× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 1d7fbce9f68f086294ff248a351da29c41cbd416c41d0a78a90d714f5bcccd74
File name: 1d7fbce9f68f086294ff248a351da29c41cbd416c41d0a78a90d714f5bcccd74.vir
Detection ratio: 38 / 54
Analysis date: 2016-01-12 12:10:59 UTC ( 3 years ago )
Antivirus Result Update
Ad-Aware Gen:Trojan.Heur.pm0@bjgOQHbi 20160112
Yandex Trojan.Swisyn!DYSYiSLwgpQ 20160111
Antiy-AVL Trojan/Win32.Spamer 20160112
Arcabit Trojan.Heur.EAA30C 20160112
Avast Win32:Malware-gen 20160112
AVG Generic28.BJPT 20160112
Avira (no cloud) TR/Hspam.A.2 20160112
AVware Trojan.Win32.Generic!BT 20160111
BitDefender Gen:Trojan.Heur.pm0@bjgOQHbi 20160112
CAT-QuickHeal (Suspicious) - DNAScan 20160111
ClamAV Trojan.Swisyn-159 20160112
CMC Heur.Win32.VBKrypt.1!O 20160111
Comodo UnclassifiedMalware 20160112
Cyren W32/VB.BZ.gen!Eldorado 20160112
DrWeb Trojan.DownLoader6.13957 20160112
Emsisoft Gen:Trojan.Heur.pm0@bjgOQHbi (B) 20160112
ESET-NOD32 Win32/VB.QNB 20160112
F-Prot W32/VB.BZ.gen!Eldorado 20160111
F-Secure Gen:Trojan.Heur.pm0@bjgOQHbi 20160112
Fortinet W32/Swisyn.CLGW!tr 20160111
GData Gen:Trojan.Heur.pm0@bjgOQHbi 20160112
Ikarus Trojan.Win32.Hspam 20160112
Kaspersky Trojan.Win32.Spamer.gl 20160112
Malwarebytes Trojan.VBAgent 20160112
McAfee Artemis!2A6AA21CFA7C 20160112
McAfee-GW-Edition BehavesLike.Win32.Trojan.dm 20160112
Microsoft Trojan:Win32/Hspam.A 20160112
eScan Gen:Trojan.Heur.pm0@bjgOQHbi 20160112
NANO-Antivirus Trojan.Win32.Swisyn.sjfkq 20160112
Panda Generic Malware 20160111
Sophos AV Mal/Generic-L 20160112
Symantec Trojan.Gen 20160111
Tencent Win32.Trojan.Spamer.Hrze 20160112
TheHacker Trojan/Swisyn.clgw 20160107
VBA32 Trojan.VB.Spammer.gen 20160112
VIPRE Trojan.Win32.Generic!BT 20160112
ViRobot Trojan.Win32.A.Swisyn.245760.E[h] 20160112
Zillya Trojan.Swisyn.Win32.26018 20160112
AegisLab 20160112
AhnLab-V3 20160112
Alibaba 20160112
Baidu-International 20160112
Bkav 20160112
ByteHero 20160112
Jiangmin 20160112
K7AntiVirus 20160112
K7GW 20160112
nProtect 20160112
Rising 20160112
SUPERAntiSpyware 20160112
TotalDefense 20160112
TrendMicro 20160112
TrendMicro-HouseCall 20160112
Zoner 20160112
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Product Eicq
Original name new.exe
Internal name new
File version 1.00
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-06-03 21:06:35
Entry Point 0x000025B4
Number of sections 3
PE sections
PE imports
_adj_fdivr_m64
Ord(546)
Ord(518)
__vbaGenerateBoundsError
__vbaStrFixstr
_allmul
__vbaR4ErrVar
_adj_fprem
Ord(558)
__vbaAryMove
__vbaObjVar
__vbaDateVar
Ord(301)
__vbaVarAnd
__vbaRedim
Ord(537)
__vbaRefVarAry
__vbaRaiseEvent
__vbaFailedFriend
_adj_fdiv_r
__vbaLsetFixstrFree
__vbaRecAnsiToUni
__vbaObjSetAddref
__vbaFixstrConstruct
__vbaI4Var
_adj_fdiv_m64
__vbaHresultCheckObj
__vbaI2Var
__vbaR8Str
_CIlog
Ord(616)
__vbaVarLateMemCallLd
_adj_fptan
Ord(581)
__vbaR8ErrVar
__vbaLateIdCall
__vbaRecUniToAnsi
Ord(608)
__vbaFreeStr
__vbaErrorOverflow
__vbaLateIdCallLd
Ord(631)
__vbaVarNot
__vbaStrI2
__vbaStrR8
__vbaStrI4
__vbaBoolErrVar
__vbaR8FixI4
__vbaFreeStrList
__vbaI2I4
_adj_fdiv_m16i
__vbaExceptHandler
EVENT_SINK_QueryInterface
__vbaFpUI1
Ord(617)
Ord(516)
__vbaI4Str
__vbaLenBstr
Ord(525)
__vbaRedimPreserve
Ord(681)
__vbaStrToUnicode
__vbaInStr
_adj_fdiv_m32i
Ord(717)
Ord(600)
Ord(307)
__vbaSetSystemError
DllFunctionCall
__vbaUbound
__vbaVarCmpGt
__vbaDerefAry1
__vbaFreeVar
__vbaBoolVarNull
__vbaVargVarMove
__vbaI2Str
__vbaUI1I2
Ord(711)
Ord(606)
__vbaNew
__vbaAryLock
__vbaLsetFixstr
__vbaVarTstEq
Ord(593)
Ord(716)
__vbaOnError
__vbaVargVarCopy
__vbaI4ErrVar
__vbaStrCat
__vbaVarDup
__vbaChkstk
EVENT_SINK_Release
__vbaStrCmp
__vbaAryCopy
__vbaAryUnlock
__vbaBoolVar
__vbaError
__vbaStrVarCopy
__vbaFreeObjList
Ord(592)
__vbaVarIndexLoad
Ord(666)
__vbaVar2Vec
__vbaVarForNext
__vbaFreeVarList
__vbaStrVarMove
__vbaCastObj
__vbaExitProc
__vbaVarOr
__vbaVarTstNe
__vbaLateMemCallLd
__vbaAryConstruct2
__vbaFreeObj
_adj_fdivr_m32
__vbaStrVarVal
__vbaVarSub
Ord(660)
__vbaVarTstGt
_CIcos
Ord(303)
Ord(685)
__vbaStrErrVarCopy
__vbaVarCmpNe
__vbaVarMove
__vbaFPInt
__vbaLateMemSt
__vbaStrUI1
__vbaNew2
__vbaLateIdSt
__vbaVarCmpEq
__vbaAryDestruct
__vbaStrMove
_adj_fprem1
Ord(619)
Ord(563)
_adj_fdiv_m32
Ord(712)
__vbaLenVar
__vbaEnd
__vbaVarCat
__vbaUI1ErrVar
Ord(594)
__vbaVarLateMemCallLdRf
_adj_fpatan
EVENT_SINK_AddRef
_adj_fdivr_m32i
__vbaVarForInit
__vbaVarSetVar
__vbaObjIs
__vbaVarVargNofree
__vbaStrCopy
Ord(632)
__vbaFPException
__vbaAryVar
_adj_fdivr_m16i
__vbaVarAdd
Ord(100)
__vbaCyErrVar
Ord(561)
Ord(309)
__vbaUI1I4
__vbaVargVar
_CIsin
_CIsqrt
__vbaVarCopy
_CIatan
__vbaLateMemCall
Ord(573)
__vbaObjSet
__vbaI2ErrVar
Ord(644)
__vbaDateR8
__vbaStr2Vec
_CIexp
__vbaStrToAnsi
_CItan
__vbaFpI4
Ord(598)
__vbaFpI2
Number of PE resources by type
RT_ICON 3
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 4
ENGLISH US 1
PE resources
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
16384

ImageVersion
1.0

ProductName
Eicq

FileVersionNumber
1.0.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

CharacterSet
Unicode

LinkerVersion
6.0

FileTypeExtension
exe

OriginalFileName
new.exe

MIMEType
application/octet-stream

FileVersion
1.0

TimeStamp
2012:06:03 22:06:35+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
new

ProductVersion
1.0

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
HOME

CodeSize
233472

FileSubtype
0

ProductVersionNumber
1.0.0.0

EntryPoint
0x25b4

ObjectFileType
Executable application

File identification
MD5 2a6aa21cfa7c284b29e390f51be76b90
SHA1 ac209c6b01297c0bca9b8297d9239aebbdac9996
SHA256 1d7fbce9f68f086294ff248a351da29c41cbd416c41d0a78a90d714f5bcccd74
ssdeep
3072:hqlrb95kfSKkYyhTTrqze+wFubaagqDkYHpeDnx8ocwuTkChiD5+k4:hqltNJxGwcbacD1eDBcwuTkChiD5

authentihash e8f238be36a2181d2dd1db06052ae38a9f2e8dbfc739e96d05d05f8f79eec852
imphash 04d47cefa05b162f7253cd0e407dc172
File size 240.0 KB ( 245760 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (84.4%)
Win32 Dynamic Link Library (generic) (6.7%)
Win32 Executable (generic) (4.6%)
Generic Win/DOS Executable (2.0%)
DOS Executable Generic (2.0%)
Tags
peexe

VirusTotal metadata
First submission 2012-06-04 04:55:39 UTC ( 6 years, 7 months ago )
Last submission 2016-01-12 12:10:59 UTC ( 3 years ago )
File names 1d7fbce9f68f086294ff248a351da29c41cbd416c41d0a78a90d714f5bcccd74.vir
smona_1d7fbce9f68f086294ff248a351da29c41cbd416c41d0a78a90d714f5bcccd74.bin
2a6aa21cfa7c284b29e390f51be76b90-new.exe
new.exe
2a6aa21cfa7c284b29e390f51be76b90
new
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Shell commands
Opened mutexes
Hooking activity
Runtime DLLs
Additional details
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.
UDP communications