× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 16b887ef7069ad3c81d9171581a1f9e620311e3b9d51bfc347ff493323782315
File name: 04.vir
Detection ratio: 46 / 56
Analysis date: 2016-11-05 06:43:31 UTC ( 2 years, 5 months ago )
Antivirus Result Update
Ad-Aware Trojan.Agent.CAAS 20161105
AhnLab-V3 Trojan/Win32.Kovter.N2140807478 20161104
ALYac Trojan.Agent.CAAS 20161105
Antiy-AVL Trojan/Win32.VB 20161105
Arcabit Trojan.Agent.CAAS 20161105
Avast Win32:Malware-gen 20161105
AVG Generic_vb.NHH 20161105
Avira (no cloud) TR/Dropper.VB.pijjw 20161104
AVware Trojan.Win32.Generic!BT 20161105
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20161104
BitDefender Trojan.Agent.CAAS 20161105
CAT-QuickHeal Trojan.VB 20161104
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20161024
Cyren W32/Trojan.WTNH-3633 20161105
DrWeb Trojan.KillProc.47199 20161105
Emsisoft Trojan.Agent.CAAS (B) 20161105
ESET-NOD32 a variant of Win32/Injector.DGMW 20161105
F-Secure Trojan.Agent.CAAS 20161105
Fortinet W32/VB.DGMW!tr 20161105
GData Trojan.Agent.CAAS 20161105
Ikarus Trojan.Win32.Injector 20161104
Sophos ML virtool.win32.vbinject.wx 20161018
Jiangmin TrojanDownloader.Dagozill.ao 20161105
K7AntiVirus Trojan ( 004fb32a1 ) 20161105
K7GW Trojan ( 004fb32a1 ) 20161105
Kaspersky Trojan.Win32.VB.dipx 20161105
Malwarebytes Trojan.TrickBot 20161105
McAfee Trojan-FKAH!C1FF67039EF2 20161105
McAfee-GW-Edition Trojan-FKAH!C1FF67039EF2 20161105
Microsoft Trojan:Win32/Dynamer!ac 20161105
eScan Trojan.Agent.CAAS 20161105
NANO-Antivirus Trojan.Win32.KillProc.ehmnty 20161105
nProtect Trojan/W32.Agent.130571.B 20161105
Panda Trj/CI.A 20161104
Qihoo-360 Win32/Trojan.1fd 20161105
Rising Trojan.VB!8.B20-vPA6a4zj8iR (cloud) 20161105
Sophos AV Mal/Generic-S 20161105
Symantec Trojan.Gen 20161105
Tencent Win32.Trojan.Vb.Szln 20161105
TrendMicro TROJ_GEN.R015C0PJS16 20161105
TrendMicro-HouseCall TROJ_GEN.R015C0PJS16 20161105
VBA32 TScope.Trojan.VB 20161104
VIPRE Trojan.Win32.Generic!BT 20161105
ViRobot Trojan.Win32.Agent.130569[h] 20161105
Yandex Trojan.VB!ahHiLwf4pAs 20161104
Zillya Trojan.VB.Win32.164117 20161104
AegisLab 20161105
Alibaba 20161104
Bkav 20161104
ClamAV 20161105
CMC 20161105
Comodo 20161105
F-Prot 20161105
Kingsoft 20161105
SUPERAntiSpyware 20161105
TheHacker 20161104
Zoner 20161105
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
be the de p endent outcome variable in a regression p

Product be the de p endent outcome variable in a regression p
Original name Bertiopas.exe
Internal name Bertiopas
File version 1.01.0099
Description be the de p endent outcome variable in a regression p
Comments be the de p endent outcome variable in a regression p
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-10-20 05:53:53
Entry Point 0x00001108
Number of sections 3
PE sections
Overlays
MD5 c034c130faef75e7ef11c605d13d152e
File type data
Offset 122880
Size 7691
Entropy 7.98
PE imports
EVENT_SINK_QueryInterface
Ord(537)
Ord(648)
Ord(570)
Ord(616)
EVENT_SINK_AddRef
Ord(300)
Ord(717)
Ord(583)
__vbaExceptHandler
Ord(632)
MethCallEngine
DllFunctionCall
Ord(599)
Ord(100)
Ord(526)
ProcCallEngine
Ord(711)
Ord(585)
EVENT_SINK_Release
Ord(595)
Ord(582)
Ord(306)
Ord(614)
Ord(598)
Number of PE resources by type
RT_ICON 2
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 3
ENGLISH US 1
PE resources
ExifTool file metadata
CodeSize
110592

SubsystemVersion
4.0

Comments
be the de p endent outcome variable in a regression p

InitializedDataSize
28672

ImageVersion
1.1

ProductName
be the de p endent outcome variable in a regression p

FileVersionNumber
1.1.0.99

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

CharacterSet
Unicode

LinkerVersion
6.0

FileTypeExtension
exe

OriginalFileName
Bertiopas.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
1.01.0099

TimeStamp
2016:10:20 06:53:53+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Bertiopas

ProductVersion
1.01.0099

FileDescription
be the de p endent outcome variable in a regression p

OSVersion
4.0

FileOS
Win32

LegalCopyright
be the de p endent outcome variable in a regression p

MachineType
Intel 386 or later, and compatibles

CompanyName
FlAsH

LegalTrademarks
be the de p endent outcome variable in a regression p

FileSubtype
0

ProductVersionNumber
1.1.0.99

EntryPoint
0x1108

ObjectFileType
Executable application

File identification
MD5 c1ff67039ef2f99ab9977c6d148c4a74
SHA1 0c6ca3492a1e7bbc195a47473d0caff6fd78bce5
SHA256 16b887ef7069ad3c81d9171581a1f9e620311e3b9d51bfc347ff493323782315
ssdeep
1536:3s9Q+Qdd0Q959rm959TkZ71PwZCvBQ94MEg:86+QddUkDwgvBQ99

authentihash 2b3fa9948625dc1fc4c6e97e89b2b2aa7940570b23c46aaa24292385607154b2
imphash 576ec89c64552a0535fcbc8107b7c484
File size 127.5 KB ( 130571 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (90.6%)
Win32 Executable (generic) (4.9%)
Generic Win/DOS Executable (2.2%)
DOS Executable Generic (2.2%)
Tags
peexe overlay

VirusTotal metadata
First submission 2016-10-28 13:29:53 UTC ( 2 years, 5 months ago )
Last submission 2016-11-05 06:43:31 UTC ( 2 years, 5 months ago )
File names Bertiopas.exe
Bertiopas
04.vir
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Deleted files
Hooking activity
Runtime DLLs
Additional details
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.
UDP communications