× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 24b8d594b25732135178c0c53e85a4ef70329989a973d4a22eb2efac870fb619
File name: msdb10af278e.exe
Detection ratio: 42 / 57
Analysis date: 2015-06-11 04:23:34 UTC ( 3 years, 11 months ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Emotet.2 20150611
Yandex Trojan.Inject!GlQUQArkSpc 20150609
AhnLab-V3 Trojan/Win32.Injector 20150610
ALYac Gen:Variant.Emotet.2 20150611
Antiy-AVL Trojan/Win32.Inject 20150611
Arcabit Trojan.Emotet.2 20150611
Avast Win32:Malware-gen 20150611
AVG Generic_vb.IAF 20150611
Avira (no cloud) TR/Dropper.VB.28625 20150611
AVware Trojan.Win32.Generic!BT 20150611
Baidu-International Trojan.Win32.Inject.upeh 20150610
BitDefender Gen:Variant.Emotet.2 20150610
ByteHero Virus.Win32.Heur.p 20150611
CAT-QuickHeal Trojan.Inject.r3 20150610
Comodo UnclassifiedMalware 20150611
Cyren W32/Trojan.IWOJ-0224 20150611
Emsisoft Gen:Variant.Emotet.2 (B) 20150611
ESET-NOD32 a variant of Win32/Injector.BWOE 20150611
F-Secure Trojan:W32/Emotet.B 20150611
Fortinet W32/Injector.BWFQ!tr 20150611
GData Gen:Variant.Emotet.2 20150611
Ikarus Trojan.Win32.Injector 20150611
Jiangmin Trojan/Inject.bsnv 20150610
K7AntiVirus Trojan ( 004b91171 ) 20150610
K7GW Trojan ( 004b91171 ) 20150611
Kaspersky Trojan.Win32.Inject.upeh 20150610
McAfee Generic.ux 20150611
McAfee-GW-Edition BehavesLike.Win32.Swisyn.ch 20150610
Microsoft Trojan:Win32/Emotet.G 20150611
eScan Gen:Variant.Emotet.2 20150610
NANO-Antivirus Trojan.Win32.Inject.dplmax 20150611
Panda Trj/CI.A 20150610
Qihoo-360 HEUR/QVM03.0.Malware.Gen 20150611
Sophos AV Mal/Generic-S 20150611
Symantec Trojan.Gen 20150611
Tencent Trojan.Win32.Qudamah.Gen.17 20150611
TotalDefense Win32/Tnega.HMfMIM 20150610
TrendMicro TROJ_GEN.R028C0CCP15 20150611
TrendMicro-HouseCall TROJ_GEN.R028C0CCP15 20150611
VBA32 Trojan.Inject 20150610
VIPRE Trojan.Win32.Generic!BT 20150611
Zillya Trojan.Inject.Win32.161759 20150611
AegisLab 20150611
Alibaba 20150610
Bkav 20150610
ClamAV 20150610
CMC 20150610
DrWeb 20150611
F-Prot 20150611
Kingsoft 20150611
Malwarebytes 20150611
nProtect 20150610
Rising 20150610
SUPERAntiSpyware 20150611
TheHacker 20150609
ViRobot 20150611
Zoner 20150609
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Publisher Deutsche Welle
Product Deutsche Welle
Original name Swork1.exe
Internal name Swork1
File version 1.00.0053
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-03-19 12:49:47
Entry Point 0x000014A4
Number of sections 3
PE sections
Overlays
MD5 534a65b9d462eb224fc0bb5e3ce9cea3
File type data
Offset 73728
Size 130169
Entropy 7.34
PE imports
_adj_fdivr_m64
__vbaGenerateBoundsError
_allmul
__vbaStrMove
__vbaGet3
_adj_fprem
__vbaR4Var
__vbaAryMove
__vbaObjVar
__vbaVarMod
__vbaRedim
Ord(537)
__vbaVarSetObj
_adj_fdiv_r
__vbaLsetFixstrFree
__vbaObjSetAddref
__vbaFixstrConstruct
Ord(100)
__vbaHresultCheckObj
__vbaI2Var
_CIlog
__vbaVarMul
Ord(616)
__vbaVarLateMemCallLd
_adj_fptan
__vbaFileClose
__vbaI4Var
Ord(608)
__vbaFreeStr
Ord(631)
__vbaStrI4
__vbaFreeStrList
__vbaI2I4
_adj_fdiv_m16i
EVENT_SINK_QueryInterface
Ord(648)
Ord(516)
__vbaI4Str
__vbaLenBstr
Ord(525)
_adj_fdiv_m32i
Ord(717)
__vbaExceptHandler
__vbaSetSystemError
DllFunctionCall
__vbaUbound
__vbaVarTstLt
__vbaFreeVar
__vbaBoolVarNull
Ord(588)
__vbaFileOpen
__vbaUI1I2
Ord(711)
__vbaNew
__vbaAryLock
EVENT_SINK_Release
__vbaVarTstEq
_adj_fdivr_m32i
__vbaStrCat
__vbaVarDup
__vbaChkstk
__vbaVarNeg
__vbaLsetFixstr
Ord(570)
__vbaAryUnlock
__vbaVarAbs
__vbaStrVarCopy
__vbaVar2Vec
__vbaVarForNext
__vbaFreeVarList
__vbaStrVarMove
__vbaVarOr
__vbaLateMemCallLd
__vbaAryConstruct2
__vbaFreeObj
_adj_fdivr_m32
__vbaVarSub
_CIcos
__vbaVarMove
__vbaErrorOverflow
__vbaNew2
__vbaR8IntI4
__vbaAryDestruct
__vbaAryCopy
_adj_fprem1
_adj_fdiv_m32
__vbaVarCmpEq
_adj_fpatan
EVENT_SINK_AddRef
__vbaVarForInit
__vbaVarVargNofree
__vbaStrCopy
__vbaFPException
__vbaAryVar
_adj_fdivr_m16i
__vbaVarAdd
_adj_fdiv_m64
_CIsin
_CIsqrt
__vbaVarCopy
_CIatan
__vbaVarDiv
__vbaLateMemCall
__vbaObjSet
_CIexp
_CItan
__vbaFpI4
Number of PE resources by type
RT_ICON 4
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 5
ENGLISH US 1
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
6.0

ImageVersion
1.0

FileSubtype
0

FileVersionNumber
1.0.0.53

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

CharacterSet
Unicode

InitializedDataSize
28672

EntryPoint
0x14a4

OriginalFileName
Swork1.exe

MIMEType
application/octet-stream

FileVersion
1.00.0053

TimeStamp
2015:03:19 13:49:47+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Swork1

ProductVersion
1.00.0053

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Deutsche Welle

CodeSize
40960

ProductName
Deutsche Welle

ProductVersionNumber
1.0.0.53

FileTypeExtension
exe

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 375c4e2adc779f0a95f5d14160da3ee2
SHA1 a775aca36a6abd885eafae5200fff1bdf874e7e0
SHA256 24b8d594b25732135178c0c53e85a4ef70329989a973d4a22eb2efac870fb619
ssdeep
3072:+pqNWsB8PMiqqPMbNWsBBs+K0s3nMRiFUZpS4+EqseW0uLXdbGEnBDJ5uqWism:7mEiNEbQ0sK6UZp1+pbW0sfbVcm

authentihash 2dfe422b85bb69bf8427cb5c0a2bb67f349e0f3f2d4f9ed5f32cacb7dff5f39c
imphash a4a199e8fdb59e30d8828839bb9edb6a
File size 199.1 KB ( 203897 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (90.5%)
Win32 Executable (generic) (4.9%)
Generic Win/DOS Executable (2.2%)
DOS Executable Generic (2.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe overlay

VirusTotal metadata
First submission 2015-03-19 13:54:10 UTC ( 4 years, 2 months ago )
Last submission 2015-04-01 13:19:03 UTC ( 4 years, 1 month ago )
File names Swork1.exe
msdb10af278e.exe
Swork1
c5c457ab10b6d9b0b02ddce927305729d95f94c0
24b8d594b25732135178c0c53e85a4ef70329989a973d4a22eb2efac870fb619.exe.000
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!