× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 1edb248c98df8f3271d6354ee2d285500ef4dbc573fa93413f2d6353f41ec71e
File name: 532309550b95265153350a18ac75f142ee1bfa0a_bb_all_grp4.ex
Detection ratio: 46 / 56
Analysis date: 2015-10-22 01:02:25 UTC ( 2 years ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Renos.14 20151021
Yandex Trojan.Codecpack.Gen.4 20151021
ALYac Gen:Variant.Renos.14 20151022
Antiy-AVL Trojan[Packed]/Win32.Katusha 20151022
Arcabit Trojan.Renos.14 20151022
Avast Win32:Malware-gen 20151022
AVG Win32/Cryptor 20151022
Avira (no cloud) TR/PWS.Sinowal.Gen 20151022
AVware VirTool.Win32.Obfuscator.hg!b (v) 20151021
Baidu-International Trojan.Win32.Katusha.m 20151021
BitDefender Gen:Variant.Renos.14 20151022
Bkav HW32.Packed.7611 20151021
ByteHero Trojan.Malware.Obscu.Gen.002 20151022
ClamAV Win.Trojan.Agent-612082 20151021
Comodo MalCrypt.Indus! 20151022
Cyren W32/FraudLoad.F!Generic 20151022
DrWeb Trojan.Siggen1.61712 20151022
Emsisoft Gen:Variant.Renos.14 (B) 20151022
ESET-NOD32 Win32/TrojanDownloader.FakeAlert.AFQ 20151022
F-Prot W32/FraudLoad.F!Generic 20151022
F-Secure Gen:Variant.Renos.14 20151022
Fortinet W32/CodePack.CX!tr 20151021
GData Gen:Variant.Renos.14 20151022
Ikarus Trojan.Win32.FakeAV 20151021
Jiangmin Packed.Katusha.mxg 20151021
K7AntiVirus Trojan ( 700000061 ) 20151021
K7GW Trojan ( 700000061 ) 20151021
Kaspersky Packed.Win32.Katusha.m 20151022
Kingsoft Win32.Troj.Katusha.m.(kcloud) 20151022
McAfee Downloader-CEW 20151022
McAfee-GW-Edition BehavesLike.Win32.Backdoor.cc 20151022
Microsoft TrojanDownloader:Win32/Renos.KF 20151022
eScan Gen:Variant.Renos.14 20151021
NANO-Antivirus Trojan.Win32.Katusha.xhrl 20151022
Panda Trj/Genetic.gen 20151021
Qihoo-360 Win32/Trojan.Downloader.53c 20151022
Sophos AV Mal/EncPk-AKZ 20151021
SUPERAntiSpyware Trojan.Agent/Gen 20151022
Symantec Trojan.FakeAV!gen45 20151021
TheHacker Trojan/Katusha.m 20151020
TrendMicro TROJ_FAKEAV.SMA1 20151022
TrendMicro-HouseCall TROJ_FAKEAV.SMA1 20151022
VBA32 BScope.Trojan.MTA.0504 20151021
VIPRE VirTool.Win32.Obfuscator.hg!b (v) 20151022
ViRobot Trojan.Win32.S.Katusha.158208[h] 20151021
Zillya Trojan.FakeAV.Win32.233604 20151021
AegisLab 20151021
AhnLab-V3 20151021
Alibaba 20151021
CAT-QuickHeal 20151021
CMC 20151021
Malwarebytes 20151021
nProtect 20151021
Rising 20151021
Tencent 20151022
Zoner 20151021
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2009-04-14 05:54:53
Entry Point 0x00005677
Number of sections 3
PE sections
PE imports
LineTo
RestoreDC
SaveDC
SelectPalette
CreateDIBitmap
SetBkColor
CopyEnhMetaFileA
CreateCompatibleBitmap
GetStdHandle
EnterCriticalSection
lstrlenA
FreeLibrary
GlobalFindAtomA
ExitProcess
LoadLibraryA
EnumCalendarInfoA
GetDateFormatA
LoadLibraryExA
GetFileSize
lstrcatA
LockResource
GetCommandLineA
GetProcAddress
GetProcessHeap
GetModuleHandleA
GlobalAddAtomA
ExitThread
GetVersion
FreeResource
GetOEMCP
MoveFileA
LoadResource
GetCurrentThreadId
GetCurrentThread
VirtualAlloc
SetLastError
_acmdln
log
memmove
srand
memcpy
atol
exp
ceil
mbstowcs
strcmp
ImageList_Read
ImageList_Write
ImageList_Destroy
ImageList_Draw
ImageList_DragShowNolock
ImageList_Remove
ImageList_DrawEx
ImageList_GetBkColor
ImageList_Add
GetOpenFileNameA
ChooseColorA
FindTextA
GetSaveFileNameA
VariantCopyInd
SysReAllocStringLen
GetErrorInfo
SysStringLen
DragQueryFileA
SHGetFolderPathA
GetCursorPos
CharLowerA
CreateWindowExA
RegisterClassA
CheckMenuItem
DrawFrameControl
GetActiveWindow
GetLastActivePopup
CharLowerBuffA
GetDCEx
DrawIcon
DefWindowProcA
GetCursor
GetFocus
GetMenuItemCount
IsWindowEnabled
GetDlgItem
EnableMenuItem
GetPropA
IsChild
SetCursor
VerInstallFileA
GetFileVersionInfoA
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2009:04:14 06:54:53+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
39424

LinkerVersion
4.5

FileTypeExtension
exe

InitializedDataSize
117248

SubsystemVersion
4.0

EntryPoint
0x5677

OSVersion
4.0

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 586d69af9efad5dc3e85d24b0f7f742f
SHA1 532309550b95265153350a18ac75f142ee1bfa0a
SHA256 1edb248c98df8f3271d6354ee2d285500ef4dbc573fa93413f2d6353f41ec71e
ssdeep
3072:rndMukm14p5cEtq0bRemDPV9ERvAsrx2CB9crjME8Ct5r5rSrgGnPG1:TdHkj3jdRl9YvAsF2CPMME8Y5r5rMgGO

authentihash 29101c1b2d11f350823c4478431543246628e1f6cbac43ef9cfa75da199601d7
imphash 59ba4f86a78e61fe3681469c13d8373a
File size 154.5 KB ( 158208 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.3%)
Win32 Executable (generic) (26.2%)
Clipper DOS Executable (11.7%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2010-07-08 01:49:08 UTC ( 7 years, 4 months ago )
Last submission 2015-10-22 01:02:25 UTC ( 2 years ago )
File names E_mhWYDs.xlsm
1279366888.bb_all_grp4.ex1e
aa
532309550b95265153350a18ac75f142ee1bfa0a_bb_all_grp4.ex
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!