× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 3124fc4b6acf28cbebd8463cbf3e7279a73135e0c64b0133adc4c18188761f6e
File name: Gingivec
Detection ratio: 37 / 53
Analysis date: 2014-11-06 15:34:29 UTC ( 4 months, 3 weeks ago )
Antivirus Result Update
AVG Generic35.BHDH 20141106
AVware Trojan.Win32.Zbot.pj (v) 20141106
Ad-Aware Gen:Variant.Symmi.38328 20141106
Agnitum Trojan.Llac!Lhhp9u6C6Bw 20141106
AhnLab-V3 Trojan/Win32.Rebhip 20141106
Antiy-AVL Trojan/Win32.Llac 20141106
Avast Win32:Malware-gen 20141106
Avira Worm/Rebhip.A.13469 20141106
Baidu-International Trojan.Win32.Llac.axTA 20141103
BitDefender Gen:Variant.Symmi.38328 20141106
CAT-QuickHeal Worm.Rebhip.r3 20141106
CMC Heur.Win32.Veebee.1!O 20141106
Comodo UnclassifiedMalware 20141106
DrWeb Win32.HLLW.Autoruner.25074 20141106
ESET-NOD32 a variant of Win32/Injector.AVJH 20141106
Emsisoft Gen:Variant.Symmi.38328 (B) 20141106
F-Secure Gen:Variant.Symmi.38328 20141106
Fortinet W32/VB.ALO!tr 20141106
GData Gen:Variant.Symmi.38328 20141106
Ikarus Trojan-Spy.Win32.Zbot 20141106
Jiangmin Trojan/Llac.acty 20141106
K7AntiVirus Trojan ( 004937201 ) 20141106
K7GW Trojan ( 004937201 ) 20141106
Kaspersky Trojan.Win32.Llac.dtth 20141106
Kingsoft Win32.Troj.Llac.dt.(kcloud) 20141106
Malwarebytes Trojan.Downloader 20141106
McAfee Generic-FAUS!F79EB2C78A11 20141106
McAfee-GW-Edition BehavesLike.Win32.PWSZbot.hh 20141106
MicroWorld-eScan Gen:Variant.Symmi.38328 20141105
Microsoft Worm:Win32/Rebhip.A 20141106
NANO-Antivirus Trojan.Win32.Llac.cuufye 20141106
Norman Suspicious_Gen4.FQKCF 20141106
Qihoo-360 Win32/Trojan.fad 20141106
Sophos Mal/Generic-S 20141106
Symantec W32.Spyrat 20141106
Tencent Win32.Trojan.Llac.Eehi 20141106
VBA32 Trojan.Llac 20141106
AegisLab 20141106
Bkav 20141106
ByteHero 20141106
ClamAV 20141106
Cyren 20141106
F-Prot 20141106
Rising 20141106
SUPERAntiSpyware 20141106
TheHacker 20141104
TotalDefense 20141106
TrendMicro 20141106
TrendMicro-HouseCall 20141106
ViRobot 20141106
Zillya 20141105
Zoner 20141104
nProtect 20141106
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Developer metadata
Publisher CyberLink
Product Rollneck squamula galways soothsaw
Original name Gingivec.exe
Internal name Gingivec
File version 1.07.0004
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-01-10 09:31:32
Link date 10:31 AM 1/10/2014
Entry Point 0x000012C4
Number of sections 3
PE sections
PE imports
_adj_fdiv_m32
__vbaChkstk
DllFunctionCall
EVENT_SINK_Release
__vbaEnd
__vbaGenerateBoundsError
_allmul
_adj_fdivr_m64
Ord(527)
_adj_fprem
Ord(572)
Ord(617)
Ord(546)
_adj_fpatan
_adj_fdiv_m32i
EVENT_SINK_AddRef
Ord(651)
EVENT_SINK_QueryInterface
__vbaStrCopy
__vbaExceptHandler
__vbaSetSystemError
__vbaFreeVarList
__vbaStrCmp
__vbaFPException
__vbaStrVarMove
_adj_fdivr_m16i
_adj_fdiv_r
Ord(100)
__vbaFreeVar
_adj_fprem1
_adj_fdiv_m64
Ord(542)
__vbaFreeObj
_CIsin
_CIsqrt
__vbaHresultCheckObj
_CIlog
_CIcos
Ord(616)
Ord(587)
_adj_fptan
__vbaI2Var
__vbaI4Var
__vbaVarMove
Ord(646)
_CIatan
__vbaNew2
__vbaLateIdCallLd
_adj_fdivr_m32i
Ord(631)
_CIexp
__vbaStrMove
Ord(588)
_adj_fdivr_m32
__vbaStrCat
_CItan
Ord(598)
__vbaFreeStr
_adj_fdiv_m16i
Number of PE resources by type
RT_ICON 13
RT_FONT 2
RT_GROUP_ICON 1
RT_VERSION 1
Number of PE resources by language
NEUTRAL 14
ENGLISH US 3
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
6.0

ImageVersion
1.7

FileSubtype
0

FileVersionNumber
1.7.0.4

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

CharacterSet
Unicode

InitializedDataSize
471040

FileOS
Win32

MIMEType
application/octet-stream

FileVersion
1.07.0004

TimeStamp
2014:01:10 10:31:32+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Gingivec

FileAccessDate
2014:11:06 22:59:29+01:00

ProductVersion
1.07.0004

SubsystemVersion
4.0

OSVersion
4.0

FileCreateDate
2014:11:06 22:59:29+01:00

OriginalFilename
Gingivec.exe

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
CyberLink

CodeSize
151552

ProductName
Rollneck squamula galways soothsaw

ProductVersionNumber
1.7.0.4

EntryPoint
0x12c4

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 f79eb2c78a11194cde18cc7190304ec5
SHA1 4903c8ed0000e91408eb796ee313a766b0c79221
SHA256 3124fc4b6acf28cbebd8463cbf3e7279a73135e0c64b0133adc4c18188761f6e
ssdeep
12288:VUDOZZUDEK3yWQg2rZtx7QTkZuh/p8coc:V9XTKCW0rR8quhSq

authentihash 2b7006862a5c4af879f550f293ffb17b899fad236ab595c4f5cbda309da21f17
imphash 7e501e4694c73e39f2e2056def70aced
File size 596.0 KB ( 610304 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (84.4%)
Win32 Dynamic Link Library (generic) (6.7%)
Win32 Executable (generic) (4.6%)
Generic Win/DOS Executable (2.0%)
DOS Executable Generic (2.0%)
Tags
peexe

VirusTotal metadata
First submission 2014-01-14 10:34:38 UTC ( 1 year, 2 months ago )
Last submission 2014-01-21 04:57:42 UTC ( 1 year, 2 months ago )
File names memo.exe
rat.exe.vir
vti-rescan
server.exe
Gingivec.exe
memo.exe?sig=-UOQWOtKPHvt4qtovtDNlK1pvMiAPnFrlDc
Gingivec
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!