× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 2e63237cba07498e9ba0c5958e264c94aebf6a93432edb9c9f9f3e998860dc26
File name: 49838530.bin
Detection ratio: 3 / 56
Analysis date: 2015-09-05 08:43:47 UTC ( 2 years, 2 months ago ) View latest
Antivirus Result Update
Avira (no cloud) TR/Dropper.VB.35398 20150905
Malwarebytes Trojan.Downloader 20150905
Qihoo-360 HEUR/QVM03.0.Malware.Gen 20150905
Ad-Aware 20150905
AegisLab 20150905
Yandex 20150904
AhnLab-V3 20150904
Alibaba 20150902
ALYac 20150905
Antiy-AVL 20150905
Arcabit 20150905
Avast 20150905
AVG 20150905
AVware 20150901
Baidu-International 20150904
BitDefender 20150905
Bkav 20150905
ByteHero 20150905
CAT-QuickHeal 20150904
ClamAV 20150905
CMC 20150902
Comodo 20150905
Cyren 20150905
DrWeb 20150905
Emsisoft 20150905
ESET-NOD32 20150905
F-Prot 20150905
F-Secure 20150905
Fortinet 20150905
GData 20150905
Ikarus 20150905
Jiangmin 20150904
K7AntiVirus 20150905
K7GW 20150905
Kaspersky 20150905
Kingsoft 20150905
McAfee 20150905
McAfee-GW-Edition 20150905
Microsoft 20150905
eScan 20150904
NANO-Antivirus 20150905
nProtect 20150904
Panda 20150904
Rising 20150904
Sophos AV 20150905
SUPERAntiSpyware 20150905
Symantec 20150904
Tencent 20150905
TheHacker 20150904
TrendMicro 20150905
TrendMicro-HouseCall 20150905
VBA32 20150905
VIPRE 20150905
ViRobot 20150905
Zillya 20150905
Zoner 20150905
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Publisher ZALAN
Product ZALAN
Original name ZALAN.exe
Internal name ZALAN
File version 0.00.0001
Description ZALAN
Comments ZALAN
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-04-04 02:09:23
Entry Point 0x000012FC
Number of sections 3
PE sections
Overlays
MD5 22bc966ec2e3a27b96c195aeac441a32
File type data
Offset 143360
Size 8080
Entropy 6.96
PE imports
_adj_fdiv_m32
__vbaChkstk
EVENT_SINK_Release
__vbaEnd
EVENT_SINK_QueryInterface
__vbaVarDup
_adj_fdivr_m64
_adj_fprem
Ord(584)
__vbaObjSetAddref
Ord(525)
Ord(545)
_adj_fpatan
EVENT_SINK_AddRef
__vbaDateVar
Ord(675)
_adj_fdiv_m32i
Ord(591)
Ord(555)
__vbaSetSystemError
__vbaFreeVarList
DllFunctionCall
__vbaFPException
_adj_fdivr_m16i
Ord(578)
__vbaStrMove
_adj_fdiv_r
Ord(571)
__vbaFreeVar
__vbaDateStr
Ord(100)
__vbaI2Str
Ord(519)
_CItan
_adj_fdiv_m64
__vbaFreeObj
__vbaHresultCheckObj
_CIsqrt
_CIsin
_CIlog
__vbaStrCopy
_allmul
_CIcos
_adj_fptan
Ord(610)
__vbaObjSet
Ord(529)
__vbaI4Var
Ord(582)
__vbaVarMove
__vbaErrorOverflow
_CIatan
__vbaNew2
__vbaLateIdCallLd
_adj_fdivr_m32i
Ord(579)
_CIexp
Ord(678)
_adj_fprem1
_adj_fdivr_m32
__vbaStrCat
__vbaFreeStrList
Ord(598)
__vbaFreeStr
_adj_fdiv_m16i
__vbaExceptHandler
Number of PE resources by type
RT_ICON 4
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 5
ARABIC LIBYA 1
PE resources
ExifTool file metadata
UninitializedDataSize
0

Comments
ZALAN

LinkerVersion
6.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
0.0.0.1

LanguageCode
Unknown (1001)

FileFlagsMask
0x0000

CharacterSet
Unicode

InitializedDataSize
16384

EntryPoint
0x12fc

OriginalFileName
ZALAN.exe

MIMEType
application/octet-stream

FileVersion
0.00.0001

TimeStamp
2015:04:04 03:09:23+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
ZALAN

SubsystemVersion
4.0

ProductVersion
0.00.0001

FileDescription
ZALAN

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
ZALAN

CodeSize
126976

ProductName
ZALAN

ProductVersionNumber
0.0.0.1

FileTypeExtension
exe

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 fd2598e843d7c4d3d45f3038c06d8715
SHA1 4eb8c09656f9b59f0065122110701dfcba91e588
SHA256 2e63237cba07498e9ba0c5958e264c94aebf6a93432edb9c9f9f3e998860dc26
ssdeep
1536:MobNlbIt0km3tYNhT4fzEpCzcvOlm3BKVezoQWTLg2IT1+d4+wVuO:9y0kPHFCzcGlm3sVekaVPf

authentihash acc9390e310776f3ea45f623640ff20d8d575652f933ad4266b4147a7d3a3eae
imphash 8c9e78c26a058e134ab5574872d14bbe
File size 147.9 KB ( 151440 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (90.5%)
Win32 Executable (generic) (4.9%)
Generic Win/DOS Executable (2.2%)
DOS Executable Generic (2.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe overlay

VirusTotal metadata
First submission 2015-09-05 00:30:05 UTC ( 2 years, 2 months ago )
Last submission 2015-09-07 03:28:14 UTC ( 2 years, 2 months ago )
File names ZALAN.exe
ZALAN
FD2598E843D7C4D3D45F3038C06D8715.EXE
49838530.bin
14136619.exe
2e63237cba07498e9ba0c5958e264c94aebf6a93432edb9c9f9f3e998860dc26.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!