× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 3c2cc6a14408dc889685ed772e929f4523975cf1778a74db6994edd73e36e15a
File name: bot.exe
Detection ratio: 3 / 48
Analysis date: 2014-02-14 12:16:07 UTC ( 4 years, 11 months ago )
Antivirus Result Update
Bkav HW32.CDB.8299 20140213
Malwarebytes Backdoor.Bot 20140214
Qihoo-360 Malware.QVM03.Gen 20140214
Ad-Aware 20140214
Yandex 20140212
AhnLab-V3 20140213
AntiVir 20140214
Antiy-AVL 20140214
Avast 20140214
AVG 20140214
Baidu-International 20140214
BitDefender 20140214
ByteHero 20130613
CAT-QuickHeal 20140214
ClamAV 20140214
CMC 20140213
Commtouch 20140214
Comodo 20140214
DrWeb 20140214
Emsisoft 20140214
ESET-NOD32 20140214
F-Prot 20140214
F-Secure 20140214
Fortinet 20140214
GData 20140214
Ikarus 20140214
Jiangmin 20140214
K7AntiVirus 20140213
K7GW 20140213
Kaspersky 20140214
Kingsoft 20140214
McAfee 20140214
McAfee-GW-Edition 20140213
Microsoft 20140214
eScan 20140214
NANO-Antivirus 20140214
Norman 20140214
nProtect 20140214
Panda 20140213
Rising 20140213
Sophos AV 20140214
SUPERAntiSpyware 20140214
Symantec 20140214
TheHacker 20140214
TotalDefense 20140214
TrendMicro 20140214
TrendMicro-HouseCall 20140214
VBA32 20140214
VIPRE 20140214
ViRobot 20140214
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Publisher FLASH
Product FLASH nuli
Original name NOPERT.exe
Internal name NOPERT
File version 1.00.0009
Comments FLASH nuli
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-02-13 21:56:27
Entry Point 0x00001B98
Number of sections 3
PE sections
PE imports
_adj_fdivr_m64
__vbaGenerateBoundsError
_allmul
__vbaGet3
_adj_fprem
Ord(596)
__vbaAryMove
__vbaObjVar
__vbaVarAnd
__vbaRedim
__vbaForEachCollObj
_adj_fdiv_r
__vbaObjSetAddref
__vbaFixstrConstruct
_adj_fdiv_m64
__vbaHresultCheckObj
__vbaAryUnlock
_CIlog
Ord(595)
__vbaVarLateMemCallLd
_adj_fptan
__vbaFileClose
__vbaLateIdCallSt
__vbaI4Var
__vbaLateIdCall
__vbaAryCopy
__vbaFreeStr
__vbaLateIdCallLd
__vbaStrI2
__vbaStrI4
__vbaFreeStrList
_adj_fdiv_m16i
EVENT_SINK_QueryInterface
Ord(617)
__vbaLenBstr
__vbaResume
__vbaRedimPreserve
__vbaStrToUnicode
__vbaInStr
_adj_fdiv_m32i
Ord(717)
__vbaExceptHandler
__vbaSetSystemError
DllFunctionCall
__vbaFreeVar
__vbaBoolVarNull
__vbaFileOpen
Ord(526)
__vbaAryLock
EVENT_SINK_Release
__vbaVarTstEq
Ord(610)
__vbaVarLateMemCallLdRf
_adj_fdivr_m32i
__vbaStrCat
__vbaVarDup
__vbaVarLateMemCallSt
__vbaChkstk
__vbaPrintFile
__vbaLsetFixstr
__vbaI4Cy
Ord(570)
__vbaErase
__vbaVarLateMemSt
__vbaFreeObjList
__vbaVarCmpGt
__vbaVar2Vec
__vbaFreeVarList
__vbaStrVarMove
__vbaCastObj
__vbaExitProc
__vbaAryConstruct2
__vbaFreeObj
_adj_fdivr_m32
__vbaStrVarVal
__vbaVarSub
Ord(660)
__vbaVarTstGt
_CIcos
__vbaVarMove
__vbaVarCmpEq
__vbaNew2
__vbaLateIdSt
__vbaAryDestruct
__vbaStrMove
_adj_fprem1
Ord(537)
Ord(563)
_adj_fdiv_m32
__vbaCyI2
__vbaCyI4
__vbaEnd
__vbaLateMemSt
__vbaOnError
_adj_fpatan
Ord(712)
__vbaStrCopy
Ord(632)
__vbaFPException
_adj_fdivr_m16i
__vbaVarAdd
Ord(100)
EVENT_SINK_AddRef
__vbaNextEachCollObj
_CIsin
_CIsqrt
__vbaVarCopy
Ord(612)
_CIatan
__vbaVarDiv
__vbaLateMemCall
__vbaObjSet
__vbaVarCat
_CIexp
__vbaStrToAnsi
_CItan
Ord(598)
CreateStatusWindowA
RoundRect
CallWindowProcA
CallWindowProcW
Number of PE resources by type
Struct(0) 3
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 4
ENGLISH US 1
PE resources
ExifTool file metadata
LegalTrademarks
FLASH epol nyaeth hu ik milg bvc asertyh iolk.

UninitializedDataSize
0

Comments
FLASH nuli

InitializedDataSize
12288

ImageVersion
1.0

ProductName
FLASH nuli

FileVersionNumber
1.0.0.9

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

CharacterSet
Unicode

LinkerVersion
6.0

OriginalFilename
NOPERT.exe

MIMEType
application/octet-stream

FileVersion
1.00.0009

TimeStamp
2014:02:13 22:56:27+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
NOPERT

FileAccessDate
2014:02:14 13:16:33+01:00

ProductVersion
1.00.0009

SubsystemVersion
4.0

OSVersion
4.0

FileCreateDate
2014:02:14 13:16:33+01:00

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
FLASH

CodeSize
81920

FileSubtype
0

ProductVersionNumber
1.0.0.9

EntryPoint
0x1b98

ObjectFileType
Executable application

File identification
MD5 c047de31986d4ed1f2884e8b1ae91362
SHA1 55a03606d8b98cdf88436b2636dc36be48c56400
SHA256 3c2cc6a14408dc889685ed772e929f4523975cf1778a74db6994edd73e36e15a
ssdeep
3072:iWee4AIFNxLjb3hL7yKHCmB8aVUhkGLriHiLPW9eNl3gqUUlhoMv5avgFHszv4Al:iWgbzC0GTobvfmfqK+9jPKwADl/IpV

imphash 4fa3f1eca7d4dce69ad88b4c8f12ffe4
File size 235.3 KB ( 240916 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (84.4%)
Win32 Dynamic Link Library (generic) (6.7%)
Win32 Executable (generic) (4.6%)
Generic Win/DOS Executable (2.0%)
DOS Executable Generic (2.0%)
Tags
peexe

VirusTotal metadata
First submission 2014-02-14 12:16:07 UTC ( 4 years, 11 months ago )
Last submission 2014-02-14 12:16:07 UTC ( 4 years, 11 months ago )
File names NOPERT.exe
NOPERT
bot.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!