× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 4c46a1acec13c58f55439682de1c0b1b210e20ce00d2720918050cdd23dfb7e1
File name: 8324.exe
Detection ratio: 48 / 57
Analysis date: 2016-12-23 17:31:18 UTC ( 2 years, 1 month ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Symmi.37663 20161223
AegisLab W32.W.Ngrbot.yeg!c 20161223
AhnLab-V3 Worm/Win32.Ngrbot.R90964 20161223
ALYac Gen:Variant.Symmi.37663 20161223
Antiy-AVL Worm/Win32.Ngrbot 20161223
Arcabit Trojan.Symmi.D931F 20161223
Avast Win32:GenMalicious-XN [Trj] 20161223
AVG Dropper.Generic9.SAP 20161223
Avira (no cloud) WORM/Ngrbot.rfdas 20161223
AVware Trojan.Win32.Generic!BT 20161223
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20161207
BitDefender Gen:Variant.Symmi.37663 20161223
CAT-QuickHeal Worm.Ngrbot 20161223
Comodo UnclassifiedMalware 20161223
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20161024
Cyren W32/VBcrypt.BQ!Eldorado 20161223
Emsisoft Gen:Variant.Symmi.37663 (B) 20161223
ESET-NOD32 Win32/TrojanClicker.VB.NZZ 20161223
F-Prot W32/VBcrypt.BQ!Eldorado 20161223
F-Secure Gen:Variant.Symmi.37663 20161223
Fortinet W32/AutoRun.DVXZ!worm 20161223
GData Gen:Variant.Symmi.37663 20161223
Ikarus Worm.Win32.Ngrbot 20161223
Sophos ML trojandropper.win32.gepys.a 20161216
Jiangmin Worm/Ngrbot.awx 20161223
K7AntiVirus Trojan ( 0040f7b81 ) 20161223
K7GW Trojan ( 0040f7b81 ) 20161223
Kaspersky HEUR:Trojan.Win32.Generic 20161223
Malwarebytes Trojan.LVBP 20161223
McAfee Artemis!B00C48AEDE61 20161223
McAfee-GW-Edition BehavesLike.Win32.VBObfus.cc 20161223
Microsoft Trojan:Win32/Bagsu!rfn 20161223
eScan Gen:Variant.Symmi.37663 20161223
NANO-Antivirus Trojan.Win32.Ngrbot.cthdjb 20161223
Panda Trj/Genetic.gen 20161223
Qihoo-360 HEUR/Malware.QVM03.Gen 20161223
Rising Malware.Generic!9GBCKnK34OH@2 (thunder) 20161223
Sophos AV Mal/Generic-S 20161223
SUPERAntiSpyware Trojan.Agent/Gen-Ngrbot 20161223
Symantec Downloader 20161223
Tencent Win32.Worm.Ngrbot.Palg 20161223
TheHacker Trojan/Injector.bkqt 20161222
TrendMicro TROJ_SPNR.38B614 20161223
TrendMicro-HouseCall TROJ_SPNR.38B614 20161223
VBA32 Worm.Ngrbot 20161223
VIPRE Trojan.Win32.Generic!BT 20161223
Yandex Worm.Ngrbot!lZLha3Makh8 20161223
Zillya Worm.Ngrbot.Win32.4589 20161223
Alibaba 20161223
Bkav 20161223
ClamAV 20161223
CMC 20161223
DrWeb 20161223
Kingsoft 20161223
nProtect 20161223
TotalDefense 20161223
Trustlook 20161223
ViRobot 20161223
WhiteArmor 20161221
Zoner 20161223
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1992-01-06 09:00:41
Entry Point 0x000013D8
Number of sections 3
PE sections
Overlays
MD5 7bc9a42e051781e18552558b5e06b416
File type ASCII text
Offset 151552
Size 7200
Entropy 0.00
PE imports
_adj_fdiv_m32
__vbaChkstk
__vbaVarDup
__vbaAryLock
EVENT_SINK_QueryInterface
_allmul
Ord(516)
__vbaStrMove
_adj_fdivr_m64
__vbaErase
_adj_fprem
__vbaLenBstr
Ord(685)
_adj_fpatan
__vbaFreeObjList
Ord(681)
__vbaUI1Str
Ord(717)
__vbaMidStmtBstr
__vbaExceptHandler
__vbaSetSystemError
__vbaFreeVarList
Ord(632)
__vbaRedim
DllFunctionCall
__vbaFPException
__vbaAryVar
__vbaStrVarMove
__vbaPowerR8
Ord(578)
__vbaVar2Vec
_adj_fdiv_r
Ord(100)
__vbaDerefAry1
__vbaFreeVar
__vbaVarTstNe
_adj_fprem1
__vbaI2Str
_CIcos
Ord(619)
_CItan
__vbaFreeObj
__vbaFileOpen
_adj_fdiv_m64
__vbaStrBool
__vbaHresultCheckObj
__vbaStrVarVal
_CIsin
Ord(711)
Ord(606)
__vbaStrCopy
_CIsqrt
EVENT_SINK_Release
Ord(713)
__vbaFreeStr
_adj_fptan
__vbaGet3
__vbaFileClose
Ord(581)
__vbaI4Var
rtcByteValueBstr
__vbaAryUnlock
__vbaObjSet
__vbaAryCopy
_CIlog
_CIatan
Ord(608)
__vbaNew2
Ord(644)
__vbaVarCat
_adj_fdivr_m32i
Ord(631)
__vbaAryDestruct
_CIexp
__vbaStrI2
__vbaStrToAnsi
__vbaStrI4
_adj_fdivr_m32
__vbaStrCat
Ord(537)
__vbaFreeStrList
__vbaI2I4
__vbaFpI2
CallWindowProcW
Number of PE resources by type
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 1
ENGLISH US 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
1992:01:06 10:00:41+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
28672

LinkerVersion
16.241

FileTypeExtension
exe

InitializedDataSize
118784

SubsystemVersion
4.2992

EntryPoint
0x13d8

OSVersion
4.3357

ImageVersion
6.544

UninitializedDataSize
0

File identification
MD5 b00c48aede617a6924c66f37573af4d3
SHA1 d95346dd06101367d81627ff4c813ab8e3b5e832
SHA256 4c46a1acec13c58f55439682de1c0b1b210e20ce00d2720918050cdd23dfb7e1
ssdeep
1536:iLw1NazcJfWOLz7nfkVCP9V4lK+kvQhAqPUoZ1g9jyMh7zffkjAzm6jPfBMsNgHY:oYNPfWOX7nAQ+8qMGU2Mh/fpfKXIZK

authentihash 414e27c8ba17c5630108b7988562f14515202f22a0cb41f9d341366cd399ec00
imphash eba31b9bd277345569abde8d651188e6
File size 155.0 KB ( 158752 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 system file

TrID Win32 Executable Microsoft Visual Basic 6 (90.6%)
Win32 Executable (generic) (4.9%)
Generic Win/DOS Executable (2.2%)
DOS Executable Generic (2.2%)
Tags
peexe overlay

VirusTotal metadata
First submission 2014-01-17 12:11:06 UTC ( 5 years, 1 month ago )
Last submission 2014-10-01 22:52:21 UTC ( 4 years, 4 months ago )
File names a00g.tar.bz2
VeBA6OM7RT.vsd
aa
4EEB.exe
19549611
19549610
4c46a1acec13c58f55439682de1c0b1b210e20ce00d2720918050cdd23dfb7e1
8324.exe
jhfgddddvvvv.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Code injections in the following processes
Opened mutexes
Hooking activity
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.