× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 4f02becc8a20ea395d7720978b3b206b3c7cc69f3fd6601c11708ad0625872e1
File name: nana.exe
Detection ratio: 9 / 53
Analysis date: 2014-05-23 07:57:58 UTC ( 4 years, 10 months ago ) View latest
Antivirus Result Update
AVG Zbot.JDB 20140523
Bkav W32.FadoxbesLTE.Trojan 20140521
ESET-NOD32 a variant of Win32/Injector.BEHR 20140522
Kaspersky Trojan-Spy.Win32.Zbot.swul 20140523
Malwarebytes Spyware.Zbot.ED 20140523
McAfee PWSZbot-FSS!B89A3FA96C68 20140523
McAfee-GW-Edition PWSZbot-FSS!B89A3FA96C68 20140523
Panda Trj/Zbot.M 20140522
Qihoo-360 Malware.QVM20.Gen 20140523
Ad-Aware 20140523
AegisLab 20140523
Yandex 20140522
AhnLab-V3 20140522
AntiVir 20140523
Antiy-AVL 20140523
Avast 20140523
Baidu-International 20140523
BitDefender 20140523
ByteHero 20140523
CAT-QuickHeal 20140523
ClamAV 20140523
CMC 20140521
Commtouch 20140523
Comodo 20140523
DrWeb 20140523
Emsisoft 20140523
F-Prot 20140523
F-Secure 20140523
Fortinet 20140523
GData 20140523
Ikarus 20140523
Jiangmin 20140523
K7AntiVirus 20140522
K7GW 20140522
Kingsoft 20140523
Microsoft 20140523
eScan 20140523
NANO-Antivirus 20140523
Norman 20140523
nProtect 20140523
Rising 20140522
Sophos AV 20140523
SUPERAntiSpyware 20140523
Symantec 20140523
Tencent 20140523
TheHacker 20140522
TotalDefense 20140522
TrendMicro 20140523
TrendMicro-HouseCall 20140523
VBA32 20140522
VIPRE 20140523
ViRobot 20140523
Zillya 20140523
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-02-16 05:47:36
Entry Point 0x000077AA
Number of sections 4
PE sections
Overlays
MD5 c1b26fced54c7898b369c73f64b3c491
File type data
Offset 45077
Size 193363
Entropy 7.97
PE imports
CreatePen
CreateCompatibleBitmap
CreateSolidBrush
SetPixelV
CreateCompatibleDC
StretchBlt
Rectangle
GetModuleFileNameA
GetStartupInfoA
ExitProcess
GetModuleHandleA
Ord(1775)
Ord(4080)
Ord(4710)
Ord(2414)
Ord(3597)
Ord(354)
Ord(4635)
Ord(1641)
Ord(3136)
Ord(6383)
Ord(665)
Ord(5440)
Ord(6375)
Ord(2515)
Ord(3626)
Ord(755)
Ord(3798)
Ord(2621)
Ord(3259)
Ord(2446)
Ord(2864)
Ord(4297)
Ord(1979)
Ord(4852)
Ord(815)
Ord(641)
Ord(5788)
Ord(1175)
Ord(5277)
Ord(2514)
Ord(4425)
Ord(4750)
Ord(5199)
Ord(4441)
Ord(1134)
Ord(4465)
Ord(2863)
Ord(5300)
Ord(1200)
Ord(4627)
Ord(1168)
Ord(4716)
Ord(3738)
Ord(4853)
Ord(2982)
Ord(4234)
Ord(825)
Ord(3081)
Ord(3092)
Ord(5307)
Ord(5442)
Ord(5067)
Ord(4375)
Ord(4424)
Ord(540)
Ord(4078)
Ord(2554)
Ord(6376)
Ord(4229)
Ord(1727)
Ord(823)
Ord(5785)
Ord(2107)
Ord(5186)
Ord(2379)
Ord(2725)
Ord(640)
Ord(4998)
Ord(800)
Ord(3749)
Ord(2512)
Ord(470)
Ord(4274)
Ord(5261)
Ord(2859)
Ord(4079)
Ord(1146)
Ord(3147)
Ord(2124)
Ord(6052)
Ord(1834)
Ord(3262)
Ord(1576)
Ord(3573)
Ord(4353)
Ord(5065)
Ord(4407)
Ord(3663)
Ord(3346)
Ord(858)
Ord(3693)
Ord(2396)
Ord(4608)
Ord(3831)
Ord(289)
Ord(6374)
Ord(5280)
Ord(3825)
Ord(2976)
Ord(323)
Ord(1089)
Ord(2985)
Ord(3922)
Ord(4160)
Ord(4376)
Ord(2405)
Ord(4607)
Ord(324)
Ord(3830)
Ord(2385)
Ord(3079)
Ord(2055)
Ord(4837)
Ord(5241)
Ord(6394)
Ord(5450)
Ord(2648)
Ord(5714)
Ord(5289)
Ord(3571)
Ord(4622)
Ord(561)
Ord(355)
Ord(1640)
Ord(4133)
Ord(5016)
Ord(2841)
Ord(4486)
Ord(4698)
Ord(613)
Ord(5163)
Ord(3452)
Ord(4834)
Ord(5265)
Ord(4673)
Ord(5302)
Ord(860)
Ord(5731)
__p__fmode
malloc
_acmdln
_ftol
fread
fclose
__dllonexit
fopen
_except_handler3
fseek
_onexit
ftell
exit
_XcptFilter
rewind
__setusermatherr
__p__commode
__CxxFrameHandler
_adjust_fdiv
__getmainargs
_controlfp
_setmbcp
_initterm
_exit
_CIacos
__set_app_type
DrawDibClose
DrawDibOpen
GetSystemMetrics
IsIconic
LoadCursorA
LoadIconA
EnableWindow
DrawIcon
SendMessageA
CheckRadioButton
GetClientRect
GetSystemMenu
AppendMenuA
WindowFromDC
FrameRect
GetDC
SetCursor
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2014:02:16 06:47:36+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
28672

LinkerVersion
2.0

FileTypeExtension
exe

InitializedDataSize
16384

SubsystemVersion
4.0

EntryPoint
0x77aa

OSVersion
0.0

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 b89a3fa96c68c54cdd9ffd18f4043fe7
SHA1 00e09e48fefd1c161dbaf18e30060bce6ffb7c40
SHA256 4f02becc8a20ea395d7720978b3b206b3c7cc69f3fd6601c11708ad0625872e1
ssdeep
6144:HWiJFMBQ+UJR8u6Sh18d79584nl9Twx3n1OBbE:cVwRh63539TwxX1OBI

authentihash dfed135c524909ad2d59fe474a647aa8d3d0284859c71872a6f0277853e43c34
imphash 55cc33ecd1165d9fce961bd16ec85340
File size 232.9 KB ( 238440 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (61.7%)
Win32 Dynamic Link Library (generic) (14.7%)
Win32 Executable (generic) (10.0%)
OS/2 Executable (generic) (4.5%)
Generic Win/DOS Executable (4.4%)
Tags
peexe overlay

VirusTotal metadata
First submission 2014-05-23 07:57:58 UTC ( 4 years, 10 months ago )
Last submission 2018-05-22 02:23:53 UTC ( 10 months ago )
File names _AnA.xlsb
nana.exe
b89a3fa96c68c54cdd9ffd18f4043fe7.vir
Advanced heuristic and reputation engines
TrendMicro-HouseCall
TrendMicro's heuristic engine has flagged this file as: TROJ_GEN.R034E03AE15.

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!