× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 450d4012b03fb77b82113dfc3f61ed62771d7798768ae13dcfe73e6cbe65af1b
File name: orqu.ex#
Detection ratio: 21 / 51
Analysis date: 2014-03-31 19:47:57 UTC ( 3 years, 2 months ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Zusy.87635 20140331
Antiy-AVL Trojan[Spy]/Win32.Zbot 20140331
AVG Dropper.Generic9.TYB 20140331
BitDefender Gen:Variant.Zusy.87635 20140331
Bkav HW32.CDB.997b 20140331
DrWeb Trojan.Packed.26313 20140331
Emsisoft Gen:Variant.Zusy.87635 (B) 20140331
ESET-NOD32 a variant of Win32/Injector.BAXD 20140331
F-Secure Gen:Variant.Zusy.87635 20140331
GData Gen:Variant.Zusy.87635 20140331
K7AntiVirus NetWorm ( 700000151 ) 20140331
K7GW NetWorm ( 700000151 ) 20140331
Kaspersky Trojan-Spy.Win32.Zbot.rxmi 20140331
Kingsoft Win32.Troj.ZBot.RX.(kcloud) 20140331
Malwarebytes Spyware.Zbot 20140331
McAfee PWS-Zbot.gen.oj 20140331
Microsoft PWS:Win32/Zbot 20140331
eScan Gen:Variant.Zusy.87635 20140331
Panda Suspicious file 20140331
Sophos Mal/VB-ALP 20140331
VBA32 SScope.Malware-Cryptor.Zbot 20140331
AegisLab 20140331
Yandex 20140330
AhnLab-V3 20140331
AntiVir 20140331
Avast 20140331
Baidu-International 20140331
ByteHero 20140331
CAT-QuickHeal 20140330
ClamAV 20140331
CMC 20140331
Commtouch 20140331
Comodo 20140331
F-Prot 20140331
Fortinet 20140331
Ikarus 20140331
Jiangmin 20140331
McAfee-GW-Edition 20140331
NANO-Antivirus 20140331
Norman 20140331
nProtect 20140331
Qihoo-360 20140331
Rising 20140331
SUPERAntiSpyware 20140331
Symantec 20140331
TheHacker 20140329
TotalDefense 20140330
TrendMicro 20140331
TrendMicro-HouseCall 20140331
VIPRE 20140331
ViRobot 20140331
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-03-26 13:52:39
Entry Point 0x000018A0
Number of sections 3
PE sections
PE imports
_adj_fdivr_m64
__vbaGenerateBoundsError
_allmul
Ord(616)
_adj_fprem
__vbaAryMove
__vbaObjVar
__vbaUI1Var
__vbaRedim
Ord(537)
__vbaRaiseEvent
_adj_fdiv_r
__vbaObjSetAddref
_adj_fdiv_m64
__vbaHresultCheckObj
__vbaAryUnlock
_CIlog
__vbaLateIdCall
Ord(595)
__vbaVarLateMemCallLd
_adj_fptan
__vbaFileClose
Ord(601)
__vbaFreeVar
__vbaFreeStr
__vbaLateIdCallLd
__vbaVarNot
__vbaStrI2
__vbaR8FixI4
__vbaFreeStrList
__vbaI2I4
_adj_fdiv_m16i
EVENT_SINK_QueryInterface
Ord(648)
__vbaLenBstr
Ord(594)
Ord(576)
__vbaStrToUnicode
__vbaInStr
_adj_fdiv_m32i
Ord(717)
Ord(600)
__vbaExceptHandler
__vbaSetSystemError
DllFunctionCall
__vbaGetOwner3
__vbaPowerR8
__vbaUbound
Ord(608)
__vbaBoolVarNull
__vbaLbound
__vbaFileOpen
_CIsin
__vbaInStrVar
__vbaAryLock
EVENT_SINK_Release
__vbaVarTstEq
Ord(593)
Ord(667)
__vbaOnError
_adj_fdivr_m32i
__vbaI4ErrVar
__vbaStrCat
__vbaVarDup
__vbaChkstk
__vbaStrCmp
Ord(570)
__vbaErase
__vbaStrVarCopy
__vbaFreeObjList
__vbaVarIndexLoad
__vbaVar2Vec
__vbaFreeVarList
__vbaStrVarMove
Ord(626)
Ord(578)
__vbaExitProc
__vbaVarTstNe
__vbaAryConstruct2
__vbaFreeObj
_adj_fdivr_m32
_CIcos
__vbaVarMove
__vbaErrorOverflow
Ord(669)
__vbaNew2
__vbaR8IntI4
__vbaVarCmpEq
__vbaAryDestruct
__vbaStrMove
_adj_fprem1
_adj_fdiv_m32
__vbaEnd
__vbaPutOwner3
Ord(685)
__vbaRedimPreserve
_adj_fpatan
Ord(712)
__vbaVarSetVar
__vbaVarVargNofree
__vbaStrCopy
Ord(632)
__vbaFPException
_adj_fdivr_m16i
__vbaVarAdd
Ord(100)
__vbaForEachCollVar
__vbaCastObjVar
EVENT_SINK_AddRef
__vbaUI1I4
__vbaUI1I2
_CIsqrt
__vbaNextEachCollVar
_CIatan
_CItan
Ord(529)
__vbaPut3
__vbaObjSet
Ord(644)
__vbaVarCat
__vbaStr2Vec
_CIexp
__vbaStrToAnsi
__vbaFpR8
__vbaFpI4
Number of PE resources by type
RT_BITMAP 11
RT_GROUP_ICON 1
RT_VERSION 1
PERF 1
Number of PE resources by language
NEUTRAL 12
ENGLISH US 1
ARABIC NEUTRAL 1
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
6.0

ImageVersion
1.0

FileVersionNumber
1.0.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

CharacterSet
Unicode

InitializedDataSize
172032

OriginalFilename
pri.dll

MIMEType
application/octet-stream

FileVersion
1.0

TimeStamp
2014:03:26 14:52:39+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
pri

FileAccessDate
2014:03:31 20:48:13+01:00

ProductVersion
1.0

SubsystemVersion
4.0

OSVersion
4.0

FileCreateDate
2014:03:31 20:48:13+01:00

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
RackCoop

CodeSize
73728

FileSubtype
0

ProductVersionNumber
1.0.0.0

EntryPoint
0x18a0

ObjectFileType
Executable application

File identification
MD5 d3a3a794d4ef897ca4a2660ea3c0da22
SHA1 968a02762e5fd9e024d60c803340881d5e2436c0
SHA256 450d4012b03fb77b82113dfc3f61ed62771d7798768ae13dcfe73e6cbe65af1b
ssdeep
3072:ZdgGS1DhBScTq/yTA4Jb2RzpgQDhmzqaQo3Wr8GZr+92PAYMiKqwzstRmBiWeAEp:7gbphBScTcyTIkm6e8GZ5P+iK5zsXmly

imphash 77bb6f65d3726190703a296ca06f68a2
File size 244.5 KB ( 250368 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (69.4%)
Win64 Executable (generic) (23.3%)
Win32 Executable (generic) (3.8%)
Generic Win/DOS Executable (1.6%)
DOS Executable Generic (1.6%)
Tags
peexe

VirusTotal metadata
First submission 2014-03-31 19:47:57 UTC ( 3 years, 2 months ago )
Last submission 2014-03-31 19:47:57 UTC ( 3 years, 2 months ago )
File names orqu.ex#
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!