× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 462c89b5f0eb3188dcb3ca5f59ee655b208128531c5d0c61e968cf6175ae613f
File name: 1267883479.setup_001.exe
Detection ratio: 48 / 54
Analysis date: 2014-07-15 19:21:13 UTC ( 4 years ago )
Antivirus Result Update
Ad-Aware Trojan.Koobface.504 20140715
Yandex Worm.Koobface!b4zpQsVUOfA 20140715
AhnLab-V3 Worm/Win32.Koobface 20140715
AntiVir TR/Dropper.Gen 20140715
Avast Win32:VB-ORG [Trj] 20140715
AVG Worm/Koobface.AA 20140715
Baidu-International Worm.Win32.Koobface.Ad 20140715
BitDefender Trojan.Koobface.504 20140715
Bkav W32.CertokoKM1.Rootkit 20140715
CAT-QuickHeal (Suspicious) - DNAScan 20140715
ClamAV Win.Worm.Koobface-7 20140715
CMC Net-Worm.Win32.Koobface!O 20140714
Commtouch W32/Koobface.N.gen!Eldorado 20140715
Comodo NetWorm.Win32.Koobface.FE 20140715
DrWeb Win32.HLLW.Facebook.760 20140715
Emsisoft Trojan.Koobface.504 (B) 20140715
ESET-NOD32 Win32/Koobface.NCT 20140715
F-Prot W32/Koobface.N.gen!Eldorado 20140715
F-Secure Packed:W32/Vbcrypt.K 20140715
Fortinet W32/VBObfus.C!tr 20140715
GData Trojan.Koobface.504 20140715
Ikarus Net-Worm.Win32.Koobface 20140715
K7AntiVirus Backdoor ( 04c4da301 ) 20140715
K7GW Backdoor ( 04c4da301 ) 20140715
Kaspersky Net-Worm.Win32.Koobface.fuh 20140715
Kingsoft Worm.Koobface.(kcloud) 20140715
McAfee Artemis!F0F7EC03E6CD 20140715
McAfee-GW-Edition Heuristic.BehavesLike.Win32.Downloader.A 20140715
Microsoft VirTool:Win32/VBInject.DR 20140715
eScan Trojan.Koobface.504 20140715
NANO-Antivirus Trojan.Win32.VBGen.rphp 20140715
Norman Koobface.HXH 20140715
nProtect Worm/W32.Koobface.67072.C 20140715
Panda W32/Koobface.C.worm 20140715
Qihoo-360 Win32/Worm.c79 20140715
Rising PE:Trojan.Win32.Generic.11E82152!300425554 20140715
Sophos AV Mal/Koobface-B 20140715
SUPERAntiSpyware Trojan.Agent/Gen-KoobFace 20140715
Symantec W32.Koobface.D 20140715
Tencent Win32.Worm-net.Koobface.Edxf 20140715
TheHacker W32/Koobface.fuh 20140714
TotalDefense Win32/Koobface.LI 20140715
TrendMicro WORM_KOOBFAC.VTG 20140715
TrendMicro-HouseCall WORM_KOOBFAC.VTG 20140715
VBA32 SScope.Trojan.VB.0468 20140715
VIPRE Worm.Win32.Vobfus.mc (v) 20140715
ViRobot Worm.Win32.Net-Koobface.67072 20140715
Zillya Worm.Koobface.Win32.5437 20140715
AegisLab 20140715
Antiy-AVL 20140715
ByteHero 20140715
Jiangmin 20140715
Malwarebytes 20140715
Zoner 20140714
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2010-03-06 10:19:46
Entry Point 0x000010A4
Number of sections 4
PE sections
PE imports
ProcCallEngine
__vbaExceptHandler
Ord(598)
DllFunctionCall
Ord(644)
Ord(631)
Ord(100)
Ord(608)
CreateProcessW
RtlMoveMemory
GetProcAddress
LoadLibraryA
VirtualAllocEx
CallWindowProcA
Number of PE resources by type
RT_ICON 2
3 1
RT_GROUP_ICON 1
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
RUSSIAN 4
ENGLISH US 1
ARABIC NEUTRAL 1
PE resources
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
55296

ImageVersion
1.0

FileVersionNumber
0.1.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

CharacterSet
Unicode

LinkerVersion
9.0

MIMEType
application/octet-stream

TimeStamp
2010:03:06 11:19:46+01:00

FileType
Win32 EXE

PEType
PE32

FileAccessDate
2014:07:15 20:31:30+01:00

SubsystemVersion
5.0

OSVersion
5.0

FileCreateDate
2014:07:15 20:31:30+01:00

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
10240

FileSubtype
0

ProductVersionNumber
0.1.0.0

EntryPoint
0x10a4

ObjectFileType
Executable application

File identification
MD5 f0f7ec03e6cd5be3b0367915ad5ee062
SHA1 32fc14812c05a2e511b582dee4ab0294f2d63537
SHA256 462c89b5f0eb3188dcb3ca5f59ee655b208128531c5d0c61e968cf6175ae613f
ssdeep
768:OAuhDnWpcH19kGAwn/muRAkur5hdml8d4TIqdILP77ux1IaV4xkqQwjZukzCJPf:WstkCdA39SDm2aWxkRIZuT8BtIMx

imphash aec576c1a0c4d7befd14f199bdadb693
File size 65.5 KB ( 67072 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (84.4%)
Win32 Dynamic Link Library (generic) (6.7%)
Win32 Executable (generic) (4.6%)
Generic Win/DOS Executable (2.0%)
DOS Executable Generic (2.0%)
Tags
peexe mz

VirusTotal metadata
First submission 2010-03-06 12:16:08 UTC ( 8 years, 4 months ago )
Last submission 2012-12-09 00:23:31 UTC ( 5 years, 7 months ago )
File names F0F7EC03E6CD5BE3B0367915AD5EE062
e3Eamx5pYx.kwu
aa
1267883479.setup_001.exe
lILA0.dotx
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!