× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 22a074ff7daba2096d819ed04119f00aa1bc12e09ea1114a64e4785db9bfb50b
File name: d27da0856178beb29296a8d7de085b12
Detection ratio: 28 / 68
Analysis date: 2017-12-08 20:48:00 UTC ( 1 year, 2 months ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Johnnie.82484 20171208
Arcabit Trojan.Johnnie.D14234 20171208
Avira (no cloud) TR/Dropper.VB.ghjsc 20171208
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20171208
BitDefender Gen:Variant.Johnnie.82484 20171208
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20171016
Cybereason malicious.a94ff3 20171103
Cylance Unsafe 20171208
Cyren W32/VBTrojan.Dropper.4!Maximus 20171208
Emsisoft Gen:Variant.Johnnie.82484 (B) 20171208
Endgame malicious (high confidence) 20171130
ESET-NOD32 a variant of Win32/Injector.DTHD 20171208
F-Prot W32/VBTrojan.Dropper.4!Maximus 20171208
F-Secure Gen:Variant.Johnnie.82484 20171208
Fortinet W32/Injector.DTHD!tr 20171208
GData Gen:Variant.Johnnie.82484 20171208
Sophos ML heuristic 20170914
Kaspersky Trojan.Win32.Mansabo.ajj 20171208
MAX malware (ai score=83) 20171208
McAfee Artemis!D27DA0856178 20171208
McAfee-GW-Edition BehavesLike.Win32.Generic.fc 20171208
eScan Gen:Variant.Johnnie.82484 20171208
Palo Alto Networks (Known Signatures) generic.ml 20171208
Panda Trj/RnkBend.A 20171208
Qihoo-360 HEUR/QVM03.0.B621.Malware.Gen 20171208
SentinelOne (Static ML) static engine - malicious 20171207
Webroot W32.Adware.Gen 20171208
ZoneAlarm by Check Point Trojan.Win32.Mansabo.ajj 20171208
AegisLab 20171208
AhnLab-V3 20171208
Alibaba 20171208
ALYac 20171208
Antiy-AVL 20171208
Avast 20171208
Avast-Mobile 20171208
AVG 20171208
AVware 20171208
Bkav 20171208
CAT-QuickHeal 20171208
ClamAV 20171208
CMC 20171208
Comodo 20171208
DrWeb 20171208
eGambit 20171208
Ikarus 20171208
Jiangmin 20171208
K7AntiVirus 20171208
K7GW 20171208
Kingsoft 20171208
Malwarebytes 20171208
Microsoft 20171208
NANO-Antivirus 20171208
nProtect 20171208
Rising 20171208
Sophos AV 20171208
SUPERAntiSpyware 20171208
Symantec 20171208
Symantec Mobile Insight 20171207
Tencent 20171208
TheHacker 20171205
TotalDefense 20171208
TrendMicro 20171208
TrendMicro-HouseCall 20171208
Trustlook 20171208
VBA32 20171208
VIPRE 20171208
ViRobot 20171208
WhiteArmor 20171204
Yandex 20171208
Zillya 20171207
Zoner 20171208
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© 2016 VB6boost Dance

Product WizAppFinder
Original name VB6boost.exe
Internal name VB6boost
File version 6.00
Description ioplu is one of millions playing, creating and exploring the endless possibilities of Roblox
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-12-06 19:37:28
Entry Point 0x00001400
Number of sections 3
PE sections
PE imports
_adj_fdiv_m32
__vbaChkstk
Ord(712)
Ord(546)
_CIatan
__vbaGenerateBoundsError
_allmul
_adj_fdivr_m64
__vbaAryUnlock
_adj_fprem
Ord(661)
__vbaLenBstr
__vbaAryMove
_adj_fpatan
__vbaRedimPreserve
Ord(543)
__vbaDateVar
__vbaVarForInit
__vbaUI1Str
_adj_fdiv_m32i
__vbaStrCopy
__vbaVarAnd
__vbaSetSystemError
__vbaFreeVarList
__vbaRedim
DllFunctionCall
__vbaFPException
_CIexp
__vbaVarMod
_adj_fdivr_m16i
__vbaUbound
__vbaVarAdd
__vbaVarCmpGt
_adj_fdiv_r
Ord(100)
__vbaAryLock
__vbaUI1I2
__vbaFreeVar
Ord(544)
__vbaUI1Var
Ord(547)
__vbaAryConstruct2
__vbaPowerR8
_adj_fdiv_m64
_CIsin
_CIsqrt
__vbaHresultCheckObj
_CIlog
__vbaLenBstrB
__vbaVarMul
__vbaStrVarVal
_CIcos
_adj_fptan
__vbaI2Var
_CItan
__vbaR8Var
__vbaI4Var
__vbaVarMove
__vbaErrorOverflow
Ord(540)
__vbaNew2
__vbaVarForNext
Ord(644)
__vbaOnError
_adj_fdivr_m32i
Ord(631)
__vbaAryDestruct
Ord(541)
__vbaStrMove
_adj_fprem1
_adj_fdivr_m32
__vbaStrCat
Ord(537)
__vbaVar2Vec
__vbaFreeStrList
__vbaFpI4
Ord(598)
__vbaFreeStr
_adj_fdiv_m16i
__vbaExceptHandler
Number of PE resources by type
RT_ICON 9
RT_GROUP_ICON 2
RT_VERSION 1
STCCLICOSPAD 1
Number of PE resources by language
NEUTRAL DEFAULT 7
NEUTRAL 4
ENGLISH US 1
GERMAN LUXEMBOURG 1
PE resources
ExifTool file metadata
LegalTrademarks
stunning athleticism of ballet

SubsystemVersion
4.0

LinkerVersion
6.0

ImageVersion
6.0

FileSubtype
0

FileVersionNumber
6.0.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

FileDescription
ioplu is one of millions playing, creating and exploring the endless possibilities of Roblox

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

CharacterSet
Unicode

InitializedDataSize
323584

EntryPoint
0x1400

OriginalFileName
VB6boost.exe

MIMEType
application/octet-stream

LegalCopyright
2016 VB6boost Dance

FileVersion
6.0

TimeStamp
2017:12:06 20:37:28+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
VB6boost

ProductVersion
6.0

UninitializedDataSize
0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
57344

ProductName
WizAppFinder

ProductVersionNumber
6.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 d27da0856178beb29296a8d7de085b12
SHA1 75949f5a94ff334d9c7a3e9e1e0541c2aa27318b
SHA256 22a074ff7daba2096d819ed04119f00aa1bc12e09ea1114a64e4785db9bfb50b
ssdeep
6144:Qry0MPHRwgcV65K9XZykq8urP9CB3F5dtpdbuRqkSu65mA+l9oK1nDc979YE+EA:Qry0MPHRwgcV65KxH9uradtnbPkSuG0t

authentihash 519b51c98c42d6d3cf135d85da32e591893c14186efd2208e403a7a3f540b496
imphash 38575524479dc1f6d206199e20a3553f
File size 376.0 KB ( 385024 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (82.7%)
Win32 Dynamic Link Library (generic) (6.6%)
Win32 Executable (generic) (4.5%)
OS/2 Executable (generic) (2.0%)
Generic Win/DOS Executable (2.0%)
Tags
peexe

VirusTotal metadata
First submission 2017-12-08 20:48:00 UTC ( 1 year, 2 months ago )
Last submission 2017-12-08 20:48:00 UTC ( 1 year, 2 months ago )
File names VB6boost.exe
VB6boost
d27da0856178beb29296a8d7de085b12
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!