× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 382da4726745172c4d8631a96f56c06cfbcd4bd43fde6b950fe37e423a1202dd
File name: 80C8.exe
Detection ratio: 46 / 56
Analysis date: 2016-12-06 05:22:00 UTC ( 2 years, 2 months ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Symmi.44680 20161206
AegisLab Worm.W32.Ngrbot!c 20161206
AhnLab-V3 Trojan/Win32.Agent.R114800 20161205
ALYac Gen:Variant.Symmi.44680 20161206
Antiy-AVL Worm/Win32.Ngrbot 20161206
Arcabit Trojan.Symmi.DAE88 20161206
Avast Win32:GenMalicious-YS [Trj] 20161206
AVG Dropper.Generic9.XBD 20161206
Avira (no cloud) TR/Beebone.rhwnact 20161205
AVware Trojan.Win32.Clicker!BT 20161206
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20161205
BitDefender Gen:Variant.Symmi.44680 20161206
Bkav W32.Clod189.Trojan.4ada 20161205
Comodo UnclassifiedMalware 20161205
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20161024
Cyren W32/Peaac.A.gen!Eldorado 20161206
DrWeb Trojan.Click3.10164 20161206
Emsisoft Gen:Variant.Symmi.44680 (B) 20161206
ESET-NOD32 Win32/TrojanClicker.VB.NZZ 20161206
F-Prot W32/Peaac.A.gen!Eldorado 20161206
F-Secure Gen:Variant.Symmi.44680 20161206
Fortinet W32/Ngrbot.AGDA!worm 20161206
GData Gen:Variant.Symmi.44680 20161206
Ikarus Worm.Win32.Ngrbot 20161205
Sophos ML generic.a 20161202
Jiangmin Worm/Ngrbot.bkq 20161205
K7AntiVirus Spyware ( 004be9f31 ) 20161205
K7GW Spyware ( 004be9f31 ) 20161206
Kaspersky Worm.Win32.Ngrbot.agda 20161206
Kingsoft Worm.Ngrbot.ag.(kcloud) 20161206
McAfee RDN/Sdbot.worm!ca 20161205
McAfee-GW-Edition BehavesLike.Win32.Backdoor.ct 20161206
eScan Gen:Variant.Symmi.44680 20161206
NANO-Antivirus Trojan.Win32.Ngrbot.dxoztn 20161206
Panda Trj/Chgt.C 20161205
Qihoo-360 Win32/Trojan.361 20161206
Rising Trojan.Generic-eoOd2v6VHUM (cloud) 20161206
Sophos AV Mal/Generic-S 20161206
SUPERAntiSpyware Trojan.Agent/Gen-Kazy 20161206
Symantec Heur.AdvML.B 20161206
Tencent Win32.Worm.Ngrbot.Dxwn 20161206
VBA32 TScope.Trojan.VB 20161205
VIPRE Trojan.Win32.Clicker!BT 20161206
ViRobot Backdoor.Win32.U.Ruskill.90112[h] 20161206
Yandex Trojan.CL.VB!nb+qfJhddEs 20161205
Zillya Worm.Ngrbot.Win32.7103 20161205
Alibaba 20161206
CAT-QuickHeal 20161206
ClamAV 20161206
CMC 20161205
Malwarebytes 20161206
Microsoft 20161205
nProtect 20161206
TheHacker 20161130
TotalDefense 20161205
TrendMicro-HouseCall 20161206
Trustlook 20161206
WhiteArmor 20161125
Zoner 20161206
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-08-23 04:38:01
Entry Point 0x0000132C
Number of sections 3
PE sections
PE imports
__vbaChkstk
__vbaGenerateBoundsError
__vbaVarDup
Ord(516)
__vbaAryCopy
__vbaErase
_adj_fprem
__vbaLenBstr
Ord(525)
__vbaFreeObjList
__vbaUI1Str
__vbaInStr
Ord(717)
__vbaExceptHandler
__vbaSetSystemError
__vbaFreeVarList
Ord(632)
__vbaFPException
__vbaAryVar
__vbaStrVarMove
_adj_fdivr_m16i
Ord(100)
__vbaDerefAry1
_allmul
_CItan
__vbaFreeVar
Ord(570)
__vbaI2Str
Ord(619)
__vbaMidStmtBstr
__vbaFreeObj
__vbaFileOpen
_adj_fdiv_m64
__vbaGet3
__vbaHresultCheckObj
__vbaAryLock
_CIsin
Ord(711)
__vbaStrCopy
_adj_fdiv_m32
__vbaStrVarVal
EVENT_SINK_Release
_adj_fptan
__vbaFileClose
__vbaAryUnlock
__vbaVar2Vec
__vbaErrorOverflow
Ord(608)
__vbaNew2
Ord(644)
__vbaVarTstNe
Ord(631)
__vbaAryDestruct
_CIexp
__vbaStrMove
_adj_fprem1
_adj_fdivr_m32
__vbaStrCat
__vbaVarCopy
__vbaFreeStrList
__vbaI2I4
_adj_fdiv_m16i
CallWindowProcW
Number of PE resources by type
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 1
SPANISH MODERN 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2012:08:23 05:38:01+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
40960

LinkerVersion
6.225

EntryPoint
0x132c

InitializedDataSize
126976

SubsystemVersion
4.0

ImageVersion
1.0

OSVersion
4.25088

UninitializedDataSize
0

File identification
MD5 851d3ea968ceab536019a2622a744f79
SHA1 1c5228ee111a8ea29f965858d48ae5a525c043d6
SHA256 382da4726745172c4d8631a96f56c06cfbcd4bd43fde6b950fe37e423a1202dd
ssdeep
1536:+ZXKlrsKizt2E05lvRzUaISXhnz3XPHZF27now7LfL31SgajJQE:HF5Yt2ZbzUaIOJvZFE72j/

authentihash 0cda2ac6037d551f877163ad063d67275072b3e8d9e8f0a1c46a4ce79d7633fa
imphash 0fac802b2d0c9d939d9b52c9e303ada5
File size 164.0 KB ( 167936 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (84.4%)
Win32 Dynamic Link Library (generic) (6.7%)
Win32 Executable (generic) (4.6%)
Generic Win/DOS Executable (2.0%)
DOS Executable Generic (2.0%)
Tags
peexe

VirusTotal metadata
First submission 2014-10-10 19:26:40 UTC ( 4 years, 4 months ago )
Last submission 2017-09-29 17:25:23 UTC ( 1 year, 4 months ago )
File names 1115-YyTJ6r
80C8.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Hooking activity
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.