× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 4909ec2b652262511c911695687c88d8af22e84498c7bb4482c88a401df55f36
File name: 59c2db43d7ae36d31a5f.exe
Detection ratio: 60 / 62
Analysis date: 2017-04-16 13:36:04 UTC ( 1 year, 8 months ago ) View latest
Antivirus Result Update
Ad-Aware Win32.Worm.VB.NUH 20170416
AegisLab Troj.W32.Agent.tnjR 20170414
AhnLab-V3 HEUR/Fakon.mwf 20170416
ALYac Win32.Worm.VB.NUH 20170416
Antiy-AVL Trojan[Downloader]/Win32.Banload 20170416
Arcabit Win32.Worm.VB.NUH 20170416
Avast Win32:Banload-GCD [Trj] 20170416
AVG Worm/Generic_vb.NL 20170416
Avira (no cloud) TR/Banload.ihm 20170416
AVware Trojan-Downloader.Win32.Banload.ayqh (v) 20170410
Baidu Win32.Trojan.VB.gu 20170414
BitDefender Win32.Worm.VB.NUH 20170416
Bkav W32.MusicaHV.Trojan 20170415
CAT-QuickHeal Trojan.VB.Gen 20170415
ClamAV Win.Trojan.VB-1518 20170416
CMC Trojan-Downloader.Win32.Banload!O 20170416
Comodo TrojWare.Win32.Downloader.Banload.~AAD 20170416
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20170130
Cyren W32/Downloader.ARMS-0839 20170416
DrWeb Trojan.DownLoad1.19749 20170416
Emsisoft Win32.Worm.VB.NUH (B) 20170416
Endgame malicious (high confidence) 20170413
ESET-NOD32 Win32/VB.NMS 20170416
F-Prot W32/Downldr2.DEAQ 20170416
F-Secure Win32.Worm.VB.NUH 20170416
Fortinet W32/VB.ASD!tr.dldr 20170416
GData Win32.Worm.Autorun.A@gen 20170416
Ikarus Worm.Win32 20170416
Sophos ML trojandropper.win32.lamechi.b 20170413
Jiangmin Trojan/Generic.awkyv 20170416
K7AntiVirus P2PWorm ( 0002eb951 ) 20170416
K7GW P2PWorm ( 0002eb951 ) 20170416
Kaspersky Trojan.Win32.Agent.acbem 20170416
Kingsoft Win32.TrojDownloader.Banload.(kcloud) 20170416
Malwarebytes Worm.Brontok 20170416
McAfee Generic VB.b 20170416
McAfee-GW-Edition Generic VB.b 20170416
Microsoft Worm:Win32/Lefgroo.A 20170416
eScan Win32.Worm.VB.NUH 20170416
NANO-Antivirus Trojan.Win32.Dwn.vttwn 20170416
Panda Trj/Banker.LQV 20170416
Qihoo-360 Malware.Radar05.Gen 20170416
Rising Trojan.Generic (cloud:VAqNX1JwFIS) 20170416
SentinelOne (Static ML) static engine - malicious 20170330
Sophos AV Mal/VB-F 20170416
SUPERAntiSpyware Trojan.Agent/Gen-Banload 20170416
Symantec W32.SillyFDC 20170415
Tencent Win32.Trojan-Downloader.Banload.bins 20170416
TheHacker Trojan/Downloader.Banload.awcw 20170412
TotalDefense Win32/Lefgroo.A 20170416
TrendMicro WORM_AUTORUN.SMG 20170416
TrendMicro-HouseCall WORM_AUTORUN.SMG 20170416
VBA32 Trojan.Agent 20170414
VIPRE Trojan-Downloader.Win32.Banload.ayqh (v) 20170416
ViRobot Trojan.Win32.Downloader.910336[h] 20170416
Webroot Worm:Win32/Lefgroo.A 20170416
Yandex Trojan.DL.Banload!rYSm24e8R00 20170414
Zillya Downloader.Banload.Win32.44018 20170414
ZoneAlarm by Check Point Trojan.Win32.Agent.acbem 20170416
Zoner Trojan.VB.NMS 20170416
Alibaba 20170415
nProtect 20170416
Palo Alto Networks (Known Signatures) 20170416
Symantec Mobile Insight 20170414
Trustlook 20170416
WhiteArmor 20170409
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Product Project1
Original name Prueba0001.exe
Internal name Prueba0001
File version 1.00
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2008-01-02 17:21:56
Entry Point 0x00001628
Number of sections 3
PE sections
PE imports
_adj_fdivr_m64
_allmul
_adj_fprem
__vbaObjVar
__vbaForEachVar
Ord(580)
_adj_fdiv_r
__vbaObjSetAddref
Ord(100)
__vbaHresultCheckObj
__vbaR8Str
_CIlog
__vbaVarLateMemCallLd
_adj_fptan
__vbaFreeStr
__vbaStrI2
__vbaStrR8
__vbaStrI4
__vbaFreeStrList
__vbaI2I4
_adj_fdiv_m16i
EVENT_SINK_QueryInterface
Ord(648)
Ord(531)
__vbaNextEachVar
__vbaLenBstr
Ord(594)
Ord(576)
__vbaStrToUnicode
_adj_fdiv_m32i
Ord(600)
__vbaExceptHandler
__vbaSetSystemError
DllFunctionCall
__vbaFreeVar
__vbaBoolVarNull
__vbaFileOpen
__vbaI2Str
EVENT_SINK_Release
__vbaVarTstEq
Ord(593)
Ord(716)
__vbaOnError
__vbaVarSetVar
__vbaStrCat
__vbaVarDup
__vbaChkstk
__vbaPrintFile
__vbaStrCmp
__vbaAryUnlock
__vbaFreeObjList
Ord(666)
__vbaFreeVarList
__vbaStrVarMove
__vbaVarOr
__vbaLateMemCallLd
__vbaFreeObj
_adj_fdivr_m32
__vbaStrVarVal
_CIcos
__vbaVarMove
__vbaErrorOverflow
__vbaNew2
__vbaStrMove
_adj_fprem1
_adj_fdiv_m32
__vbaEnd
__vbaVarCmpEq
_adj_fpatan
EVENT_SINK_AddRef
_adj_fdivr_m32i
__vbaStrCopy
Ord(632)
Ord(645)
__vbaFPException
_adj_fdivr_m16i
_adj_fdiv_m64
_CIsin
_CIsqrt
__vbaVarCopy
_CIatan
__vbaLateMemCall
__vbaObjSet
__vbaVarCat
__vbaFileCloseAll
_CIexp
__vbaStrToAnsi
_CItan
__vbaFpI2
Number of PE resources by type
RT_ICON 10
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 11
ENGLISH US 1
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
6.0

ImageVersion
1.0

FileSubtype
0

FileVersionNumber
1.0.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

CharacterSet
Unicode

InitializedDataSize
45056

EntryPoint
0x1628

OriginalFileName
Prueba0001.exe

MIMEType
application/octet-stream

FileVersion
1.0

TimeStamp
2008:01:02 18:21:56+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Prueba0001

ProductVersion
1.0

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
69632

ProductName
Project1

ProductVersionNumber
1.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 5b2c7d7cc89ad5933a58765bf7326037
SHA1 8f44c361d43ccdeb283e24cfeb03d7ec07422d1a
SHA256 4909ec2b652262511c911695687c88d8af22e84498c7bb4482c88a401df55f36
ssdeep
1536:/ldMVRf1zwQVghNpWM1VS+8cM7j9zqgzQHzdf:NdQ1zwLhj9VSTcMf1FzUzt

authentihash ecf3c3764f676b8507c6554a13f411a51e477833bcc6bdb93de6ca67168bc7a6
imphash ed664352fc066085d3f909b2d6dd69ce
File size 116.0 KB ( 118784 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (88.6%)
Win32 Executable (generic) (4.8%)
OS/2 Executable (generic) (2.1%)
Generic Win/DOS Executable (2.1%)
DOS Executable Generic (2.1%)
Tags
peexe

VirusTotal metadata
First submission 2008-08-26 23:15:30 UTC ( 10 years, 3 months ago )
Last submission 2018-05-05 17:40:10 UTC ( 7 months, 2 weeks ago )
File names Prueba0001
59c2db43d7ae36d31a5f.exe
vt-upload-IUeSG
Prueba0001.exe
Behaviour characterization
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Hooking activity
Runtime DLLs
Additional details
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.
UDP communications