× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 3957039fe6224a81524a59225562f5fb80e986d296ff7d67c7d1b50a362c0fcb
File name: olebdn
Detection ratio: 42 / 57
Analysis date: 2015-10-06 13:50:51 UTC ( 2 years, 11 months ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Kazy.3273 20151006
Yandex Trojan.KillFiles!MFhaRQxgovw 20151004
AhnLab-V3 Trojan/Win32.VBKrypt 20151006
ALYac Gen:Variant.Kazy.3273 20151006
Antiy-AVL Trojan/Win32.VB 20151006
Arcabit Trojan.Kazy.DCC9 20151006
Avast Win32:VB-PCW [Trj] 20151006
AVG Injector.BBZ 20151006
Avira (no cloud) TR/VB.Banker.psb 20151006
AVware Trojan.Win32.Generic!BT 20151006
BitDefender Gen:Variant.Kazy.3273 20151006
CAT-QuickHeal Trojan.VB.r3 20151005
ClamAV Trojan.VB-19419 20151006
Comodo UnclassifiedMalware 20151006
Cyren W32/Trojan.AZUB-2765 20151006
Emsisoft Gen:Variant.Kazy.3273 (B) 20151006
ESET-NOD32 a variant of Win32/KillFiles.NEG 20151006
F-Prot W32/Trojan2.MIGX 20151006
F-Secure Gen:Variant.Kazy.3273 20151006
Fortinet W32/CAMEC.SMI!tr 20151006
GData Gen:Variant.Kazy.3273 20151006
Ikarus Trojan-Banker.Win32.Banker 20151006
K7AntiVirus Backdoor ( 04c4df061 ) 20151006
K7GW Backdoor ( 04c4df061 ) 20151006
Kaspersky Trojan.Win32.VB.agij 20151006
Kingsoft Win32.Troj.Agent.vb.(kcloud) 20151006
McAfee Artemis!52629D46B78F 20151006
McAfee-GW-Edition BehavesLike.Win32.Trojan.pt 20151006
Microsoft Trojan:Win32/Provis!rts 20151006
eScan Gen:Variant.Kazy.3273 20151006
NANO-Antivirus Trojan.Win32.VB.bdfxr 20151006
Panda Generic Malware 20151006
Qihoo-360 Win32/Trojan.2b4 20151006
Sophos AV Mal/Generic-S 20151006
Symantec Trojan.Gen 20151005
Tencent Win32.Trojan.Vb.bffe 20151006
TotalDefense Win32/SillyDl.VPG 20151006
TrendMicro TROJ_LAMEWAR.VTG 20151006
TrendMicro-HouseCall TROJ_LAMEWAR.VTG 20151006
VBA32 suspected of Malware.VB.22 20151006
VIPRE Trojan.Win32.Generic!BT 20151006
Zillya Trojan.VB.Win32.39368 20151005
AegisLab 20151006
Alibaba 20150927
Baidu-International 20151006
Bkav 20151006
ByteHero 20151006
CMC 20151005
DrWeb 20151006
Jiangmin 20151005
Malwarebytes 20151006
nProtect 20151006
Rising 20151005
SUPERAntiSpyware 20151006
TheHacker 20151006
ViRobot 20151006
Zoner 20151006
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Publisher .
Product pluginbrada
Original name olebdn.exe
Internal name olebdn
File version 1.00
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2010-04-23 13:25:21
Entry Point 0x00001698
Number of sections 3
PE sections
PE imports
_adj_fdivr_m64
__vbaGenerateBoundsError
__vbaStrFixstr
_allmul
Ord(527)
_adj_fprem
Ord(709)
__vbaRedim
Ord(537)
__vbaCopyBytes
_adj_fdiv_r
__vbaRecAnsiToUni
__vbaObjSetAddref
__vbaMidStmtBstr
Ord(517)
__vbaHresultCheckObj
__vbaI2Var
_CIlog
Ord(616)
_adj_fptan
__vbaFileClose
Ord(581)
__vbaRecUniToAnsi
__vbaFreeVar
__vbaFreeStr
Ord(631)
__vbaFreeStrList
_adj_fdiv_m16i
EVENT_SINK_QueryInterface
Ord(648)
Ord(516)
__vbaLenBstr
__vbaStrToUnicode
__vbaInStr
_adj_fdiv_m32i
__vbaExceptHandler
__vbaSetSystemError
DllFunctionCall
Ord(608)
__vbaFileOpen
Ord(606)
__vbaInStrVar
_CIsqrt
EVENT_SINK_Release
Ord(667)
__vbaOnError
_adj_fdivr_m32i
Ord(579)
__vbaStrCat
__vbaVarDup
__vbaChkstk
__vbaLsetFixstr
__vbaStrCmp
__vbaAryUnlock
Ord(650)
Ord(666)
__vbaFreeVarList
__vbaStrVarMove
Ord(618)
__vbaExitProc
__vbaVarTstNe
__vbaFreeObj
_adj_fdivr_m32
__vbaStrVarVal
Ord(532)
_CIcos
Ord(528)
__vbaErrorOverflow
__vbaNew2
__vbaAryDestruct
__vbaStrMove
_adj_fprem1
_adj_fdiv_m64
_adj_fdiv_m32
Ord(572)
_adj_fpatan
EVENT_SINK_AddRef
__vbaStrCopy
Ord(632)
__vbaFPException
_adj_fdivr_m16i
Ord(100)
_CIsin
__vbaAryLock
_CIatan
Ord(529)
__vbaObjSet
__vbaVarCat
_CIexp
__vbaStrToAnsi
_CItan
__vbaFpI4
Number of PE resources by type
RT_ICON 3
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 4
ENGLISH US 1
PE resources
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
8192

ImageVersion
1.0

ProductName
pluginbrada

FileVersionNumber
1.0.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

CharacterSet
Unicode

LinkerVersion
6.0

FileTypeExtension
exe

OriginalFileName
olebdn.exe

MIMEType
application/octet-stream

FileVersion
1.0

TimeStamp
2010:04:23 14:25:21+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
olebdn

ProductVersion
1.0

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
.

CodeSize
28672

FileSubtype
0

ProductVersionNumber
1.0.0.0

EntryPoint
0x1698

ObjectFileType
Executable application

File identification
MD5 52629d46b78fb1a53de36540be4b883a
SHA1 1f93aebd2eb917479fd6c256b705fbedb8610360
SHA256 3957039fe6224a81524a59225562f5fb80e986d296ff7d67c7d1b50a362c0fcb
ssdeep
384:8ap8zGGbg7K0wOZJW1LNt5ZqgUU4tLMGPPqSt7I0hOADK0sl9i:8aObv0w4J2P2g/4pMJYXhOa6b

authentihash b9406514f027dd694263cafc0d5d0a8e5aa94da548918c9ee83388e2e10d0db7
imphash 6b590a1ff683b909ef104bd39c180ab2
File size 40.0 KB ( 40960 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (84.4%)
Win32 Dynamic Link Library (generic) (6.7%)
Win32 Executable (generic) (4.6%)
Generic Win/DOS Executable (2.0%)
DOS Executable Generic (2.0%)
Tags
peexe

VirusTotal metadata
First submission 2010-04-28 16:25:01 UTC ( 8 years, 4 months ago )
Last submission 2010-07-29 10:16:02 UTC ( 8 years, 1 month ago )
File names wNDTfMH9.rtf
olebdn.exe
bvBC0ml9.txt
olebdn
aa
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!