× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 3481e4239573a181ce5b629e0017a648d197abdda6cf6ddc6cfd04406356a839
File name: apup.exe
Detection ratio: 1 / 47
Analysis date: 2013-06-08 09:14:16 UTC ( 10 months, 2 weeks ago )
Antivirus Result Update
DrWeb BACKDOOR.Trojan 20130608
AVG 20130608
Agnitum 20130607
AhnLab-V3 20130607
AntiVir 20130608
Antiy-AVL 20130608
Avast 20130608
BitDefender 20130608
ByteHero 20130606
CAT-QuickHeal 20130607
ClamAV 20130608
Commtouch 20130608
Comodo 20130608
ESET-NOD32 20130608
Emsisoft 20130608
F-Prot 20130608
F-Secure 20130608
Fortinet 20130608
GData 20130608
Ikarus 20130608
Jiangmin 20130608
K7AntiVirus 20130607
K7GW 20130607
Kaspersky 20130608
Kingsoft 20130506
Malwarebytes 20130608
McAfee 20130608
McAfee-GW-Edition 20130608
MicroWorld-eScan 20130608
Microsoft 20130608
NANO-Antivirus 20130608
Norman 20130607
PCTools 20130521
Panda 20130607
Rising 20130607
SUPERAntiSpyware 20130608
Sophos 20130608
Symantec 20130608
TheHacker 20130607
TotalDefense 20130607
TrendMicro 20130608
TrendMicro-HouseCall 20130608
VBA32 20130608
VIPRE 20130608
ViRobot 20130608
eSafe 20130606
nProtect 20130608
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block
Copyright
Copyright (c) 2005-2013

Publisher AutoPatcher
Product AutoPatcher Updater
Version 1.04.0014
Original name apup.exe
Internal name apup
File version 1.04.0014
Description AutoPatcher Updater
Comments Lead Developer ViroMan. Past developers Joe Harrison & Anton Dudarenko
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-03-12 08:24:14
Link date 9:24 AM 3/12/2013
Entry Point 0x00009E50
Number of sections 3
PE sections
PE imports
_adj_fdivr_m64
Ord(546)
Ord(518)
__vbaGenerateBoundsError
__vbaStrFixstr
_allmul
Ord(616)
Ord(527)
_adj_fprem
__vbaR4Var
__vbaAryMove
__vbaForEachVar
Ord(714)
Ord(301)
__vbaVarAnd
__vbaRedim
__vbaForEachCollObj
__vbaRefVarAry
__vbaRecDestruct
__vbaCopyBytes
_adj_fdiv_r
__vbaLsetFixstrFree
__vbaRecAnsiToUni
__vbaObjSetAddref
Ord(517)
__vbaHresultCheckObj
__vbaI2Var
__vbaR8Str
_CIlog
__vbaRecAssign
Ord(595)
__vbaVarLateMemCallLd
_adj_fptan
Ord(581)
__vbaI4Var
__vbaLateIdCall
Ord(306)
__vbaRecUniToAnsi
Ord(608)
__vbaFreeStr
__vbaLateIdCallLd
Ord(631)
__vbaStrI2
__vbaStrR8
__vbaStrI4
__vbaStrR4
__vbaFreeStrList
__vbaI2I4
_adj_fdiv_m16i
__vbaExceptHandler
EVENT_SINK_QueryInterface
__vbaStrVarCopy
__vbaNextEachVar
__vbaI4Str
Ord(607)
__vbaLenBstr
Ord(525)
__vbaResume
__vbaRedimPreserve
__vbaNextEachCollObj
Ord(707)
__vbaFpCDblR8
__vbaInStr
_adj_fdiv_m32i
Ord(717)
Ord(600)
Ord(307)
__vbaSetSystemError
DllFunctionCall
__vbaUbound
__vbaFreeVar
__vbaBoolVarNull
Ord(100)
__vbaForEachAry
__vbaI2Str
Ord(711)
Ord(606)
__vbaNew
__vbaAryLock
__vbaLsetFixstr
__vbaVarTstEq
__vbaStrMove
__vbaExitEachColl
__vbaOnError
_adj_fdivr_m32i
__vbaI4ErrVar
__vbaInStrVar
__vbaStrCat
__vbaVarDup
__vbaNextEachAry
__vbaChkstk
EVENT_SINK_Release
__vbaStrCmp
__vbaAryUnlock
__vbaBoolVar
__vbaStrComp
Ord(697)
__vbaVarLateMemSt
Ord(710)
Ord(605)
__vbaFreeObjList
Ord(650)
__vbaVarIndexLoad
Ord(666)
Ord(311)
__vbaFreeVarList
Ord(305)
__vbaStrVarMove
Ord(626)
__vbaCastObj
__vbaExitProc
__vbaVarOr
__vbaVarTstNe
Ord(618)
__vbaLateMemCallLd
__vbaAryConstruct2
Ord(520)
__vbaFreeObj
_adj_fdivr_m32
__vbaStrVarVal
__vbaVarSub
Ord(660)
_CIcos
Ord(303)
Ord(528)
__vbaVarMove
__vbaErrorOverflow
Ord(669)
__vbaNew2
__vbaLateIdSt
__vbaVarCmpEq
__vbaAryDestruct
__vbaAryCopy
_adj_fprem1
Ord(619)
Ord(537)
_adj_fdiv_m32
Ord(535)
Ord(712)
__vbaLenVar
__vbaEnd
__vbaVarZero
Ord(685)
Ord(572)
__vbaLateMemSt
_adj_fpatan
EVENT_SINK_AddRef
__vbaVarSetVar
Ord(300)
__vbaObjIs
__vbaStrCopy
Ord(702)
Ord(313)
__vbaFPException
__vbaAryVar
__vbaStrToUnicode
_adj_fdivr_m16i
__vbaVarAdd
_adj_fdiv_m64
__vbaRecDestructAnsi
__vbaCastObjVar
Ord(519)
Ord(561)
Ord(309)
_CIsin
_CIsqrt
__vbaVarCopy
_CIatan
__vbaI2Abs
Ord(617)
_CItan
__vbaObjSet
__vbaI2ErrVar
Ord(644)
__vbaVarCat
_CIexp
__vbaStrToAnsi
__vbaFpR8
__vbaFpI4
Ord(598)
__vbaFpI2
Number of PE resources by type
RT_ICON 5
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 6
ENGLISH US 2
ExifTool file metadata
UninitializedDataSize
0

Comments
Lead Developer ViroMan. Past developers Joe Harrison & Anton Dudarenko

LinkerVersion
6.0

ImageVersion
1.4

FileSubtype
0

FileVersionNumber
1.4.0.14

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

CharacterSet
Unicode

InitializedDataSize
36864

FileOS
Win32

MIMEType
application/octet-stream

LegalCopyright
Copyright (c) 2005-2013

FileVersion
1.04.0014

TimeStamp
2013:03:12 09:24:14+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
apup

SubsystemVersion
4.0

ProductVersion
1.04.0014

FileDescription
AutoPatcher Updater

OSVersion
4.0

OriginalFilename
apup.exe

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
AutoPatcher

CodeSize
425984

ProductName
AutoPatcher Updater

ProductVersionNumber
1.4.0.14

EntryPoint
0x9e50

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 1b7ff9ffa4ee8326f1bd701c457f16a0
SHA1 fc527fcbec837ca5e16204047b81de7eec8243c5
SHA256 3481e4239573a181ce5b629e0017a648d197abdda6cf6ddc6cfd04406356a839
ssdeep
12288:dIKdJ1MqxbtQXSovJ3saLCvZELJscwzCxTyrI9a:dIKGWbtQXSC3saLCvZiPGCAI

File size 448.0 KB ( 458752 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (63.9%)
Win32 Executable MS Visual C++ (generic) (24.3%)
Win32 Dynamic Link Library (generic) (5.1%)
Win32 Executable (generic) (3.5%)
Generic Win/DOS Executable (1.5%)
Tags
peexe

VirusTotal metadata
First submission 2013-04-06 07:09:41 UTC ( 1 year ago )
Last submission 2013-06-08 09:14:16 UTC ( 10 months, 2 weeks ago )
File names apup
virussign.com_1b7ff9ffa4ee8326f1bd701c457f16a0.vir
vt-upload-j6_l_
apup.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Hooking activity
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.
UDP communications