× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 2a84495747660d3f5ff120765dfbc97d1fb33122093fdf098a95d3672813c4df
File name: C-Usersp872365AppDataLocal{13C75A39-2ED0-C9D9-2B13-430BC2AAC7F3}.exe
Detection ratio: 38 / 56
Analysis date: 2015-04-09 12:51:34 UTC ( 4 years, 1 month ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.2265659 20150409
AhnLab-V3 Trojan/Win32.Emotet 20150408
ALYac Trojan.GenericKD.2265659 20150409
Antiy-AVL Trojan/Win32.Inject 20150409
Avast Win32:Malware-gen 20150409
AVG Inject2.BWHO 20150409
AVware Trojan.Win32.Generic!BT 20150409
Baidu-International Trojan.Win32.Inject.uqtf 20150409
BitDefender Trojan.GenericKD.2265659 20150409
ByteHero Virus.Win32.Heur.p 20150409
Cyren W32/Trojan.JUVT-7556 20150409
Emsisoft Trojan.GenericKD.2265659 (B) 20150409
ESET-NOD32 a variant of Win32/Injector.BXJY 20150409
F-Secure Trojan.GenericKD.2265659 20150409
Fortinet W32/Injector.BXJY!tr 20150409
GData Trojan.GenericKD.2265659 20150409
Ikarus Trojan.Win32.Injector 20150409
Jiangmin Trojan/Inject.bszl 20150408
K7AntiVirus Trojan ( 004bbab61 ) 20150409
K7GW Trojan ( 004bbab61 ) 20150409
Kaspersky Trojan.Win32.Inject.uqtf 20150409
Malwarebytes Trojan.Downloader.VBFD 20150409
McAfee Trojan-FGBU!7428E159E2F9 20150409
McAfee-GW-Edition BehavesLike.Win32.Downloader.ch 20150409
Microsoft Trojan:Win32/Emotet.G 20150409
eScan Trojan.GenericKD.2265659 20150409
NANO-Antivirus Trojan.Win32.Inject.dqbpkc 20150409
Norman VBKrypt.VBP 20150409
nProtect Trojan.GenericKD.2265659 20150409
Panda Trj/Genetic.gen 20150408
Qihoo-360 HEUR/QVM03.0.Malware.Gen 20150409
Sophos AV Mal/VBZbot-H 20150409
SUPERAntiSpyware Trojan.Agent/Gen-Multi 20150409
Symantec Trojan.Zbot 20150409
Tencent Trojan.Win32.Qudamah.Gen.17 20150409
TrendMicro TSPY_EMOTET.SB 20150409
TrendMicro-HouseCall TSPY_EMOTET.SB 20150409
VIPRE Trojan.Win32.Generic!BT 20150409
AegisLab 20150409
Yandex 20150408
Alibaba 20150409
Bkav 20150409
CAT-QuickHeal 20150409
ClamAV 20150409
CMC 20150408
Comodo 20150409
DrWeb 20150409
F-Prot 20150409
Kingsoft 20150409
Rising 20150409
TheHacker 20150408
TotalDefense 20150409
VBA32 20150408
ViRobot 20150409
Zillya 20150408
Zoner 20150407
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Product Goodreads
Original name NIKEDtb.exe
Internal name Callstb
File version 1.00.0150
Description Note: In CSS3, the text-decoration property is a shorthand property for text-decoration-line, text-decoration-color, and text-decoration-style, but this is currently.
Comments Note: In CSS3, the text-decoration property is a shorthand property for text-decoration-line, text-decoration-color, and text-decoration-style, but this is currently.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-04-01 06:57:16
Entry Point 0x00001128
Number of sections 3
PE sections
Overlays
MD5 aea88e62d165f04354230e8dbf77ff15
File type data
Offset 114688
Size 52221
Entropy 7.89
PE imports
EVENT_SINK_QueryInterface
Ord(645)
Ord(648)
Ord(516)
Ord(685)
Ord(594)
Ord(689)
Ord(525)
EVENT_SINK_AddRef
Ord(300)
Ord(717)
__vbaExceptHandler
Ord(632)
MethCallEngine
DllFunctionCall
Ord(100)
Ord(599)
Ord(570)
Ord(571)
ProcCallEngine
Ord(690)
EVENT_SINK_Release
Ord(595)
Ord(593)
Ord(306)
Ord(631)
Ord(588)
Ord(563)
Number of PE resources by type
RT_ICON 4
ABOUT 1
RT_STRING 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 5
TELUGU DEFAULT 1
SLOVENIAN DEFAULT 1
ENGLISH US 1
PE resources
ExifTool file metadata
SubsystemVersion
4.0

Comments
Note: In CSS3, the text-decoration property is a shorthand property for text-decoration-line, text-decoration-color, and text-decoration-style, but this is currently.

InitializedDataSize
40960

ImageVersion
1.0

ProductName
Goodreads

FileVersionNumber
1.0.0.150

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

CharacterSet
Unicode

LinkerVersion
6.0

FileTypeExtension
exe

OriginalFileName
NIKEDtb.exe

MIMEType
application/octet-stream

FileVersion
1.00.0150

TimeStamp
2015:04:01 07:57:16+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Callstb

ProductVersion
1.00.0150

FileDescription
Note: In CSS3, the text-decoration property is a shorthand property for text-decoration-line, text-decoration-color, and text-decoration-style, but this is currently.

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
In CSS3

CodeSize
81920

FileSubtype
0

ProductVersionNumber
1.0.0.150

EntryPoint
0x1128

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 7428e159e2f907ce7ba2d98df42879d2
SHA1 d8a5a0e779cf4b17b8f5732d45968fdd3d112b02
SHA256 2a84495747660d3f5ff120765dfbc97d1fb33122093fdf098a95d3672813c4df
ssdeep
3072:NT5h+SLvpfLSnhnyrZ6CFW7wRbcnyVUEof7KK:djrsCFmwpA+K

authentihash e155db85337b2248474e38b44c66bcec6357eb9ea515dff0a7d4679a877657bd
imphash e8024eabec2d3b73b11dee538353bfc9
File size 163.0 KB ( 166909 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (90.6%)
Win32 Executable (generic) (4.9%)
Generic Win/DOS Executable (2.2%)
DOS Executable Generic (2.2%)
Tags
peexe overlay

VirusTotal metadata
First submission 2015-04-01 07:17:19 UTC ( 4 years, 1 month ago )
Last submission 2016-05-18 17:03:15 UTC ( 3 years ago )
File names Voice_754310340394939___date____01_04_2015____wav__id__039488529348273__lang_De.exe
Voice_754310340394939___date____01_04_2015____wav__id__039488529348273__lang_De.exe
{ea19e634-12a1-f5f6-97dd-bad57ea7fd3c}.exe
C-Usersp872365AppDataLocal{13C75A39-2ED0-C9D9-2B13-430BC2AAC7F3}.exe
Callstb
Voice_754310340394939___date____01_04_2015____wav__id__039488529348273__lang_De.exe
NIKEDtb.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!