× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 11ad92225f8562c05513300b75091b37d84c10943f91e6a4c0cf8c835271694a
File name: 151fc333dc0ac52a282f426c72f3ade5
Detection ratio: 31 / 43
Analysis date: 2012-10-15 21:52:04 UTC ( 5 years ago )
Antivirus Result Update
Yandex Backdoor.Poison!uIbWzm+IK98 20121014
AhnLab-V3 Trojan/Win32.Poison 20121015
AntiVir TR/Dropper.Gen 20121015
Avast Win32:Malware-gen 20121015
AVG BackDoor.Generic12.CIRE 20121015
BitDefender Backdoor.Generic.433398 20121015
Comodo UnclassifiedMalware 20121015
DrWeb BackDoor.Poison.8392 20121015
ESET-NOD32 a variant of Win32/Injector.DDE 20121015
F-Secure Backdoor.Generic.433398 20121003
Fortinet W32/Refroso.DZP!tr 20121015
GData Backdoor.Generic.433398 20121015
Ikarus Virus.Win32.VBInject 20121015
Jiangmin Backdoor/Poison.lav 20121015
K7AntiVirus Backdoor 20121015
Kaspersky Backdoor.Win32.Poison.cicg 20121015
McAfee Generic BackDoor!dak 20121015
McAfee-GW-Edition Heuristic.BehavesLike.Win32.Suspicious-BAY.G 20121015
Microsoft Worm:Win32/Rebhip.A 20121015
eScan Backdoor.Generic.433398 20121015
Norman W32/Suspicious_Gen3.QTOS 20121015
nProtect Backdoor.Generic.433398 20121015
Panda Generic Backdoor 20121015
PCTools Backdoor.Trojan 20121015
Symantec Backdoor.Trojan 20121015
TheHacker Backdoor/Poison.cicg 20121015
TotalDefense Win32/Bifrose.BPC 20121015
TrendMicro-HouseCall TROJ_GEN.R3EC4E3 20121015
VBA32 TScope.Trojan.VB.gen 20121015
VIPRE Trojan.Win32.Generic!BT 20121015
ViRobot Backdoor.Win32.Bifrose.290816 20121015
Antiy-AVL 20121014
ByteHero 20121011
CAT-QuickHeal 20121015
ClamAV 20121015
Commtouch 20121015
eSafe 20121014
F-Prot 20121015
Kingsoft 20121008
Rising 20121012
Sophos AV 20121015
SUPERAntiSpyware 20121015
TrendMicro 20121015
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Publisher HeadAche Lab_s
Product SigNYSTB
Original name SigNY.exe
Internal name SigNY
File version 1.00
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2010-08-12 18:05:52
Entry Point 0x00001A6C
Number of sections 4
PE sections
PE imports
_adj_fdivr_m64
Ord(518)
__vbaGenerateBoundsError
__vbaStrFixstr
_allmul
Ord(616)
_adj_fprem
__vbaAryMove
__vbaObjVar
__vbaForEachVar
Ord(665)
__vbaVarAnd
__vbaRedim
Ord(537)
__vbaCopyBytes
_adj_fdiv_r
__vbaRecAnsiToUni
__vbaObjSetAddref
__vbaFixstrConstruct
_adj_fdiv_m64
__vbaHresultCheckObj
__vbaAryUnlock
__vbaR8Str
_CIlog
Ord(595)
__vbaVarLateMemCallLd
_adj_fptan
__vbaFileClose
__vbaI4Var
__vbaRecUniToAnsi
__vbaAryCopy
__vbaFreeStr
Ord(670)
__vbaStrI4
Ord(709)
__vbaFreeStrList
__vbaI2I4
_adj_fdiv_m16i
EVENT_SINK_QueryInterface
Ord(648)
__vbaNextEachVar
__vbaI4Str
Ord(607)
__vbaLenBstr
__vbaRedimPreserve
Ord(681)
Ord(576)
__vbaStrToUnicode
__vbaInStr
_adj_fdiv_m32i
Ord(717)
__vbaExceptHandler
__vbaSetSystemError
DllFunctionCall
__vbaPowerR8
__vbaUbound
__vbaFreeVar
__vbaBoolVarNull
__vbaLbound
__vbaFileOpen
__vbaI2Str
_CIsin
Ord(711)
__vbaNew
__vbaAryLock
EVENT_SINK_Release
__vbaVarTstEq
Ord(716)
__vbaOnError
_adj_fdivr_m32i
__vbaI4ErrVar
__vbaStrCat
__vbaVarDup
__vbaChkstk
__vbaLsetFixstr
__vbaStrCmp
__vbaErase
__vbaStrVarCopy
__vbaFreeObjList
Ord(666)
__vbaVar2Vec
__vbaFreeVarList
__vbaStrVarMove
Ord(626)
__vbaVarOr
__vbaLateMemCallLd
__vbaAryConstruct2
__vbaFreeObj
_adj_fdivr_m32
__vbaStrVarVal
_CIcos
Ord(528)
__vbaVarMove
__vbaErrorOverflow
__vbaNew2
__vbaVarCmpEq
__vbaAryDestruct
__vbaStrMove
_adj_fprem1
_adj_fdiv_m32
__vbaEnd
__vbaVarZero
__vbaPutOwner3
Ord(685)
__vbaUI1ErrVar
EVENT_SINK_AddRef
_adj_fpatan
Ord(712)
__vbaVarSetVar
__vbaVarVargNofree
__vbaStrCopy
Ord(632)
Ord(645)
__vbaFPException
__vbaAryVar
_adj_fdivr_m16i
Ord(100)
__vbaUI1I2
_CIsqrt
_CIatan
Ord(617)
Ord(529)
__vbaObjSet
Ord(644)
__vbaVarCat
_CIexp
__vbaStrToAnsi
_CItan
__vbaFpI4
Ord(598)
Number of PE resources by type
RT_ICON 1
RT_GROUP_ICON 1
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
NEUTRAL 2
SPANISH MODERN 2
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
16384

ImageVersion
1.0

ProductName
SigNYSTB

FileVersionNumber
1.0.0.0

LanguageCode
Spanish (Modern)

FileFlagsMask
0x0000

CharacterSet
Unicode

LinkerVersion
6.0

FileOS
Win32

MIMEType
application/octet-stream

FileVersion
1.0

TimeStamp
2010:08:12 19:05:52+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
SigNY

ProductVersion
1.0

SubsystemVersion
4.0

OSVersion
4.0

OriginalFilename
SigNY.exe

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
HeadAche Lab's

CodeSize
73728

FileSubtype
0

ProductVersionNumber
1.0.0.0

EntryPoint
0x1a6c

ObjectFileType
Executable application

File identification
MD5 151fc333dc0ac52a282f426c72f3ade5
SHA1 6b9f0a0a71559e0f82e739a839196c769724157a
SHA256 11ad92225f8562c05513300b75091b37d84c10943f91e6a4c0cf8c835271694a
ssdeep
12288:svvhjlE9/zP2uNuxCyUkI7APzURWYtWE4S9+rnSa2Nd2FpT:svvdlExzPpNuxCyUlAPzUh+rnSam

File size 744.0 KB ( 761856 bytes )
File type Win32 EXE
Magic literal
MS-DOS executable PE for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (86.2%)
Win32 Executable Generic (5.8%)
Win32 Dynamic Link Library (generic) (5.1%)
Generic Win/DOS Executable (1.3%)
DOS Executable Generic (1.3%)
Tags
peexe

VirusTotal metadata
First submission 2011-03-29 17:33:07 UTC ( 6 years, 6 months ago )
Last submission 2012-10-15 21:52:04 UTC ( 5 years ago )
File names aa
Gbg5P.inf
5VHaJS7FI.rtf
SigNY.exe
151fc333dc0ac52a282f426c72f3ade5
SigNY
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!