× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 3a7215cab2e62a0b5fe17236abb681b45899eaae3c955a883014ba79bbb231d1
File name: 004fe98c373ac03bd457c1b283d5dab8.exe
Detection ratio: 51 / 69
Analysis date: 2018-10-04 02:43:05 UTC ( 5 months, 2 weeks ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Jaiko.1366 20181004
AegisLab Trojan.Win32.VBKrypt.4!c 20181004
AhnLab-V3 Trojan/Win32.FraudPack.R42153 20181004
ALYac Gen:Variant.Jaiko.1366 20181004
Antiy-AVL Worm/Win32.VBNA 20181004
Arcabit Trojan.Jaiko.D556 20181004
Avast Win32:FakeAV-BCM [Trj] 20181004
AVG Win32:FakeAV-BCM [Trj] 20181004
Avira (no cloud) TR/Fakealert.uzt 20181004
AVware VirTool.Win32.VBInject.gen.dg (v) 20180925
BitDefender Gen:Variant.Jaiko.1366 20181004
ClamAV Win.Trojan.Fakeav-63956 20181003
Comodo Worm.Win32.Vbna.~B 20181003
CrowdStrike Falcon (ML) malicious_confidence_80% (D) 20180723
Cybereason malicious.c373ac 20180225
Cylance Unsafe 20181004
Cyren W32/VBTrojan.Dropper.4!Maximus 20181004
DrWeb Trojan.VbCrypt.68 20181004
Emsisoft Gen:Variant.Jaiko.1366 (B) 20181003
Endgame malicious (high confidence) 20180730
ESET-NOD32 Win32/Adware.SecurityCentral.AA 20181003
F-Prot W32/VBTrojan.Dropper.4!Maximus 20181004
F-Secure Gen:Variant.Jaiko.1366 20181004
Fortinet W32/VBInjector.AGB!tr 20181003
GData Gen:Variant.Jaiko.1366 20181004
Ikarus Trojan.Win32.FakeAV 20181003
Sophos ML heuristic 20180717
K7AntiVirus NetWorm ( 700000151 ) 20181003
K7GW NetWorm ( 700000151 ) 20181003
Kaspersky Worm.Win32.VBNA.b 20181003
Kingsoft Win32.Malware.Heur_Generic.B.(kcloud) 20181004
MAX malware (ai score=100) 20181004
McAfee Generic PUP 20181003
McAfee-GW-Edition BehavesLike.Win32.Rimecud.dc 20181004
Microsoft VirTool:Win32/VBInject 20181004
eScan Gen:Variant.Jaiko.1366 20181004
NANO-Antivirus Trojan.Win32.Fakealert.giybf 20181003
Panda Trj/CI.A 20181003
Qihoo-360 Win32/Trojan.Adware.9ee 20181004
Rising Worm.VBNA!8.2BE (CLOUD) 20181003
SentinelOne (Static ML) static engine - malicious 20180926
Sophos AV Mal/Koobface-D 20181004
Symantec Trojan.Gen 20181003
Tencent Win32.Worm.Vbna.db 20181004
TheHacker Trojan/VBKrypt.le 20181001
VBA32 SScope.Trojan.VBRA.3560 20181003
VIPRE VirTool.Win32.VBInject.gen.dg (v) 20181004
Webroot Vir.Tool.Gen 20181004
Yandex Trojan.VBKrypt!ow2w4xTGQ6M 20180927
Zillya Trojan.FakeAV.Win32.177232 20181003
ZoneAlarm by Check Point Worm.Win32.VBNA.b 20180925
Alibaba 20180921
Avast-Mobile 20181003
Babable 20180918
Baidu 20180930
Bkav 20181003
CAT-QuickHeal 20181001
CMC 20181003
eGambit 20181004
Jiangmin 20181004
Malwarebytes 20181003
Palo Alto Networks (Known Signatures) 20181004
SUPERAntiSpyware 20180907
Symantec Mobile Insight 20181001
TACHYON 20181004
TotalDefense 20181003
TrendMicro 20181003
TrendMicro-HouseCall 20181004
Trustlook 20181004
ViRobot 20181003
Zoner 20181004
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
File version 1.0.0.0
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2010-04-16 20:20:37
Entry Point 0x000010B8
Number of sections 3
PE sections
PE imports
EVENT_SINK_QueryInterface
Ord(616)
ProcCallEngine
__vbaExceptHandler
Ord(632)
MethCallEngine
DllFunctionCall
Ord(644)
Ord(696)
Ord(631)
EVENT_SINK_Release
Ord(100)
EVENT_SINK_AddRef
Ord(598)
RtlMoveMemory
GetProcAddress
CallWindowProcW
Number of PE resources by type
RT_ICON 4
RT_VERSION 1
8 1
RT_MANIFEST 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 5
ENGLISH US 2
ARABIC NEUTRAL 1
PE resources
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
913408

ImageVersion
1.27

FileVersionNumber
1.0.0.0

LanguageCode
Russian

FileFlagsMask
0x003f

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

CharacterSet
Windows, Cyrillic

LinkerVersion
7.1

FileTypeExtension
exe

MIMEType
application/octet-stream

FileVersion
1.0.0.0

TimeStamp
2010:04:16 21:20:37+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
1.0.0.0

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
9728

FileSubtype
0

ProductVersionNumber
1.0.0.0

EntryPoint
0x10b8

ObjectFileType
Executable application

File identification
MD5 004fe98c373ac03bd457c1b283d5dab8
SHA1 65536a007b140003f8f66be9cecdf94cb0f9346d
SHA256 3a7215cab2e62a0b5fe17236abb681b45899eaae3c955a883014ba79bbb231d1
ssdeep
24576:IQJwtAnk4fSyfkJxX1yCmXdIznSNMO2Roz:tkX4fT2VwWWNMO2Roz

authentihash 95f42ed767ee171426f735d34170883d7fb125c54666b8eecf7527dd472a5be8
imphash e447de45877c18793d699d2a1f54d97e
File size 902.5 KB ( 924160 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (82.7%)
Win32 Dynamic Link Library (generic) (6.6%)
Win32 Executable (generic) (4.5%)
OS/2 Executable (generic) (2.0%)
Generic Win/DOS Executable (2.0%)
Tags
peexe

VirusTotal metadata
First submission 2010-04-17 00:06:49 UTC ( 8 years, 11 months ago )
Last submission 2014-01-07 13:00:44 UTC ( 5 years, 2 months ago )
File names 004fe98c373ac03bd457c1b283d5dab8.exe
OYwEYA2Rc5.caj
004fe98c373ac03bd457c1b283d5dab8
004FE98C373AC03BD457C1B283D5DAB8
aa
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Created processes
Opened mutexes
Hooking activity
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.