× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 1e7d8af398855da657e36435cb6502b43fab6d4023a7de7378142b652bbbcc60
File name: 6b4ed125462b01a9ddd406b5c6489c5e990fc383.exe.vir
Detection ratio: 42 / 56
Analysis date: 2015-04-17 11:48:38 UTC ( 4 years, 1 month ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.Agent.VB.CAR 20150417
Yandex Trojan.Inject!RNbDnfO+sF8 20150416
AhnLab-V3 Trojan/Win32.Inject 20150417
Antiy-AVL Trojan/Win32.Inject 20150417
Avast Win32:Emotet-O [Trj] 20150417
AVG VBCrypt.IRH 20150417
Avira (no cloud) TR/Emotet.A.74 20150417
AVware Trojan.Win32.Generic!BT 20150417
Baidu-International Trojan.Win32.Inject.uqmy 20150417
BitDefender Trojan.Agent.VB.CAR 20150417
ByteHero Virus.Win32.Heur.p 20150417
CAT-QuickHeal Trojan.Inject.r3 20150417
Cyren W32/Trojan.EDEY-2976 20150417
DrWeb Trojan.KillFiles.26477 20150417
Emsisoft Trojan.Agent.VB.CAR (B) 20150417
ESET-NOD32 Win32/Emotet.AD 20150417
F-Secure Trojan:W32/Emotet.A 20150417
Fortinet W32/VBKrpk.EMAE!tr 20150417
GData Trojan.Agent.VB.CAR 20150417
Ikarus Trojan.Win32.Emotet 20150417
K7AntiVirus Trojan ( 004b8c611 ) 20150417
K7GW Trojan ( 004b8c611 ) 20150417
Kaspersky Trojan.Win32.Inject.uqmy 20150417
Malwarebytes Trojan.Agent.HDLGen 20150417
McAfee RDN/Generic.dx!d2w 20150417
McAfee-GW-Edition RDN/Generic.dx!d2w 20150417
Microsoft Trojan:Win32/Emotet.G 20150417
eScan Trojan.Agent.VB.CAR 20150417
NANO-Antivirus Trojan.Win32.Inject.dpzxgb 20150417
Norman VBKrypt.VBP 20150417
nProtect Trojan.Agent.VB.CAR 20150417
Panda Trj/Genetic.gen 20150417
Qihoo-360 HEUR/QVM03.0.Malware.Gen 20150417
Sophos AV Troj/VB-IJH 20150417
SUPERAntiSpyware Trojan.Agent/Gen-VB 20150417
Symantec Trojan.Zbot 20150417
Tencent Trojan.Win32.Qudamah.Gen.17 20150417
TrendMicro TSPY_EMOTET.XXQW 20150417
TrendMicro-HouseCall TSPY_EMOTET.XXQW 20150417
VBA32 TScope.Trojan.VB 20150417
VIPRE Trojan.Win32.Generic!BT 20150417
Zillya Trojan.Inject.Win32.161772 20150417
AegisLab 20150417
Alibaba 20150417
Bkav 20150417
ClamAV 20150417
CMC 20150416
Comodo 20150417
F-Prot 20150417
Jiangmin 20150414
Kingsoft 20150417
Rising 20150417
TheHacker 20150417
TotalDefense 20150417
ViRobot 20150417
Zoner 20150417
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Product Goodreads
Original name Callstb.exe
Internal name Callstb
File version 1.00.1061
Description Note: In CSS3, the text-decoration property is a shorthand property for text-decoration-line, text-decoration-color, and text-decoration-style, but this is currently.
Comments Note: In CSS3, the text-decoration property is a shorthand property for text-decoration-line, text-decoration-color, and text-decoration-style, but this is currently.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-03-30 11:30:14
Entry Point 0x0000143C
Number of sections 3
PE sections
Overlays
MD5 995a853453160a48473e517ae071b8a0
File type data
Offset 53248
Size 51208
Entropy 7.96
PE imports
_adj_fdivr_m64
__vbaGenerateBoundsError
_allmul
__vbaGet3
_adj_fprem
__vbaR4Var
__vbaAryMove
__vbaObjVar
_adj_fdiv_r
__vbaObjSetAddref
Ord(100)
__vbaHresultCheckObj
__vbaI2Var
_CIlog
__vbaVarMul
__vbaVarLateMemCallLd
_adj_fptan
__vbaFileClose
__vbaAryCopy
__vbaFreeStr
Ord(631)
Ord(588)
__vbaFreeStrList
__vbaI2I4
_adj_fdiv_m16i
EVENT_SINK_QueryInterface
Ord(516)
__vbaI4Str
__vbaLenBstr
Ord(525)
_adj_fdiv_m32i
Ord(717)
__vbaExceptHandler
__vbaSetSystemError
DllFunctionCall
__vbaUbound
__vbaVarSetObjAddref
__vbaFreeVar
__vbaLbound
__vbaFileOpen
_CIsin
Ord(711)
__vbaAryLock
EVENT_SINK_Release
__vbaVarTstEq
__vbaOnError
_adj_fdivr_m32i
__vbaVarDup
__vbaChkstk
Ord(570)
__vbaAryUnlock
__vbaStrVarCopy
__vbaVar2Vec
__vbaVarForNext
__vbaFreeVarList
__vbaStrVarMove
__vbaAryConstruct2
__vbaFreeObj
__vbaVarCopy
_CIcos
__vbaVarMove
__vbaErrorOverflow
__vbaNew2
__vbaR8IntI4
__vbaAryDestruct
__vbaStrMove
_adj_fprem1
Ord(563)
_adj_fdiv_m32
_adj_fpatan
EVENT_SINK_AddRef
__vbaVarForInit
__vbaVarVargNofree
__vbaStrCopy
__vbaFPException
__vbaAryVar
_adj_fdivr_m16i
__vbaVarAdd
_adj_fdiv_m64
__vbaUI1I4
__vbaUI1I2
_CIsqrt
_adj_fdivr_m32
_CIatan
__vbaVarDiv
__vbaLateMemCall
_CIexp
_CItan
__vbaFpI4
__vbaFpI2
Number of PE resources by type
RT_ICON 2
ABOUT 1
RT_STRING 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 3
SLOVENIAN DEFAULT 2
ENGLISH US 1
PE resources
ExifTool file metadata
UninitializedDataSize
0

Comments
Note: In CSS3, the text-decoration property is a shorthand property for text-decoration-line, text-decoration-color, and text-decoration-style, but this is currently.

LinkerVersion
6.0

ImageVersion
1.0

FileSubtype
0

FileVersionNumber
1.0.0.1061

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

CharacterSet
Unicode

InitializedDataSize
20480

EntryPoint
0x143c

OriginalFileName
Callstb.exe

MIMEType
application/octet-stream

FileVersion
1.00.1061

TimeStamp
2015:03:30 12:30:14+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Callstb

SubsystemVersion
4.0

ProductVersion
1.00.1061

FileDescription
Note: In CSS3, the text-decoration property is a shorthand property for text-decoration-line, text-decoration-color, and text-decoration-style, but this is currently.

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
In CSS3

CodeSize
28672

ProductName
Goodreads

ProductVersionNumber
1.0.0.1061

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 306573e52008779a0801a25fafb18101
SHA1 6b4ed125462b01a9ddd406b5c6489c5e990fc383
SHA256 1e7d8af398855da657e36435cb6502b43fab6d4023a7de7378142b652bbbcc60
ssdeep
1536:hQpOx2aG1RizobUBQirrzO6AA8ub2v+ySfs52mN7C:hQi2amiznQirrSrdui+yEy1C

authentihash 0e1dc879a9b252fd81a96e13db421995d07024f93a4b73e1291dcedd62ffc435
imphash 9210e2ef757ca1a91986e5c7c15fc068
File size 102.0 KB ( 104456 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (84.4%)
Win32 Dynamic Link Library (generic) (6.7%)
Win32 Executable (generic) (4.6%)
Generic Win/DOS Executable (2.0%)
DOS Executable Generic (2.0%)
Tags
peexe overlay

VirusTotal metadata
First submission 2015-03-30 12:37:59 UTC ( 4 years, 1 month ago )
Last submission 2017-06-14 07:58:23 UTC ( 1 year, 11 months ago )
File names Callstb.exe
6b4ed125462b01a9ddd406b5c6489c5e990fc383.exe.vir
VOICE318-222-1374___date____13_49___30____03____2015__wav__id__039488529348273__lang_de.exe
{4F4DB080-8101-A6D7-8446-1F812813E224}.exe
6b4ed125462b01a9ddd406b5c6489c5e990fc383.exe
$RNVH55S.zip
VOICE318-222-1374___date____13_49___30____03____2015__wav__id__039488529348273__lang_de.exe.virus
Callstb
VOICE318-222-1374___date____13_49___30____03____2015__wav__id__039488529348273__lang_de.exe
1e7d8af398855da657e36435cb6502b43fab6d4023a7de7378142b652bbbcc60
1e7d8af398855da657e36435cb6502b43fab6d4023a7de7378142b652bbbcc60.EXE
Geodo.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!