× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 2495f1c435ac9567f530f93d09c678386742ac519fce221e70342c9e65594cd1
File name: c58c96ea3b45ebd992f1bde993a94b60
Detection ratio: 26 / 55
Analysis date: 2014-08-22 20:12:51 UTC ( 4 years, 5 months ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Jaik.2810 20140822
AhnLab-V3 Win-Trojan/FCN.140610 20140822
Avast Win32:Malware-gen 20140822
AVware Worm.Win32.Gamarue.an (v) 20140822
BitDefender Gen:Variant.Jaik.2810 20140822
ByteHero Virus.Win32.Heur.p 20140822
CMC Heur.Win32.Veebee.1!O 20140822
Emsisoft Gen:Variant.Jaik.2810 (B) 20140822
ESET-NOD32 a variant of Win32/Injector.BKBH 20140822
F-Secure Gen:Variant.Jaik.2810 20140822
Fortinet W32/Zbot.TUQO!tr 20140822
GData Gen:Variant.Jaik.2810 20140822
Ikarus Trojan.Win32.Injector 20140822
Kaspersky Trojan-Spy.Win32.Zbot.tuqo 20140822
Malwarebytes Trojan.VBKrypt 20140822
McAfee PWSZbot-FACB!C58C96EA3B45 20140822
eScan Gen:Variant.Jaik.2810 20140822
Panda Trj/CI.A 20140822
Qihoo-360 Malware.QVM03.Gen 20140822
Rising PE:Malware.XPACK-HIE/Heur!1.9C48 20140822
Sophos AV Mal/Generic-L 20140822
Symantec Trojan.Zbot 20140822
Tencent Win32.Trojan.Bp-generic.Ixrn 20140822
TrendMicro TROJ_GEN.R0CCC0EHM14 20140822
TrendMicro-HouseCall TROJ_GEN.R0CCC0EHM14 20140822
VIPRE Worm.Win32.Gamarue.an (v) 20140822
AegisLab 20140822
Yandex 20140821
AntiVir 20140822
Antiy-AVL 20140822
AVG 20140822
Baidu-International 20140822
Bkav 20140821
CAT-QuickHeal 20140822
ClamAV 20140822
Commtouch 20140822
Comodo 20140822
DrWeb 20140822
F-Prot 20140822
Jiangmin 20140822
K7AntiVirus 20140822
K7GW 20140822
Kingsoft 20140822
McAfee-GW-Edition 20140822
Microsoft 20140822
NANO-Antivirus 20140822
Norman 20140822
nProtect 20140822
SUPERAntiSpyware 20140822
TheHacker 20140822
TotalDefense 20140822
VBA32 20140822
ViRobot 20140822
Zillya 20140822
Zoner 20140822
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file.
FileVersionInfo properties
Publisher Fraps is a trademark of Beepa Pty Ltd
Product Nondisin
Original name Repanell.exe
Internal name Repanell
File version 1.06.0003
Description Ormuzd catoptr
Signature verification The digital signature of the object did not verify.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-08-14 07:54:06
Entry Point 0x00001470
Number of sections 3
PE sections
Number of PE resources by type
Number of PE resources by language
PE resources
File identification
MD5 c58c96ea3b45ebd992f1bde993a94b60
SHA1 2d1661a2b720138e12b3603bc6db10448ccbddf3
SHA256 2495f1c435ac9567f530f93d09c678386742ac519fce221e70342c9e65594cd1

imphash e0ab9dd45f852c6c6be2dede2b89e178
File size 552.7 KB ( 565921 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (84.4%)
Win32 Dynamic Link Library (generic) (6.7%)
Win32 Executable (generic) (4.6%)
Generic Win/DOS Executable (2.0%)
DOS Executable Generic (2.0%)

VirusTotal metadata
First submission 2014-08-22 20:12:51 UTC ( 4 years, 5 months ago )
Last submission 2014-08-22 20:12:51 UTC ( 4 years, 5 months ago )
File names c58c96ea3b45ebd992f1bde993a94b60
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Created processes
Terminated processes
Opened mutexes
Hooking activity
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.
UDP communications