× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 42cea1e5d51d58ddc8e712d8ac6cb80b9152b27a14d921929bedf471f577e659
File name: Peri
Detection ratio: 41 / 57
Analysis date: 2015-01-15 09:50:54 UTC ( 2 years, 5 months ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Symmi.42654 20150115
Yandex Trojan.Agent!OJ0/sq+CFEU 20150114
AhnLab-V3 Trojan/Win32.ZBot 20150115
ALYac Gen:Variant.Symmi.42654 20150115
Antiy-AVL Trojan/Win32.SGeneric 20150115
Avast Win32:Zbot-UTE [Trj] 20150115
AVG Inject2.BHNZ 20150114
Avira (no cloud) TR/PSW.Agent.655872 20150115
AVware Trojan.Win32.Boaxxe.ljb (v) 20150115
Baidu-International Trojan.Win32.Injector.BBKCM 20150115
BitDefender Gen:Variant.Symmi.42654 20150115
CAT-QuickHeal TrojanSpy.Zbot.AQ3 20150115
CMC Heur.Win32.Veebee.1!O 20150113
Comodo UnclassifiedMalware 20150115
Cyren W32/Trojan.NAQL-5596 20150115
DrWeb Trojan.PWS.Panda.655 20150115
Emsisoft Gen:Variant.Symmi.42654 (B) 20150115
ESET-NOD32 a variant of Win32/Injector.BKCM 20150115
F-Prot W32/Trojan3.MSO 20150115
F-Secure Gen:Variant.Symmi.42654 20150115
Fortinet W32/BKCM.SMLOP!tr 20150115
GData Gen:Variant.Symmi.42654 20150115
Ikarus Trojan.Win32.Injector 20150115
K7AntiVirus Unwanted-Program ( 004a8e8a1 ) 20150115
K7GW Trojan ( 004a8dfa1 ) 20150114
Kaspersky HEUR:Trojan.Win32.Generic 20150115
Malwarebytes Trojan.Zbot 20150115
McAfee RDN/Spybot.bfr!o 20150115
McAfee-GW-Edition RDN/Spybot.bfr!o 20150115
Microsoft PWS:Win32/Zbot 20150115
eScan Gen:Variant.Symmi.42654 20150115
NANO-Antivirus Trojan.Win32.Panda.dkcbho 20150115
Norman Troj_Generic.XNUYD 20150115
Qihoo-360 HEUR/QVM03.0.Malware.Gen 20150115
Sophos Mal/VB-ANY 20150115
Symantec Trojan.Zbot 20150115
Tencent Win32.Trojan.Inject.Auto 20150115
TotalDefense Win32/Zbot.aXNHMQB 20150114
TrendMicro TSPY_ZBOT.SMLOP 20150115
TrendMicro-HouseCall Suspicious_GEN.F47V1210 20150115
VIPRE Trojan.Win32.Boaxxe.ljb (v) 20150115
AegisLab 20150115
Alibaba 20150115
Bkav 20150114
ByteHero 20150115
ClamAV 20150115
Jiangmin 20150114
Kingsoft 20150115
nProtect 20150115
Panda 20150114
Rising 20150114
SUPERAntiSpyware 20150115
TheHacker 20150112
VBA32 20150115
ViRobot 20150115
Zillya 20150115
Zoner 20150114
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Publisher Visit: www.infotrip.tk
Product Ophiolat
Original name Peri.exe
Internal name Peri
File version 2.07.0003
Description Intermin lepid
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-12-09 14:08:38
Entry Point 0x00001474
Number of sections 3
PE sections
PE imports
_adj_fdivr_m64
Ord(546)
_CIcos
_allmul
_adj_fprem
__vbaCyForInit
Ord(714)
Ord(673)
__vbaRedim
_adj_fdiv_r
__vbaChkstk
__vbaObjSetAddref
Ord(536)
_adj_fdiv_m64
__vbaHresultCheckObj
__vbaI2Var
__vbaR8Str
_CIlog
Ord(595)
_adj_fptan
__vbaFileClose
__vbaI4Var
Ord(661)
__vbaFreeStr
__vbaLateIdCallLd
Ord(631)
__vbaFreeStrList
Ord(609)
_adj_fdiv_m16i
EVENT_SINK_QueryInterface
Ord(648)
Ord(617)
_adj_fdiv_m32i
__vbaExceptHandler
__vbaSetSystemError
DllFunctionCall
__vbaUbound
__vbaFreeVar
_adj_fpatan
__vbaFileOpen
Ord(571)
_CIsin
Ord(606)
__vbaAryLock
EVENT_SINK_Release
_adj_fdivr_m32i
__vbaVarDup
_adj_fdiv_m32
__vbaStrCmp
__vbaI4Cy
__vbaAryUnlock
Ord(584)
__vbaFreeObjList
__vbaFreeVarList
__vbaStrVarMove
__vbaInStrB
__vbaFreeObj
_adj_fdivr_m32
__vbaVarIdiv
Ord(517)
Ord(705)
__vbaVarMove
__vbaErrorOverflow
__vbaNew2
__vbaAryDestruct
__vbaStrMove
_adj_fprem1
Ord(563)
__vbaWriteFile
__vbaCyI2
__vbaCyI4
__vbaEnd
Ord(685)
Ord(512)
Ord(663)
EVENT_SINK_AddRef
__vbaStrCopy
Ord(702)
__vbaFPException
_adj_fdivr_m16i
Ord(100)
Ord(544)
__vbaUI1I2
_CIsqrt
_CIatan
__vbaR8Var
__vbaObjSet
__vbaCyForNext
_CIexp
_CItan
__vbaFpI4
Number of PE resources by type
RT_ICON 6
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 7
PORTUGUESE BRAZILIAN 1
PE resources
ExifTool file metadata
SubsystemVersion
4.0

InitializedDataSize
20480

ImageVersion
2.7

ProductName
Ophiolat

FileVersionNumber
2.7.0.3

UninitializedDataSize
0

LanguageCode
Portuguese (Brazilian)

FileFlagsMask
0x0000

CharacterSet
Unicode

LinkerVersion
6.0

OriginalFilename
Peri.exe

MIMEType
application/octet-stream

FileVersion
2.07.0003

TimeStamp
2014:12:09 15:08:38+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Peri

FileAccessDate
2015:01:15 10:51:15+01:00

ProductVersion
2.07.0003

FileDescription
Intermin lepid

OSVersion
4.0

FileCreateDate
2015:01:15 10:51:15+01:00

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Visit: www.infotrip.tk

CodeSize
634880

FileSubtype
0

ProductVersionNumber
2.7.0.3

EntryPoint
0x1474

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 367bd0b02b47c3de4dcc2331acd0bd0e
SHA1 d9dc2391f85fc009ac6198986db998bd34c87057
SHA256 42cea1e5d51d58ddc8e712d8ac6cb80b9152b27a14d921929bedf471f577e659
ssdeep
12288:rayiEnIQ1irybsFd9ZEVI/58bAaNPzsie:rahEnIQ1iryb6d9ZcIx8UaNle

authentihash 1b3e3c1b307edba2b74ca663d4792f8740cddfbe7175d3a74b4dc677bfdbd5e5
imphash ac187d9a85e2c7749e06353711ba8220
File size 640.5 KB ( 655872 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (90.5%)
Win32 Executable (generic) (4.9%)
Generic Win/DOS Executable (2.2%)
DOS Executable Generic (2.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe

VirusTotal metadata
First submission 2014-12-09 23:29:37 UTC ( 2 years, 6 months ago )
Last submission 2015-01-15 09:50:54 UTC ( 2 years, 5 months ago )
File names 42cea1e5d51d58ddc8e712d8ac6cb80b9152b27a14d921929bedf471f577e659.exe
Peri
Peri.exe
367bd0b02b47c3de4dcc2331acd0bd0e
Swiftdec.scr
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!