926
DrWeb Trojan.PWS.Banker1.26525 20180926
Emsisoft Gen:Variant.Jaik.31283 (B) 20180926
Endgame malicious (high confidence) 20180730
ESET-NOD32 a variant of Win32/GenKryptik.CMDF 20180926
F-Prot W32/VBKrypt.EU.gen!Eldorado 20180926
F-Secure Gen:Variant.Jaik.31283 20180926
Fortinet W32/GenKryptik.CMDF!tr 20180926
GData Gen:Variant.Jaik.31283 20180926
Sophos ML heuristic 20180717
Kaspersky UDS:DangerousObject.Multi.Generic 20180926
Malwarebytes Trojan.MalPack 20180926
MAX malware (ai score=99) 20180926
McAfee Packed-FMF!B84201B08BF6 20180926
McAfee-GW-Edition Artemis!Trojan 20180926
eScan Gen:Variant.Jaik.31283 20180926
Palo Alto Networks (Known Signatures) generic.ml 20180926
Panda Trj/RnkBend.A 20180925
Qihoo-360 Win32/Trojan.81f 20180926
Symantec ML.Attribute.HighConfidence 20180925
Webroot W32.Malware.Gen 20180926
AegisLab 20180926
AhnLab-V3 20180925
Alibaba 20180921
Antiy-AVL 20180926
Avast-Mobile 20180925
AVware 20180925
Babable 20180918
Baidu 20180926
Bkav 20180925
CAT-QuickHeal 20180923
ClamAV 20180926
CMC 20180925
Comodo 20180926
CrowdStrike Falcon (ML) 20180723
Cybereason 20180225
eGambit 20180926
Ikarus 20180925
Jiangmin 20180926
K7AntiVirus 20180926
K7GW 20180926
Kingsoft 20180926
NANO-Antivirus 20180926
Rising 20180926
SentinelOne (Static ML) 20180925
Sophos AV 20180926
SUPERAntiSpyware 20180907
Symantec Mobile Insight 20180924
TACHYON 20180926
Tencent 20180926
TheHacker 20180924
TrendMicro 20180926
TrendMicro-HouseCall 20180926
Trustlook 20180926
VBA32 20180925
VIPRE 20180926
ViRobot 20180925
Yandex 20180925
Zillya 20180925
ZoneAlarm by Check Point 20180925
Zoner 20180925
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Product Csue
Original name Unrefreshful7.exe
Internal name Unrefreshful7
File version 8.08
Comments jtellAR STQ
Signature verification A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.
Signing date 12:38 AM 2/25/2019
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2004-11-28 21:01:00
Entry Point 0x000014FC
Number of sections 3
PE sections
Overlays
MD5 d1cb9c7a01a08de660945988e9080b77
File type data
Offset 512000
Size 4520
Entropy 7.56
PE imports
_adj_fdiv_m32
__vbaChkstk
Ord(523)
Ord(645)
EVENT_SINK_Release
__vbaStrCmp
Ord(521)
__vbaFPException
Ord(516)
_adj_fdivr_m64
_adj_fprem
Ord(661)
Ord(678)
Ord(525)
__vbaVarTstNe
_adj_fpatan
__vbaFreeObjList
Ord(650)
Ord(610)
__vbaStrToUnicode
_adj_fdiv_m32i
__vbaStrCopy
__vbaExceptHandler
__vbaSetSystemError
__vbaFreeVarList
DllFunctionCall
Ord(671)
__vbaStrVarMove
_adj_fdivr_m16i
__vbaStrMove
__vbaVarAdd
__vbaCyMul
Ord(589)
Ord(517)
__vbaUI1I2
__vbaFreeVar
Ord(562)
Ord(100)
EVENT_SINK_AddRef
__vbaObjSetAddref
_adj_fdiv_r
_CItan
_adj_fdiv_m64
__vbaFreeObj
__vbaHresultCheckObj
_CIsqrt
_CIsin
Ord(711)
__vbaLenBstrB
__vbaVarMul
_allmul
_CIcos
Ord(713)
EVENT_SINK_QueryInterface
_adj_fptan
Ord(685)
Ord(593)
__vbaObjSet
__vbaI4Var
__vbaVarMove
Ord(646)
_CIlog
_CIatan
__vbaNew2
__vbaR8IntI4
__vbaR4Sgn
_adj_fdivr_m32i
__vbaStrComp
_CIexp
__vbaStrI2
__vbaStrToAnsi
_adj_fprem1
_adj_fdivr_m32
__vbaStrCat
__vbaI4Cy
__vbaFreeStrList
Ord(598)
__vbaFreeStr
_adj_fdiv_m16i
Number of PE resources by type
RT_ICON 5
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 6
ENGLISH US 1
PE resources
ExifTool file metadata
CodeSize
483328

SubsystemVersion
4.0

Comments
jtellAR STQ

InitializedDataSize
24576

ImageVersion
8.8

FileSubtype
0

FileVersionNumber
8.8.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

CharacterSet
Unicode

LinkerVersion
6.0

EntryPoint
0x14fc

OriginalFileName
Unrefreshful7.exe

MIMEType
application/octet-stream

FileVersion
8.08

TimeStamp
2004:11:28 22:01:00+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Unrefreshful7

ProductVersion
8.08

UninitializedDataSize
0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
qHE PIDGIn COMMunity

LegalTrademarks
systeMS fNE.

ProductName
Csue

ProductVersionNumber
8.8.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 b84201b08bf6c537a45cd338a716263b
SHA1 3fdfb7fb96e7de1237a28e10f382736ba45a6bcd
SHA256 0b97742b60cc47e5fa3fe177e62d29703ca1dfce770e60588cec89e40239572e
ssdeep
12288:t/L6E++nU4IoCpQ+RajS8Hy2Mpfd9Uerf8xtBo4mH/pyQlrE:tJzUbz8Expfd9xQxtBo4wf

authentihash f526e98babe2207cb557c27b9210edb7c99135113b6246d5c25e86d02d81d7c2
imphash 3fb591e787110b676f93bd1c79ee5b71
File size 504.4 KB ( 516520 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (82.7%)
Win32 Dynamic Link Library (generic) (6.6%)
Win32 Executable (generic) (4.5%)
OS/2 Executable (generic) (2.0%)
Generic Win/DOS Executable (2.0%)
Tags
peexe overlay

VirusTotal metadata
First submission 2018-09-25 22:42:04 UTC ( 7 months, 4 weeks ago )
Last submission 2018-10-03 04:04:01 UTC ( 7 months, 3 weeks ago )
File names vbs.exe
Unrefreshful7
Unrefreshful7.exe
output.114179534.txt
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Hooking activity
Runtime DLLs
Additional details
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.