× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 0c5b07480bec7d81098576c4d47bc122050b89b1e18e93320d1c3b2f8d49fa9d
File name: CENA DE GALA C.M.C.P. 2016.exe
Detection ratio: 56 / 56
Analysis date: 2016-11-01 16:22:47 UTC ( 2 years, 3 months ago ) View latest
Antivirus Result Update
Ad-Aware Win32.Worm.VB.NUH 20161101
AegisLab Troj.Downloader.W32.Banload.ihm!c 20161101
AhnLab-V3 Worm/Win32.AutoRun.N116220056 20161101
ALYac Win32.Worm.VB.NUH 20161101
Antiy-AVL Trojan[Downloader]/Win32.Banload 20161101
Arcabit Win32.Worm.VB.NUH 20161101
Avast Win32:Banload-GCD [Trj] 20161101
AVG Downloader.Banload.XVO 20161101
Avira (no cloud) TR/Banload.ihm 20161101
AVware Trojan-Downloader.Win32.Banload.ayqh (v) 20161101
Baidu Win32.Trojan.VB.gu 20161101
BitDefender Win32.Worm.VB.NUH 20161101
Bkav W32.CarigatG.Trojan 20161101
CAT-QuickHeal Trojan.VB.Gen 20161101
ClamAV Win.Trojan.VB-1518 20161101
CMC Trojan-Downloader.Win32.Banload!O 20161101
Comodo TrojWare.Win32.Downloader.Banload.~AAD 20161101
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20161024
Cyren W32/Downloader.ARMS-0839 20161101
DrWeb Trojan.DownLoad1.19749 20161101
Emsisoft Win32.Worm.VB.NUH (B) 20161101
ESET-NOD32 Win32/VB.NMS 20161101
F-Prot W32/Downldr2.DEAQ 20161101
F-Secure Win32.Worm.VB.NUH 20161101
Fortinet W32/VB.F!tr.dldr 20161101
GData Win32.Worm.VB.NUH 20161101
Ikarus Worm.Win32.Lefgroo 20161101
Sophos ML worm.win32.lefgroo.a 20161018
Jiangmin Trojan/Generic.awkyv 20161101
K7AntiVirus Trojan ( 001d712b1 ) 20161101
K7GW Trojan ( 001d712b1 ) 20161101
Kaspersky Trojan.Win32.Agent.acbem 20161101
Kingsoft Win32.TrojDownloader.Banload.(kcloud) 20161101
Malwarebytes Worm.Brontok 20161101
McAfee Generic VB.b 20161101
McAfee-GW-Edition BehavesLike.Win32.VBObfus.fc 20161101
Microsoft Worm:Win32/Lefgroo.A 20161101
eScan Win32.Worm.VB.NUH 20161101
NANO-Antivirus Trojan.Win32.DownLoader6.vttwn 20161101
nProtect Trojan-Downloader/W32.Banload.327680.D 20161101
Panda Trj/Nabload.ACN 20161101
Qihoo-360 Malware.Radar05.Gen 20161101
Rising Malware.Generic!u4MIOvZRwbG@3 (thunder) 20161101
Sophos AV Mal/VB-F 20161101
SUPERAntiSpyware Trojan.Agent/Gen 20161101
Symantec W32.SillyFDC 20161101
Tencent Trojan.Win32.FakeFolder.pa 20161101
TheHacker Trojan/Downloader.Banload.ihm 20161101
TrendMicro WORM_AUTORUN.SMG 20161101
TrendMicro-HouseCall WORM_AUTORUN.SMG 20161101
VBA32 Trojan.Agent 20161101
VIPRE Trojan-Downloader.Win32.Banload.ayqh (v) 20161031
ViRobot Trojan.Win32.Downloader.910336[h] 20161101
Yandex Trojan.DL.Banload!vPoT1y037yQ 20161031
Zillya Downloader.Banload.Win32.44018 20161031
Zoner Trojan.VB.NMS 20161101
Alibaba 20161101
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Product Project1
Original name Prueba0001.exe
Internal name Prueba0001
File version 1.00
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2008-01-02 17:21:56
Entry Point 0x00001628
Number of sections 3
PE sections
Overlays
MD5 a371492f16c0940507435909603efe88
File type ASCII text
Offset 325120
Size 2560
Entropy 0.00
PE imports
_adj_fdivr_m64
_allmul
_adj_fprem
__vbaObjVar
__vbaForEachVar
Ord(580)
_adj_fdiv_r
__vbaObjSetAddref
Ord(100)
__vbaHresultCheckObj
__vbaR8Str
_CIlog
__vbaVarLateMemCallLd
_adj_fptan
__vbaFreeStr
__vbaStrI2
__vbaStrR8
__vbaStrI4
__vbaFreeStrList
__vbaI2I4
_adj_fdiv_m16i
EVENT_SINK_QueryInterface
Ord(648)
Ord(531)
__vbaNextEachVar
__vbaLenBstr
Ord(594)
Ord(576)
__vbaStrToUnicode
_adj_fdiv_m32i
Ord(600)
__vbaExceptHandler
__vbaSetSystemError
DllFunctionCall
__vbaFreeVar
__vbaBoolVarNull
__vbaFileOpen
__vbaI2Str
EVENT_SINK_Release
__vbaVarTstEq
Ord(593)
Ord(716)
__vbaOnError
__vbaVarSetVar
__vbaStrCat
__vbaVarDup
__vbaChkstk
__vbaPrintFile
__vbaStrCmp
__vbaAryUnlock
__vbaFreeObjList
Ord(666)
__vbaFreeVarList
__vbaStrVarMove
__vbaVarOr
__vbaLateMemCallLd
__vbaFreeObj
_adj_fdivr_m32
__vbaStrVarVal
_CIcos
__vbaVarMove
__vbaErrorOverflow
__vbaNew2
__vbaStrMove
_adj_fprem1
_adj_fdiv_m32
__vbaEnd
__vbaVarCmpEq
_adj_fpatan
EVENT_SINK_AddRef
_adj_fdivr_m32i
__vbaStrCopy
Ord(632)
Ord(645)
__vbaFPException
_adj_fdivr_m16i
_adj_fdiv_m64
_CIsin
_CIsqrt
__vbaVarCopy
_CIatan
__vbaLateMemCall
__vbaObjSet
__vbaVarCat
__vbaFileCloseAll
_CIexp
__vbaStrToAnsi
_CItan
__vbaFpI2
Number of PE resources by type
RT_ICON 10
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 11
ENGLISH US 1
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
6.0

ImageVersion
1.0

FileSubtype
0

FileVersionNumber
1.0.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

CharacterSet
Unicode

InitializedDataSize
45056

EntryPoint
0x1628

OriginalFileName
Prueba0001.exe

MIMEType
application/octet-stream

FileVersion
1.0

TimeStamp
2008:01:02 18:21:56+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Prueba0001

ProductVersion
1.0

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
69632

ProductName
Project1

ProductVersionNumber
1.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 a5149ad32b960d49379e5c2a0858c663
SHA1 1b893950968daa4e31f06b30b036726a05515250
SHA256 0c5b07480bec7d81098576c4d47bc122050b89b1e18e93320d1c3b2f8d49fa9d
ssdeep
3072:zdQ1zwLhj9VSTcMf1FzUzt6+HjPKlVzyZbACKhqUjqUbiT7LEHg09jdvTiu4F1U4:zdQ1zwVSTcMozt6h2Mq0mcPhZ4F1rN

authentihash 942dc0474405b603a3cd7e9844b0256e2c1cafe9e82a611ee9a74bf229ef6aea
imphash ed664352fc066085d3f909b2d6dd69ce
File size 320.0 KB ( 327680 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (88.6%)
Win32 Executable (generic) (4.8%)
OS/2 Executable (generic) (2.1%)
Generic Win/DOS Executable (2.1%)
DOS Executable Generic (2.1%)
Tags
peexe overlay

VirusTotal metadata
First submission 2010-03-01 23:14:03 UTC ( 8 years, 11 months ago )
Last submission 2018-05-21 23:14:05 UTC ( 9 months ago )
File names 03.10.2014_10.08.08.exe
musica.exe
ROCKOLA.exe
CIENCIAS CREATIVAS II. FÍSICA.exe
134___06.exe
WL-828958a43b81c92d19bc846b34e26215-0
007891488
Prueba0001.exe
Prueba0001
A0028821.exe
CENA DE GALA C.M.C.P. 2016.exe
a5149ad32b960d49379e5c2a0858c663.vir
MUSICA.EXE.Muestra EliStartPage v26.00
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Hooking activity
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.