× Cookies are disabled! This site requires cookies to be enabled to work properly
VirusTotal
SHA256: 1edb248c98df8f3271d6354ee2d285500ef4dbc573fa93413f2d6353f41ec71e
File name: 532309550b95265153350a18ac75f142ee1bfa0a_bb_all_grp4.ex
Detection ratio: 46 / 56
Analysis date: 2015-10-22 01:02:25 UTC ( 2 years, 6 months ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Renos.14 20151021
Yandex Trojan.Codecpack.Gen.4 20151021
ALYac Gen:Variant.Renos.14 20151022
Antiy-AVL Trojan[Packed]/Win32.Katusha 20151022
Arcabit Trojan.Renos.14 20151022
Avast Win32:Malware-gen 20151022
AVG Win32/Cryptor 20151022
Avira (no cloud) TR/PWS.Sinowal.Gen 20151022
AVware VirTool.Win32.Obfuscator.hg!b (v) 20151021
Baidu-International Trojan.Win32.Katusha.m 20151021
BitDefender Gen:Variant.Renos.14 20151022
Bkav HW32.Packed.7611 20151021
ByteHero Trojan.Malware.Obscu.Gen.002 20151022
ClamAV Win.Trojan.Agent-612082 20151021
Comodo MalCrypt.Indus! 20151022
Cyren W32/FraudLoad.F!Generic 20151022
DrWeb Trojan.Siggen1.61712 20151022
Emsisoft Gen:Variant.Renos.14 (B) 20151022
ESET-NOD32 Win32/TrojanDownloader.FakeAlert.AFQ 20151022
F-Prot W32/FraudLoad.F!Generic 20151022
F-Secure Gen:Variant.Renos.14 20151022
Fortinet W32/CodePack.CX!tr 20151021
GData Gen:Variant.Renos.14 20151022
Ikarus Trojan.Win32.FakeAV 20151021
Jiangmin Packed.Katusha.mxg 20151021
K7AntiVirus Trojan ( 700000061 ) 20151021
K7GW Trojan ( 700000061 ) 20151021
Kaspersky Packed.Win32.Katusha.m 20151022
Kingsoft Win32.Troj.Katusha.m.(kcloud) 20151022
McAfee Downloader-CEW 20151022
McAfee-GW-Edition BehavesLike.Win32.Backdoor.cc 20151022
Microsoft TrojanDownloader:Win32/Renos.KF 20151022
eScan Gen:Variant.Renos.14 20151021
NANO-Antivirus Trojan.Win32.Katusha.xhrl 20151022
Panda Trj/Genetic.gen 20151021
Qihoo-360 Win32/Trojan.Downloader.53c 20151022
Sophos AV Mal/EncPk-AKZ 20151021
SUPERAntiSpyware Trojan.Agent/Gen 20151022
Symantec Trojan.FakeAV!gen45 20151021
TheHacker Trojan/Katusha.m 20151020
TrendMicro TROJ_FAKEAV.SMA1 20151022
TrendMicro-HouseCall TROJ_FAKEAV.SMA1 20151022
VBA32 BScope.Trojan.MTA.0504 20151021
VIPRE VirTool.Win32.Obfuscator.hg!b (v) 20151022
ViRobot Trojan.Win32.S.Katusha.158208[h] 20151021
Zillya Trojan.FakeAV.Win32.233604 20151021
AegisLab 20151021
AhnLab-V3 20151021
Alibaba 20151021
CAT-QuickHeal 20151021
CMC 20151021
Malwarebytes 20151021
nProtect 20151021
Rising 20151021
Tencent 20151022
Zoner 20151021
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2009-04-14 05:54:53
Entry Point 0x00005677
Number of sections 3
PE sections
PE imports
[+] GDI32.dll
LineTo
RestoreDC
SaveDC
SelectPalette
CreateDIBitmap
SetBkColor
CopyEnhMetaFileA
CreateCompatibleBitmap
[+] KERNEL32.dll
GetStdHandle
EnterCriticalSection
lstrlenA
FreeLibrary
GlobalFindAtomA
ExitProcess
LoadLibraryA
EnumCalendarInfoA
GetDateFormatA
LoadLibraryExA
GetFileSize
lstrcatA
LockResource
GetCommandLineA
GetProcAddress
GetProcessHeap
GetModuleHandleA
GlobalAddAtomA
ExitThread
GetVersion
FreeResource
GetOEMCP
MoveFileA
LoadResource
GetCurrentThreadId
GetCurrentThread
VirtualAlloc
SetLastError
[+] MSVCRT.dll
_acmdln
log
memmove
srand
memcpy
atol
exp
ceil
mbstowcs
strcmp
[+] comctl32.dll
ImageList_Read
ImageList_Write
ImageList_Destroy
ImageList_Draw
ImageList_DragShowNolock
ImageList_Remove
ImageList_DrawEx
ImageList_GetBkColor
ImageList_Add
[+] comdlg32.dll
GetOpenFileNameA
ChooseColorA
FindTextA
GetSaveFileNameA
[+] oleaut32.dll
VariantCopyInd
SysReAllocStringLen
GetErrorInfo
SysStringLen
[+] shell32.dll
DragQueryFileA
SHGetFolderPathA
[+] user32.dll
GetCursorPos
CharLowerA
CreateWindowExA
RegisterClassA
CheckMenuItem
DrawFrameControl
GetActiveWindow
GetLastActivePopup
CharLowerBuffA
GetDCEx
DrawIcon
DefWindowProcA
GetCursor
GetFocus
GetMenuItemCount
IsWindowEnabled
GetDlgItem
EnableMenuItem
GetPropA
IsChild
SetCursor
[+] version.dll
VerInstallFileA
GetFileVersionInfoA
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2009:04:14 06:54:53+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
39424

LinkerVersion
4.5

FileTypeExtension
exe

InitializedDataSize
117248

SubsystemVersion
4.0

EntryPoint
0x5677

OSVersion
4.0

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 586d69af9efad5dc3e85d24b0f7f742f
SHA1 532309550b95265153350a18ac75f142ee1bfa0a
SHA256 1edb248c98df8f3271d6354ee2d285500ef4dbc573fa93413f2d6353f41ec71e
ssdeep
3072:rndMukm14p5cEtq0bRemDPV9ERvAsrx2CB9crjME8Ct5r5rSrgGnPG1:TdHkj3jdRl9YvAsF2CPMME8Y5r5rMgGO

authentihash 29101c1b2d11f350823c4478431543246628e1f6cbac43ef9cfa75da199601d7
imphash 59ba4f86a78e61fe3681469c13d8373a
File size 154.5 KB ( 158208 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.3%)
Win32 Executable (generic) (26.2%)
Clipper DOS Executable (11.7%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2010-07-08 01:49:08 UTC ( 7 years, 9 months ago )
Last submission 2015-10-22 01:02:25 UTC ( 2 years, 6 months ago )
File names E_mhWYDs.xlsm
1279366888.bb_all_grp4.ex1e
aa
532309550b95265153350a18ac75f142ee1bfa0a_bb_all_grp4.ex
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!
More comments

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

Sign in Join the community
No votes. No one has voted on this item yet, be the first one to do so!
More votes
Blog | Twitter | | Google groups | ToS | Privacy policy