× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 3481e4239573a181ce5b629e0017a648d197abdda6cf6ddc6cfd04406356a839
File name: 1b7ff9ffa4ee8326f1bd701c457f16a0
Detection ratio: 2 / 52
Analysis date: 2014-05-11 03:21:43 UTC ( 1 year ago )
Antivirus Result Update
CMC Heur.Win32.Veebee.3!O 20140506
DrWeb BACKDOOR.Trojan 20140511
AVG 20140510
Ad-Aware 20140511
AegisLab 20140511
Agnitum 20140510
AhnLab-V3 20140510
AntiVir 20140510
Antiy-AVL 20140511
Avast 20140511
Baidu-International 20140510
BitDefender 20140511
Bkav 20140509
ByteHero 20140511
CAT-QuickHeal 20140510
ClamAV 20140511
Commtouch 20140511
Comodo 20140511
ESET-NOD32 20140510
Emsisoft 20140511
F-Prot 20140511
F-Secure 20140511
Fortinet 20140511
GData 20140511
Ikarus 20140510
Jiangmin 20140510
K7AntiVirus 20140509
K7GW 20140509
Kaspersky 20140511
Kingsoft 20140511
Malwarebytes 20140510
McAfee 20140511
McAfee-GW-Edition 20140510
MicroWorld-eScan 20140511
Microsoft 20140511
NANO-Antivirus 20140511
Norman 20140510
Panda 20140510
Qihoo-360 20140511
Rising 20140507
SUPERAntiSpyware 20140510
Sophos 20140511
Symantec 20140511
TheHacker 20140510
TotalDefense 20140510
TrendMicro 20140511
TrendMicro-HouseCall 20140511
VBA32 20140510
VIPRE 20140511
ViRobot 20140510
Zillya 20140510
nProtect 20140509
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Developer metadata
Copyright
Copyright (c) 2005-2013

Publisher AutoPatcher
Product AutoPatcher Updater
Original name apup.exe
Internal name apup
File version 1.04.0014
Description AutoPatcher Updater
Comments Lead Developer ViroMan. Past developers Joe Harrison & Anton Dudarenko
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-03-12 08:24:14
Link date 9:24 AM 3/12/2013
Entry Point 0x00009E50
Number of sections 3
PE sections
PE imports
_adj_fdivr_m64
Ord(546)
Ord(518)
__vbaGenerateBoundsError
__vbaStrFixstr
_allmul
Ord(616)
Ord(527)
_adj_fprem
__vbaR4Var
__vbaAryMove
__vbaForEachVar
Ord(714)
Ord(301)
__vbaVarAnd
__vbaRedim
__vbaForEachCollObj
__vbaRefVarAry
__vbaRecDestruct
__vbaCopyBytes
_adj_fdiv_r
__vbaLsetFixstrFree
__vbaRecAnsiToUni
__vbaObjSetAddref
Ord(517)
__vbaHresultCheckObj
__vbaI2Var
__vbaR8Str
_CIlog
__vbaRecAssign
Ord(595)
__vbaVarLateMemCallLd
_adj_fptan
Ord(581)
__vbaI4Var
__vbaLateIdCall
Ord(306)
__vbaRecUniToAnsi
Ord(608)
__vbaFreeStr
__vbaLateIdCallLd
Ord(631)
__vbaStrI2
__vbaStrR8
__vbaStrI4
__vbaStrR4
__vbaFreeStrList
__vbaI2I4
_adj_fdiv_m16i
__vbaExceptHandler
EVENT_SINK_QueryInterface
__vbaStrVarCopy
__vbaNextEachVar
__vbaI4Str
Ord(607)
__vbaLenBstr
Ord(525)
__vbaResume
__vbaRedimPreserve
__vbaNextEachCollObj
Ord(707)
__vbaFpCDblR8
__vbaInStr
_adj_fdiv_m32i
Ord(717)
Ord(600)
Ord(307)
__vbaSetSystemError
DllFunctionCall
__vbaUbound
__vbaFreeVar
__vbaBoolVarNull
Ord(100)
__vbaForEachAry
__vbaI2Str
Ord(711)
Ord(606)
__vbaNew
__vbaAryLock
__vbaLsetFixstr
__vbaVarTstEq
__vbaStrMove
__vbaExitEachColl
__vbaOnError
_adj_fdivr_m32i
__vbaI4ErrVar
__vbaInStrVar
__vbaStrCat
__vbaVarDup
__vbaNextEachAry
__vbaChkstk
EVENT_SINK_Release
__vbaStrCmp
__vbaAryUnlock
__vbaBoolVar
__vbaStrComp
Ord(697)
__vbaVarLateMemSt
Ord(710)
Ord(605)
__vbaFreeObjList
Ord(650)
__vbaVarIndexLoad
Ord(666)
Ord(311)
__vbaFreeVarList
Ord(305)
__vbaStrVarMove
Ord(626)
__vbaCastObj
__vbaExitProc
__vbaVarOr
__vbaVarTstNe
Ord(618)
__vbaLateMemCallLd
__vbaAryConstruct2
Ord(520)
__vbaFreeObj
_adj_fdivr_m32
__vbaStrVarVal
__vbaVarSub
Ord(660)
_CIcos
Ord(303)
Ord(528)
__vbaVarMove
__vbaErrorOverflow
Ord(669)
__vbaNew2
__vbaLateIdSt
__vbaVarCmpEq
__vbaAryDestruct
__vbaAryCopy
_adj_fprem1
Ord(619)
Ord(537)
_adj_fdiv_m32
Ord(535)
Ord(712)
__vbaLenVar
__vbaEnd
__vbaVarZero
Ord(685)
Ord(572)
__vbaLateMemSt
_adj_fpatan
EVENT_SINK_AddRef
__vbaVarSetVar
Ord(300)
__vbaObjIs
__vbaStrCopy
Ord(702)
Ord(313)
__vbaFPException
__vbaAryVar
__vbaStrToUnicode
_adj_fdivr_m16i
__vbaVarAdd
_adj_fdiv_m64
__vbaRecDestructAnsi
__vbaCastObjVar
Ord(519)
Ord(561)
Ord(309)
_CIsin
_CIsqrt
__vbaVarCopy
_CIatan
__vbaI2Abs
Ord(617)
_CItan
__vbaObjSet
__vbaI2ErrVar
Ord(644)
__vbaVarCat
_CIexp
__vbaStrToAnsi
__vbaFpR8
__vbaFpI4
Ord(598)
__vbaFpI2
Number of PE resources by type
RT_ICON 5
RT_GROUP_ICON 1
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
NEUTRAL 6
ENGLISH US 2
ExifTool file metadata
SubsystemVersion
4.0

Comments
Lead Developer ViroMan. Past developers Joe Harrison & Anton Dudarenko

LinkerVersion
6.0

ImageVersion
1.4

FileSubtype
0

FileVersionNumber
1.4.0.14

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

FileDescription
AutoPatcher Updater

CharacterSet
Unicode

InitializedDataSize
36864

FileOS
Win32

MIMEType
application/octet-stream

LegalCopyright
Copyright (c) 2005-2013

FileVersion
1.04.0014

TimeStamp
2013:03:12 09:24:14+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
apup

FileAccessDate
2014:05:11 04:23:23+01:00

ProductVersion
1.04.0014

UninitializedDataSize
0

OSVersion
4.0

FileCreateDate
2014:05:11 04:23:23+01:00

OriginalFilename
apup.exe

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
AutoPatcher

CodeSize
425984

ProductName
AutoPatcher Updater

ProductVersionNumber
1.4.0.14

EntryPoint
0x9e50

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 1b7ff9ffa4ee8326f1bd701c457f16a0
SHA1 fc527fcbec837ca5e16204047b81de7eec8243c5
SHA256 3481e4239573a181ce5b629e0017a648d197abdda6cf6ddc6cfd04406356a839
ssdeep
12288:dIKdJ1MqxbtQXSovJ3saLCvZELJscwzCxTyrI9a:dIKGWbtQXSC3saLCvZiPGCAI

imphash 83f465e568e907ef1f500077bd20e9ac
File size 448.0 KB ( 458752 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (63.9%)
Win32 Executable MS Visual C++ (generic) (24.3%)
Win32 Dynamic Link Library (generic) (5.1%)
Win32 Executable (generic) (3.5%)
Generic Win/DOS Executable (1.5%)
Tags
peexe

VirusTotal metadata
First submission 2013-04-06 07:09:41 UTC ( 2 years, 1 month ago )
Last submission 2014-05-11 03:21:43 UTC ( 1 year ago )
File names apup
virussign.com_1b7ff9ffa4ee8326f1bd701c457f16a0.vir
1b7ff9ffa4ee8326f1bd701c457f16a0
vt-upload-j6_l_
apup.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Hooking activity
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.
UDP communications