× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 11101659c5c5ed028a2cab228f364a04b642a9d09913c39a05de6cbdebbbcf80
File name: PRI
Detection ratio: 39 / 54
Analysis date: 2014-08-04 07:10:43 UTC ( 4 years, 3 months ago )
Antivirus Result Update
Ad-Aware Gen:Trojan.Heur.VP.wm1@aiG74bdi 20140804
AhnLab-V3 Trojan/Win32.ZBot 20140803
AntiVir TR/Dropper.VB.19210 20140804
Antiy-AVL Trojan[Spy]/Win32.Zbot 20140804
Avast Win32:Malware-gen 20140804
AVware Trojan.Win32.Generic!BT 20140804
Baidu-International Trojan.Win32.Injector.BBIOG 20140803
BitDefender Gen:Trojan.Heur.VP.wm1@aiG74bdi 20140804
Bkav HW32.CDB.Dff7 20140802
ByteHero Virus.Win32.Heur.p 20140804
Commtouch W32/VBTrojan.9!Maximus 20140804
Comodo UnclassifiedMalware 20140804
Emsisoft Gen:Trojan.Heur.VP.wm1@aiG74bdi (B) 20140804
ESET-NOD32 a variant of Win32/Injector.BIWO 20140804
F-Prot W32/VBTrojan.9!Maximus 20140804
F-Secure Gen:Trojan.Heur.VP.wm1@aiG74bdi 20140803
Fortinet W32/Zbot.BIOG!tr 20140804
GData Gen:Trojan.Heur.VP.wm1@aiG74bdi 20140804
Ikarus Worm.Win32.Ngrbot 20140804
K7AntiVirus Trojan ( 0049eb8e1 ) 20140801
K7GW Trojan ( 0049eb8e1 ) 20140801
Kaspersky Trojan-Spy.Win32.Zbot.tqei 20140804
Kingsoft Win32.Troj.Zbot.tq.(kcloud) 20140804
Malwarebytes Trojan.Fake.VBP 20140804
McAfee RDN/Generic PWS.y!b2m 20140804
McAfee-GW-Edition RDN/Generic PWS.y!b2m 20140803
Microsoft PWS:Win32/Zbot 20140804
eScan Gen:Trojan.Heur.VP.wm1@aiG74bdi 20140804
NANO-Antivirus Trojan.Win32.Zbot.dcvsvs 20140804
Norman Troj_Generic.VCFHC 20140804
Panda Trj/Chgt.C 20140803
Qihoo-360 HEUR/Malware.QVM03.Gen 20140804
Rising PE:Trojan.Win32.Generic.170B264B!386606667 20140803
Sophos AV Troj/Zbot-IRX 20140804
Symantec Bloodhound.MalPE.B 20140804
Tencent Win32.Trojan-spy.Zbot.Pcsp 20140804
TrendMicro TROJ_GEN.R0CBC0CGS14 20140804
TrendMicro-HouseCall TROJ_GEN.R0CBC0CGS14 20140804
VIPRE Trojan.Win32.Generic!BT 20140804
AegisLab 20140804
Yandex 20140803
AVG 20140804
CAT-QuickHeal 20140804
ClamAV 20140804
CMC 20140804
DrWeb 20140804
Jiangmin 20140804
nProtect 20140803
SUPERAntiSpyware 20140803
TheHacker 20140803
TotalDefense 20140803
VBA32 20140801
ViRobot 20140804
Zoner 20140729
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Publisher Tesco
Product Project1
Original name PRI.DLL
Internal name PRI
File version 1.00
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-07-21 13:40:56
Entry Point 0x0000124C
Number of sections 3
PE sections
PE imports
_adj_fdiv_m32
__vbaChkstk
EVENT_SINK_Release
__vbaEnd
__vbaGenerateBoundsError
_allmul
__vbaPutOwner3
_adj_fprem
_adj_fpatan
EVENT_SINK_AddRef
__vbaVarForInit
_adj_fdiv_m32i
__vbaExceptHandler
__vbaSetSystemError
__vbaFreeVarList
DllFunctionCall
__vbaFPException
__vbaGetOwner3
_adj_fdivr_m16i
__vbaUbound
_adj_fdiv_r
Ord(100)
_adj_fdivr_m64
__vbaFreeVar
_CItan
__vbaAryConstruct2
__vbaFileOpen
_adj_fdiv_m64
__vbaUI1I4
__vbaFreeObj
__vbaHresultCheckObj
_CIsqrt
_CIsin
_CIlog
_CIcos
EVENT_SINK_QueryInterface
_adj_fptan
__vbaFileClose
Ord(529)
__vbaI4Var
__vbaErrorOverflow
_CIatan
__vbaNew2
__vbaVarForNext
Ord(644)
_adj_fdivr_m32i
__vbaAryDestruct
_CIexp
__vbaStrMove
_adj_fprem1
_adj_fdivr_m32
__vbaStrCat
__vbaFreeStrList
__vbaFreeStr
_adj_fdiv_m16i
Number of PE resources by type
MSGBOX 1
RT_VERSION 1
Number of PE resources by language
NEUTRAL 1
ENGLISH US 1
PE resources
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
12288

ImageVersion
1.0

ProductName
Project1

FileVersionNumber
1.0.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

CharacterSet
Unicode

LinkerVersion
6.32

FileOS
Win32

MIMEType
application/octet-stream

FileVersion
1.0

TimeStamp
2014:07:21 14:40:56+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
PRI

FileAccessDate
2014:08:04 08:12:14+01:00

ProductVersion
1.0

SubsystemVersion
4.0

OSVersion
4.0

FileCreateDate
2014:08:04 08:12:14+01:00

OriginalFilename
PRI.DLL

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Tesco

CodeSize
344064

FileSubtype
0

ProductVersionNumber
1.0.0.0

EntryPoint
0x124c

ObjectFileType
Executable application

File identification
MD5 40d3a47f91735c68dd394e89cd87a2ad
SHA1 12df58cd524fb8a308ac57ceabdf0657ee3da7da
SHA256 11101659c5c5ed028a2cab228f364a04b642a9d09913c39a05de6cbdebbbcf80
ssdeep
6144:nEHzI4xI0cuDJCOlyuJCTcEjZHgOmqfLZ3eVf8cst:0zlTcgDHYZruo

imphash f8fd68224e23c65d76810c83b0022441
File size 353.0 KB ( 361472 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable (generic) (52.9%)
Generic Win/DOS Executable (23.5%)
DOS Executable Generic (23.4%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe

VirusTotal metadata
First submission 2014-07-26 13:48:46 UTC ( 4 years, 3 months ago )
Last submission 2014-07-27 00:35:31 UTC ( 4 years, 3 months ago )
File names PRI.DLL
PRI
QFRW_ivo3.7z
351a56849da46ea7ecbd2425c762c798f0fdb35b0150753f18c68dc1ee344017-1406382524
firefox.exe
setup.exe
truster.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!