× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 23f2708f069e67d706ac69915c0d85640daf7eda4a7ea3595e715ab0fb748ca9
File name: MinCo e fIbio
Detection ratio: 45 / 56
Analysis date: 2015-10-26 06:19:38 UTC ( 3 years ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKD.2326356 20151026
Yandex TrojanSpy.Zbot!Olilgx3YdEU 20151025
AhnLab-V3 Trojan/Win32.ZBot 20151026
ALYac Trojan.GenericKD.2326356 20151026
Antiy-AVL Trojan[Spy]/Win32.Zbot 20151026
Arcabit Trojan.Generic.D237F54 20151026
Avast Win32:VBCrypt-DBU [Trj] 20151026
AVG Zbot.ABEH 20151026
Avira (no cloud) TR/ZbotCitadel.A.1068 20151026
AVware Trojan.Win32.Generic!BT 20151026
Baidu-International Trojan.Win32.Zbot.gmi 20151026
BitDefender Trojan.GenericKD.2326356 20151026
Bkav W32.Clodf8e.Trojan.f9ae 20151026
ByteHero Virus.Win32.Heur.p 20151026
CAT-QuickHeal TrojanPWS.Zbot.VA3 20151026
Comodo UnclassifiedMalware 20151026
Cyren W32/Zbot.URXK-5073 20151026
DrWeb Trojan.PWS.Panda.2401 20151026
Emsisoft Trojan.GenericKD.2326356 (B) 20151026
ESET-NOD32 Win32/Spy.Zbot.AAO 20151026
F-Prot W32/Zbot.ZUV 20151026
F-Secure Trojan.GenericKD.2326356 20151026
Fortinet W32/Zbot.AAQ!tr 20151026
GData Trojan.GenericKD.2326356 20151026
Ikarus Trojan-Spy.Agent 20151026
K7AntiVirus Spyware ( 0029a43a1 ) 20151026
K7GW Spyware ( 0029a43a1 ) 20151026
Kaspersky Trojan-Spy.Win32.Zbot.gmi 20151026
Malwarebytes Spyware.Citadel 20151026
McAfee RDN/Generic PWS.y!bd3 20151026
McAfee-GW-Edition BehavesLike.Win32.PWSZbot.fh 20151026
Microsoft Trojan:Win32/Dynamer!ac 20151026
eScan Trojan.GenericKD.2326356 20151026
NANO-Antivirus Trojan.Win32.Zbot.drbdyl 20151026
nProtect Trojan.GenericKD.2326356 20151026
Panda Trj/CI.A 20151026
Qihoo-360 HEUR/QVM03.0.Malware.Gen 20151026
Rising PE:Malware.Generic/QRS!1.9E2D [F] 20151026
Sophos AV Troj/VBZbot-AW 20151026
Symantec Trojan.Gen 20151026
Tencent Trojan.Win32.Qudamah.Gen.17 20151026
TrendMicro TSPY_ZBOT.YUYACP 20151026
TrendMicro-HouseCall TSPY_ZBOT.YUYACP 20151026
VIPRE Trojan.Win32.Generic!BT 20151026
Zillya Trojan.Zbot.Win32.179078 20151026
AegisLab 20151026
Alibaba 20151026
ClamAV 20151026
CMC 20151026
Jiangmin 20151025
SUPERAntiSpyware 20151026
TheHacker 20151026
TotalDefense 20151026
VBA32 20151026
ViRobot 20151026
Zoner 20151026
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Publisher NirSoft
Product Lebenschaos
Original name MinCo e fIbio.exe
Internal name MinCo e fIbio
File version 1.00
Comments Kleidungsgewohnheiten
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-04-26 22:32:03
Entry Point 0x00001448
Number of sections 3
PE sections
Overlays
MD5 f057dab19c3d8cb3af8db197a0b3e80d
File type ASCII text
Offset 380928
Size 13000
Entropy 0.00
PE imports
_adj_fdivr_m64
Ord(518)
_allmul
Ord(527)
_adj_fprem
Ord(678)
Ord(709)
Ord(580)
_adj_fdiv_r
Ord(100)
__vbaHresultCheckObj
__vbaI2Var
__vbaR8Str
_CIlog
Ord(679)
_adj_fptan
Ord(664)
__vbaI4Var
__vbaAryCopy
__vbaFreeStr
__vbaStrI2
__vbaFreeStrList
_adj_fdiv_m16i
EVENT_SINK_QueryInterface
__vbaFpUI1
Ord(689)
Ord(695)
__vbaHresultCheck
Ord(553)
_adj_fdiv_m32i
__vbaExceptHandler
__vbaSetSystemError
DllFunctionCall
Ord(589)
Ord(564)
__vbaFreeVar
Ord(556)
__vbaDateStr
__vbaObjSet
Ord(711)
EVENT_SINK_Release
__vbaOnError
_adj_fdivr_m32i
Ord(579)
__vbaStrCat
__vbaVarDup
__vbaChkstk
Ord(554)
Ord(697)
__vbaFreeObjList
Ord(629)
Ord(538)
__vbaFpCy
__vbaStrVarMove
Ord(578)
__vbaExitProc
Ord(542)
__vbaAryConstruct2
Ord(520)
_adj_fdivr_m32
Ord(690)
_CIcos
__vbaDateVar
Ord(528)
__vbaVarMove
__vbaFPInt
__vbaErrorOverflow
__vbaNew2
__vbaAryDestruct
__vbaStrMove
_adj_fprem1
_adj_fdiv_m32
Ord(691)
Ord(572)
_adj_fpatan
EVENT_SINK_AddRef
Ord(568)
__vbaStrCopy
Ord(632)
__vbaFPException
__vbaAryVar
_adj_fdivr_m16i
_adj_fdiv_m64
Ord(599)
Ord(561)
_CIsin
_CIsqrt
Ord(597)
_CIatan
Ord(529)
Ord(613)
Ord(672)
Ord(644)
__vbaFreeVarList
_CIexp
_CItan
Ord(545)
Number of PE resources by type
RT_ICON 2
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 3
ENGLISH US 1
PE resources
ExifTool file metadata
UninitializedDataSize
0

Comments
Kleidungsgewohnheiten

InitializedDataSize
24576

ImageVersion
1.0

ProductName
Lebenschaos

FileVersionNumber
1.0.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

CharacterSet
Unicode

LinkerVersion
6.0

FileTypeExtension
exe

OriginalFileName
MinCo e fIbio.exe

MIMEType
application/octet-stream

FileVersion
1.0

TimeStamp
2015:04:26 23:32:03+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
MinCo e fIbio

ProductVersion
1.0

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
NirSoft

CodeSize
364544

FileSubtype
0

ProductVersionNumber
1.0.0.0

EntryPoint
0x1448

ObjectFileType
Executable application

File identification
MD5 82011b68b074d0b7da076da7df467e51
SHA1 69a6a0c7df4953257f2f2e0ebf15d7694e34d6c2
SHA256 23f2708f069e67d706ac69915c0d85640daf7eda4a7ea3595e715ab0fb748ca9
ssdeep
3072:mmtoT61PHvs+52wJnP1/3hz1LS+hlpHdTTQuRIwVbANTf37skoekFc/kUkqeZ1UY:m8nBE+5r/B7zpHdTLid7uFKQZCvu

authentihash 9c8fe5be73c7d9dec2ccb236c4015fee31229712aa6bffdc480ebd389ece4623
imphash d9e86dbb49cd9ac839c341452cb6ac1e
File size 384.7 KB ( 393928 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (84.4%)
Win32 Dynamic Link Library (generic) (6.7%)
Win32 Executable (generic) (4.6%)
Generic Win/DOS Executable (2.0%)
DOS Executable Generic (2.0%)
Tags
peexe overlay

VirusTotal metadata
First submission 2015-04-27 05:29:42 UTC ( 3 years, 6 months ago )
Last submission 2015-04-27 08:15:08 UTC ( 3 years, 6 months ago )
File names 23F2708F069E67D706AC69915C0D85640DAF7EDA4A7EA3595E715AB0FB748CA9.EXE
MinCo e fIbio.exe
MinCo e fIbio
new_PO.exe
new_PO.exe-2015-04-27.14-30-01.txt
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!