× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 1da9d014ab83c356e1d5d92fffd1c3a5d1cb1f60d24078094da01024bf15a932
File name: boot.exe
Detection ratio: 50 / 57
Analysis date: 2015-04-09 23:29:07 UTC ( 3 years, 10 months ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Trojan.Heur.KS.6 20150410
Yandex Trojan.DL.VB!KK1DenzqIsk 20150409
AhnLab-V3 Trojan/Win32.Buzus 20150409
Antiy-AVL Trojan[Downloader]/Win32.VB 20150409
Avast Win32:VBCrypt-BWC [Trj] 20150409
AVG Downloader.Generic10.YRY 20150409
Avira (no cloud) TR/Dropper.Gen 20150409
AVware LooksLike.Win32.Malware!vb (v) 20150409
Baidu-International Trojan.Win32.Downloader.aatw 20150409
BitDefender Gen:Trojan.Heur.KS.6 20150409
CAT-QuickHeal TrojanDownloader.VB.r3 20150409
CMC Trojan-Downloader.Win32.VB!O 20150408
Comodo UnclassifiedMalware 20150409
Cyren W32/VBInject.AB.gen!Eldorado 20150409
DrWeb Trojan.Inject.19875 20150409
Emsisoft Gen:Trojan.Heur.KS.6 (B) 20150409
ESET-NOD32 Win32/Boberog.AZ 20150410
F-Prot W32/VBInject.AB.gen!Eldorado 20150409
F-Secure Gen:Trojan.Heur.KS.6 20150409
Fortinet W32/VB.BZR!tr 20150409
GData Gen:Trojan.Heur.KS.6 20150409
Ikarus Trojan.Win32.Ircbrute 20150409
Jiangmin TrojanDownloader.VB.dtyi 20150409
K7AntiVirus Trojan ( 001b284f1 ) 20150409
K7GW Trojan ( 001b284f1 ) 20150409
Kaspersky Trojan-Downloader.Win32.VB.aatw 20150409
Kingsoft Win32.TrojDownloader.VB.(kcloud) 20150410
Malwarebytes Worm.Palevo 20150409
McAfee Generic Malware.hf!ats 20150409
McAfee-GW-Edition BehavesLike.Win32.ZeroAccess.dh 20150409
Microsoft VirTool:Win32/VBInject.KR 20150409
eScan Gen:Trojan.Heur.KS.6 20150409
NANO-Antivirus Trojan.Win32.VB.byrxs 20150409
Norman Injector.GLCU 20150409
nProtect Trojan-Downloader/W32.Agent.233472.AO 20150409
Panda Adware/AccesMembre 20150409
Qihoo-360 Win32/Trojan.02c 20150410
Rising PE:Trojan.Win32.Generic.124B4459!306922585 20150409
Sophos AV Mal/Rimecud-G 20150410
SUPERAntiSpyware Trojan.Agent/Gen-FakeAV 20150409
Symantec W32.Spybot.Worm 20150409
Tencent Trojan.Win32.YY.Gen.17 20150410
TheHacker Trojan/VB.gen 20150408
TotalDefense Win32/Inject.TTNbNVC 20150409
TrendMicro TROJ_VB.JWV 20150409
TrendMicro-HouseCall TROJ_VB.JWV 20150409
VBA32 Trojan.VBRA.09372 20150409
VIPRE LooksLike.Win32.Malware!vb (v) 20150410
ViRobot Trojan.Win32.Downloader.233472.AE[h] 20150409
Zillya Downloader.VB.Win32.21760 20150409
AegisLab 20150409
Alibaba 20150409
ALYac 20150410
Bkav 20150409
ByteHero 20150410
ClamAV 20150409
Zoner 20150409
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © 1995-2010

Product Copyright © executable file
Original name wp15wiz.rc
Internal name wpwiz.exe
File version 6.1.33.0
Description Copyright © executable file
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2010-10-06 18:40:25
Entry Point 0x0000B754
Number of sections 3
PE sections
PE imports
_adj_fdiv_m32
__vbaChkstk
_CIatan
__vbaGenerateBoundsError
_allmul
__vbaAryCopy
_adj_fdivr_m64
__vbaAryUnlock
_adj_fprem
__vbaLenBstr
__vbaAryMove
_adj_fpatan
Ord(617)
Ord(681)
Ord(535)
_adj_fdiv_m32i
Ord(717)
__vbaExceptHandler
__vbaSetSystemError
__vbaFreeVarList
Ord(632)
DllFunctionCall
__vbaFPException
__vbaStrVarMove
_adj_fdivr_m16i
__vbaUbound
_adj_fdiv_r
Ord(100)
__vbaUI1I2
__vbaFreeVar
__vbaAryConstruct2
_adj_fdiv_m64
__vbaUI1I4
_CIsin
_CIsqrt
__vbaHresultCheckObj
_CIlog
__vbaAryLock
_CIcos
__vbaFreeStr
_adj_fptan
__vbaVar2Vec
__vbaErrorOverflow
Ord(608)
__vbaNew2
Ord(670)
Ord(644)
__vbaVarCat
__vbaOnError
_adj_fdivr_m32i
__vbaAryDestruct
_CIexp
__vbaStrMove
_adj_fprem1
_adj_fdivr_m32
__vbaStrCat
__vbaStrR4
_CItan
__vbaFpI4
Ord(598)
__vbaFpI2
_adj_fdiv_m16i
Number of PE resources by type
RT_PLUGPLAY 2
RT_ICON 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 3
NEUTRAL 2
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
6.0

ImageVersion
1.0

FileSubtype
0

FileVersionNumber
6.1.33.0

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
94208

EntryPoint
0xb754

OriginalFileName
wp15wiz.rc

MIMEType
application/octet-stream

LegalCopyright
Copyright 1995-2010

FileVersion
6.1.33.0

TimeStamp
2010:10:06 19:40:25+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
wpwiz.exe

ProductVersion
6.1.33.0

FileDescription
Copyright executable file

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Copyright executable file

CodeSize
135168

ProductName
Copyright executable file

ProductVersionNumber
6.1.33.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 4f019ccf8d8425511a0246363fc462b8
SHA1 fb3bb870db9a6c5861dcb2b461f316d2a389a425
SHA256 1da9d014ab83c356e1d5d92fffd1c3a5d1cb1f60d24078094da01024bf15a932
ssdeep
6144:V44rI9hMP18BirPxe88iQOPJ+Z6NO5lwnJVQZgUx:NI9h8VeiIlwnQZp

authentihash 8dc2aff369933ba006d93c66a34a06b5a84f7171dbd5e2226a0c350f6e821704
imphash 6081db7bd3cf6ce4a78e618a446e7e1a
File size 228.0 KB ( 233472 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (90.6%)
Win32 Executable (generic) (4.9%)
Generic Win/DOS Executable (2.2%)
DOS Executable Generic (2.2%)
Tags
peexe usb-autorun

VirusTotal metadata
First submission 2010-10-08 02:45:32 UTC ( 8 years, 4 months ago )
Last submission 2015-04-09 23:29:07 UTC ( 3 years, 10 months ago )
File names 4f019ccf8d8425511a0246363fc462b8
wp15wiz.rc
boot.exe
wpwiz.exe
4F019CCF8D8425511A0246363FC462B8
E8275197002F808890EF031BC10A2500316A6A14.exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!