× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 284f9e5fae27f0a1646da804a762b8ede8a01f46bda184eb30fee02c16a77473
File name: 284f9e5fae27f0a1646da804a762b8ede8a01f46bda184eb30fee02c16a77473
Detection ratio: 45 / 57
Analysis date: 2015-05-11 21:01:19 UTC ( 4 years ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.2234443 20150511
Yandex Trojan.VBKrypt!qRW//FXrnvU 20150511
AhnLab-V3 Trojan/Win32.Injector 20150511
ALYac Trojan.GenericKD.2234443 20150511
Antiy-AVL Trojan/Win32.VBKrypt 20150511
Avast Win32:Emotet-P [Trj] 20150511
AVG Generic_vb.IAB 20150511
Avira (no cloud) TR/Dropper.VB.28570 20150511
AVware Trojan.Win32.Injector.bwnj (v) 20150511
Baidu-International Trojan.Win32.VBKrypt.veyh 20150511
BitDefender Trojan.GenericKD.2234443 20150511
ByteHero Virus.Win32.Heur.p 20150511
CAT-QuickHeal Trojan.VB.r3 20150511
Comodo UnclassifiedMalware 20150511
Cyren W32/Trojan.DAPW-5953 20150511
DrWeb Trojan.Emotet.63 20150511
Emsisoft Trojan.Win32.VBKrypt (A) 20150511
ESET-NOD32 Win32/Emotet.AD 20150511
F-Secure Trojan.GenericKD.2234443 20150511
Fortinet W32/Injector.BWFQ!tr 20150511
GData Trojan.GenericKD.2234443 20150511
Ikarus Trojan.Win32.Emotet 20150511
Jiangmin Trojan/VBKrypt.jgsn 20150511
K7AntiVirus Trojan ( 004b8c611 ) 20150511
K7GW Trojan ( 004b8c611 ) 20150511
Kaspersky Trojan.Win32.VBKrypt.veyh 20150511
Malwarebytes Trojan.LVBP.ED 20150511
McAfee Generic.ux 20150511
McAfee-GW-Edition Generic.ux 20150511
Microsoft Trojan:Win32/Emotet.G 20150511
eScan Trojan.GenericKD.2234443 20150511
NANO-Antivirus Trojan.Win32.VBKrypt.dpmxej 20150511
Norman VBKrypt.VBP 20150511
nProtect Trojan.GenericKD.2234443 20150511
Panda Trj/Genetic.gen 20150511
Qihoo-360 HEUR/QVM03.0.Malware.Gen 20150511
Sophos AV Mal/Generic-S 20150511
Symantec Trojan.Zbot 20150511
Tencent Trojan.Win32.Qudamah.Gen.17 20150511
TotalDefense Win32/Zbot.ZANK!suspicious 20150511
TrendMicro TSPY_EMOTET.XLA 20150511
TrendMicro-HouseCall TSPY_EMOTET.XLA 20150511
VBA32 Trojan.VBKrypt 20150511
VIPRE Trojan.Win32.Injector.bwnj (v) 20150511
Zillya Trojan.VBKrypt.Win32.246088 20150510
AegisLab 20150511
Alibaba 20150511
Bkav 20150511
ClamAV 20150511
CMC 20150508
F-Prot 20150511
Kingsoft 20150511
Rising 20150511
SUPERAntiSpyware 20150511
TheHacker 20150511
ViRobot 20150511
Zoner 20150511
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Product Bert is a yellow Muppet character on the long-running children's television show, Sesame Street. Bert was originally performed by Frank Oz. Since 2001
Original name Swork1.exe
Internal name Swork1
File version 1.00.0041
Description Bert is a yellow Muppet character on the long-running children's television show, Sesame Street. Bert was originally performed by Frank Oz. Since 2001
Comments Bert is a yellow Muppet character on the long-running children's television show, Sesame Street. Bert was originally performed by Frank Oz. Since 2001
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-03-19 07:57:28
Entry Point 0x00001628
Number of sections 3
PE sections
Overlays
MD5 7ff8ad196cda54d720af3530f9c8c169
File type data
Offset 94208
Size 51321
Entropy 7.34
PE imports
_adj_fdivr_m64
__vbaGenerateBoundsError
_allmul
__vbaGet3
_adj_fprem
__vbaAryMove
__vbaObjVar
__vbaVarMod
__vbaRedim
Ord(537)
_adj_fdiv_r
__vbaObjSetAddref
Ord(100)
__vbaHresultCheckObj
__vbaI2Var
_CIlog
Ord(595)
__vbaVarLateMemCallLd
_adj_fptan
__vbaFileClose
__vbaI4Var
Ord(608)
__vbaFreeStr
Ord(631)
__vbaVarLateMemStAd
__vbaStrI4
__vbaFreeStrList
__vbaI2I4
_adj_fdiv_m16i
EVENT_SINK_QueryInterface
Ord(648)
Ord(516)
__vbaI4Str
__vbaLenBstr
Ord(525)
__vbaResume
_adj_fdiv_m32i
Ord(717)
__vbaExceptHandler
__vbaSetSystemError
DllFunctionCall
__vbaUbound
__vbaVarSetObjAddref
__vbaFreeVar
__vbaBoolVarNull
__vbaFileOpen
__vbaUI1I2
Ord(711)
_CIsqrt
EVENT_SINK_Release
__vbaVarLateMemCallLdRf
_adj_fdivr_m32i
__vbaStrCat
__vbaVarDup
__vbaChkstk
Ord(570)
__vbaAryCopy
__vbaAryUnlock
__vbaVarLateMemSt
__vbaVarAbs
__vbaStrVarCopy
__vbaFreeObjList
__vbaVar2Vec
__vbaFreeVarList
__vbaStrVarMove
__vbaExitProc
__vbaVarOr
__vbaVarTstNe
__vbaAryConstruct2
__vbaFreeObj
_adj_fdivr_m32
__vbaStrVarVal
__vbaVarSub
_CIcos
__vbaVarMove
__vbaErrorOverflow
__vbaNew2
__vbaAryDestruct
__vbaStrMove
_adj_fprem1
_adj_fdiv_m32
Ord(685)
__vbaVarCmpEq
__vbaOnError
_adj_fpatan
EVENT_SINK_AddRef
__vbaStrCopy
__vbaFPException
__vbaAryVar
_adj_fdivr_m16i
__vbaVarAdd
_adj_fdiv_m64
_CIsin
__vbaAryLock
_CIatan
__vbaLateMemCall
__vbaObjSet
__vbaVarCat
_CIexp
_CItan
Number of PE resources by type
RT_ICON 4
RT_GROUP_ICON 2
RT_VERSION 1
Number of PE resources by language
NEUTRAL 4
RUSSIAN 1
ENGLISH US 1
NORWEGIAN NYNORSK 1
PE resources
ExifTool file metadata
UninitializedDataSize
0

Comments
Bert is a yellow Muppet character on the long-running children's television show, Sesame Street. Bert was originally performed by Frank Oz. Since 2001

LinkerVersion
6.0

ImageVersion
1.0

FileSubtype
0

FileVersionNumber
1.0.0.41

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

CharacterSet
Unicode

InitializedDataSize
36864

EntryPoint
0x1628

OriginalFileName
Swork1.exe

MIMEType
application/octet-stream

FileVersion
1.00.0041

TimeStamp
2015:03:19 08:57:28+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Swork1

SubsystemVersion
4.0

ProductVersion
1.00.0041

FileDescription
Bert is a yellow Muppet character on the long-running children's television show, Sesame Street. Bert was originally performed by Frank Oz. Since 2001

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Bert is a yellow Muppet character on the long-running children's television show, Sesame Street. Bert was originally performed by Frank Oz. Since 2001

CodeSize
57344

ProductName
Bert is a yellow Muppet character on the long-running children's television show, Sesame Street. Bert was originally performed by Frank Oz. Since 2001

ProductVersionNumber
1.0.0.41

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 e78a7f73a77a79f8e18dc1c5807013c6
SHA1 64c6ac1f4ea53235f7d13f561f3db903e674628c
SHA256 284f9e5fae27f0a1646da804a762b8ede8a01f46bda184eb30fee02c16a77473
ssdeep
3072:+PNWsB8PM/5vCLvPMbNWsBbAbVs+XOyIxCHZiKDIO:smEZCLEbObOpkHZiKD3

authentihash 3919fabe29239920aa340015d5bdaef81affac6baeda2d6ba6cfc9fc3f69d176
imphash 36211f065bbe47e3ad5f554b4a696436
File size 142.1 KB ( 145529 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (65.7%)
Win64 Executable (generic) (22.1%)
Win32 Dynamic Link Library (generic) (5.2%)
Win32 Executable (generic) (3.6%)
Generic Win/DOS Executable (1.6%)
Tags
peexe overlay via-tor

VirusTotal metadata
First submission 2015-03-19 08:27:49 UTC ( 4 years, 2 months ago )
Last submission 2015-05-11 21:01:19 UTC ( 4 years ago )
File names Swork1
Status_Kontostand_03_2015_id_2309459043094839_lang_de_DE_time_uhr_03049_MDNUE_30930_309_3653_PDID.exe
ups_sendungsdetails_03_2015_loc_de_DE_34958935947_43938949_track_0000039039948_I_OE_Win_wpo39_10.exe
Swork1.exe
Status_Kontostand_2.exe
Dhl_Status_zu_Sendung_03808432561_set_identcodes_do_lang_de_rfn_extendedSearch_true_0000002938.exe
8a1.exe
{ACDBFDE8-E83A-CEF4-ECF7-FC17657BCFC6}.exe
6486.exe
Dhl_Status_zu_Sendung_03808432561_set_identcodes_do_lang_de_rfn_extendedSearch_true_0000002938 (2).exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!