× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 3124fc4b6acf28cbebd8463cbf3e7279a73135e0c64b0133adc4c18188761f6e
File name: Gingivec
Detection ratio: 40 / 56
Analysis date: 2015-10-27 03:41:09 UTC ( 7 months ago )
Antivirus Result Update
ALYac Gen:Variant.Symmi.38328 20151027
AVG Generic35.BHDH 20151026
AVware Trojan.Win32.Zbot.pj (v) 20151027
Ad-Aware Gen:Variant.Symmi.38328 20151027
Yandex Trojan.Llac!Lhhp9u6C6Bw 20151026
AhnLab-V3 Trojan/Win32.Rebhip 20151027
Antiy-AVL Trojan/Win32.Llac 20151027
Arcabit Trojan.Symmi.D95B8 20151027
Avast Win32:Malware-gen 20151027
Avira (no cloud) WORM/Rebhip.A.13469 20151027
Baidu-International Trojan.Win32.Llac.dtth 20151026
BitDefender Gen:Variant.Symmi.38328 20151027
CAT-QuickHeal Worm.Rebhip.r3 20151027
Comodo UnclassifiedMalware 20151027
DrWeb Win32.HLLW.Autoruner.25074 20151027
ESET-NOD32 a variant of Win32/Injector.AVJH 20151027
Emsisoft Gen:Variant.Symmi.38328 (B) 20151027
F-Secure Gen:Variant.Symmi.38328 20151027
Fortinet W32/VB.ALO!tr 20151026
GData Gen:Variant.Symmi.38328 20151027
Ikarus Trojan-Spy.Win32.Zbot 20151027
Jiangmin Trojan/Llac.acty 20151026
K7AntiVirus Trojan ( 004937201 ) 20151026
K7GW Trojan ( 004937201 ) 20151027
Kaspersky Trojan.Win32.Llac.dtth 20151027
Malwarebytes Trojan.Downloader 20151026
McAfee Generic-FAUS!F79EB2C78A11 20151027
McAfee-GW-Edition Generic-FAUS!F79EB2C78A11 20151027
eScan Gen:Variant.Symmi.38328 20151027
Microsoft Worm:Win32/Rebhip.A 20151027
NANO-Antivirus Trojan.Win32.Llac.cuufye 20151027
Panda Generic Malware 20151026
Qihoo-360 Win32/Trojan.fad 20151027
Rising PE:Malware.Generic/QRS!1.9E2D [F] 20151026
Sophos Mal/Generic-S 20151027
Symantec W32.Spyrat 20151026
Tencent Win32.Trojan.Llac.Eehi 20151027
VBA32 Trojan.Llac 20151026
VIPRE Trojan.Win32.Zbot.pj (v) 20151027
Zillya Trojan.Llac.Win32.49008 20151026
AegisLab 20151026
Alibaba 20151027
Bkav 20151026
ByteHero 20151027
CMC 20151026
ClamAV 20151027
Cyren 20151027
F-Prot 20151027
SUPERAntiSpyware 20151027
TheHacker 20151026
TotalDefense 20151026
TrendMicro 20151027
TrendMicro-HouseCall 20151027
ViRobot 20151026
Zoner 20151027
nProtect 20151026
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Publisher CyberLink
Product Rollneck squamula galways soothsaw
Original name Gingivec.exe
Internal name Gingivec
File version 1.07.0004
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-01-10 09:31:32
Entry Point 0x000012C4
Number of sections 3
PE sections
PE imports
_adj_fdiv_m32
__vbaChkstk
DllFunctionCall
EVENT_SINK_Release
__vbaEnd
__vbaGenerateBoundsError
_allmul
_adj_fdivr_m64
Ord(527)
_adj_fprem
Ord(572)
Ord(617)
Ord(546)
_adj_fpatan
_adj_fdiv_m32i
EVENT_SINK_AddRef
Ord(651)
EVENT_SINK_QueryInterface
__vbaStrCopy
__vbaExceptHandler
__vbaSetSystemError
__vbaFreeVarList
__vbaStrCmp
__vbaFPException
__vbaStrVarMove
_adj_fdivr_m16i
_adj_fdiv_r
Ord(100)
__vbaFreeVar
_adj_fprem1
_adj_fdiv_m64
Ord(542)
__vbaFreeObj
_CIsin
_CIsqrt
__vbaHresultCheckObj
_CIlog
_CIcos
Ord(616)
Ord(587)
_adj_fptan
__vbaI2Var
__vbaI4Var
__vbaVarMove
Ord(646)
_CIatan
__vbaNew2
__vbaLateIdCallLd
_adj_fdivr_m32i
Ord(631)
_CIexp
__vbaStrMove
Ord(588)
_adj_fdivr_m32
__vbaStrCat
_CItan
Ord(598)
__vbaFreeStr
_adj_fdiv_m16i
Number of PE resources by type
RT_ICON 13
RT_FONT 2
RT_GROUP_ICON 1
RT_VERSION 1
Number of PE resources by language
NEUTRAL 14
ENGLISH US 3
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
6.0

ImageVersion
1.7

FileSubtype
0

FileVersionNumber
1.7.0.4

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

CharacterSet
Unicode

InitializedDataSize
471040

EntryPoint
0x12c4

OriginalFileName
Gingivec.exe

MIMEType
application/octet-stream

FileVersion
1.07.0004

TimeStamp
2014:01:10 10:31:32+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Gingivec

ProductVersion
1.07.0004

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
CyberLink

CodeSize
151552

ProductName
Rollneck squamula galways soothsaw

ProductVersionNumber
1.7.0.4

FileTypeExtension
exe

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 f79eb2c78a11194cde18cc7190304ec5
SHA1 4903c8ed0000e91408eb796ee313a766b0c79221
SHA256 3124fc4b6acf28cbebd8463cbf3e7279a73135e0c64b0133adc4c18188761f6e
ssdeep
12288:VUDOZZUDEK3yWQg2rZtx7QTkZuh/p8coc:V9XTKCW0rR8quhSq

authentihash 2b7006862a5c4af879f550f293ffb17b899fad236ab595c4f5cbda309da21f17
imphash 7e501e4694c73e39f2e2056def70aced
File size 596.0 KB ( 610304 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (84.4%)
Win32 Dynamic Link Library (generic) (6.7%)
Win32 Executable (generic) (4.6%)
Generic Win/DOS Executable (2.0%)
DOS Executable Generic (2.0%)
Tags
peexe

VirusTotal metadata
First submission 2014-01-14 10:34:38 UTC ( 2 years, 4 months ago )
Last submission 2014-01-21 04:57:42 UTC ( 2 years, 4 months ago )
File names memo.exe
rat.exe.vir
vti-rescan
server.exe
Gingivec.exe
memo.exe?sig=-UOQWOtKPHvt4qtovtDNlK1pvMiAPnFrlDc
Gingivec
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!