× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 386285eb418d9390043034f0901d8dddd8d0dfdc40e74b9fa9aaf6788f324007
File name: 1608161381c04d1a858583b78d10228c2b6c3e1c
Detection ratio: 38 / 57
Analysis date: 2015-05-28 05:46:49 UTC ( 3 years, 11 months ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Zusy.136576 20150528
AhnLab-V3 Trojan/Win32.Emotet 20150527
ALYac Gen:Variant.Zusy.136576 20150528
Antiy-AVL Trojan/Win32.VB 20150528
Avast Win32:Emotet-P [Trj] 20150528
AVG Atros.UPB 20150528
AVware Trojan.Win32.Generic!BT 20150528
Baidu-International Trojan.Win32.VB.cuqz 20150527
BitDefender Gen:Variant.Zusy.136576 20150528
ByteHero Virus.Win32.Heur.p 20150528
Comodo UnclassifiedMalware 20150526
Cyren W32/Trojan.TRXZ-4021 20150528
DrWeb Trojan.DownLoad3.36780 20150528
Emsisoft Gen:Variant.Zusy.136576 (B) 20150528
ESET-NOD32 a variant of Win32/Injector.BXTX 20150528
F-Secure Gen:Variant.Zusy.136576 20150528
Fortinet W32/Injector.BXNA!tr 20150528
GData Gen:Variant.Zusy.136576 20150528
Ikarus Trojan.Win32.Emotet 20150528
Jiangmin Trojan/VB.dusg 20150527
K7AntiVirus Trojan ( 004b5df11 ) 20150528
K7GW Trojan ( 004b5df11 ) 20150528
Kaspersky Trojan.Win32.VB.cuqz 20150528
McAfee RDN/Generic.dx!dql 20150528
McAfee-GW-Edition BehavesLike.Win32.Autorun.dc 20150527
Microsoft Trojan:Win32/Dynamer!ac 20150528
eScan Gen:Variant.Zusy.136576 20150528
NANO-Antivirus Trojan.Win32.VB.dqhtnx 20150528
Norman VBKrypt.VBP 20150527
Panda Trj/Genetic.gen 20150527
Sophos AV Mal/Generic-S 20150528
SUPERAntiSpyware Trojan.Agent/Gen-Multi 20150528
Symantec Trojan.Gen.2 20150528
Tencent Trojan.Win32.Qudamah.Gen.17 20150528
TrendMicro TROJ_GEN.R00GC0DDJ15 20150528
TrendMicro-HouseCall TROJ_GEN.R00GC0DDJ15 20150528
VIPRE Trojan.Win32.Generic!BT 20150528
Zillya Trojan.VB.Win32.136401 20150527
AegisLab 20150528
Yandex 20150525
Alibaba 20150528
Avira (no cloud) 20150528
Bkav 20150527
CAT-QuickHeal 20150523
ClamAV 20150528
CMC 20150527
F-Prot 20150528
Kingsoft 20150528
Malwarebytes 20150528
nProtect 20150527
Qihoo-360 20150528
Rising 20150526
TheHacker 20150526
TotalDefense 20150527
VBA32 20150526
ViRobot 20150528
Zoner 20150526
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-04-06 09:24:53
Entry Point 0x0000110C
Number of sections 3
PE sections
Overlays
MD5 79962ad5a99b9971998181bde783be55
File type MMDF mailbox
Offset 122880
Size 131569
Entropy 7.95
PE imports
EVENT_SINK_QueryInterface
Ord(645)
Ord(648)
Ord(570)
Ord(594)
Ord(689)
Ord(525)
EVENT_SINK_AddRef
Ord(300)
Ord(717)
__vbaExceptHandler
MethCallEngine
DllFunctionCall
Ord(100)
Ord(599)
Ord(516)
Ord(571)
ProcCallEngine
Ord(711)
Ord(690)
EVENT_SINK_Release
Ord(595)
Ord(593)
Ord(306)
Ord(631)
Ord(563)
Number of PE resources by type
RT_ICON 6
ABOUT 1
RT_STRING 1
Struct(128) 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 8
TELUGU DEFAULT 1
SLOVENIAN DEFAULT 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2015:04:06 10:24:53+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
77824

LinkerVersion
6.0

EntryPoint
0x110c

InitializedDataSize
53248

SubsystemVersion
4.0

ImageVersion
1.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 9138846eab48659e47f94cd4bc8bdbe6
SHA1 1608161381c04d1a858583b78d10228c2b6c3e1c
SHA256 386285eb418d9390043034f0901d8dddd8d0dfdc40e74b9fa9aaf6788f324007
ssdeep
3072:QBDZviV3iVa9pe49RaiV3iVBZeB0r2/U4vYu/cu5GCd0r7t+eMymiNmlVj9uCqO3:PKr2MuhCJMZl7n7Blv

authentihash 410fd649b9232af1dbfa4dec14c43c3e6d0eb3294b745a71717374c251f828d6
imphash 6f026788b3dda6ddec9433548aa330c8
File size 248.5 KB ( 254449 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (90.5%)
Win32 Executable (generic) (4.9%)
Generic Win/DOS Executable (2.2%)
DOS Executable Generic (2.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe overlay

VirusTotal metadata
First submission 2015-05-28 05:46:49 UTC ( 3 years, 11 months ago )
Last submission 2015-05-28 05:46:49 UTC ( 3 years, 11 months ago )
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!