× Cookies are disabled! This site requires cookies to be enabled to work properly
VirusTotal
SHA256: 4f577c346a8fd0348c9527291b694c027b87ca55e006e976e5f1e1efba177482
File name: 6F26.exe
Detection ratio: 36 / 55
Analysis date: 2014-10-10 19:44:50 UTC ( 4 years, 4 months ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Symmi.45049 20141010
AegisLab Troj.W32.Inject 20141010
AhnLab-V3 Trojan/Win32.NgrBot 20141010
Antiy-AVL Trojan/Win32.Agent 20141010
Avast Win32:Inject-BJO [Trj] 20141010
AVG BackDoor.Dorkbot.U 20141010
Avira (no cloud) TR/Dropper.VB.18904 20141010
Baidu-International Trojan.Win32.Agent.AyMb 20141010
BitDefender Gen:Variant.Symmi.45049 20141010
ByteHero Virus.Win32.Heur.p 20141010
CMC Heur.Win32.Veebee.1!O 20141009
Cyren W32/Trojan.EFXN-5795 20141010
Emsisoft Gen:Variant.Symmi.45049 (B) 20141010
ESET-NOD32 a variant of Win32/Injector.BJSY 20141010
F-Secure Gen:Variant.Symmi.45049 20141010
Fortinet W32/Agent.AHHQF!tr 20141010
GData Gen:Variant.Symmi.45049 20141010
Ikarus Worm.Win32.Ngrbot 20141010
K7AntiVirus Trojan ( 004a018e1 ) 20141010
K7GW Trojan ( 004a018e1 ) 20141010
Kaspersky Trojan.Win32.Agent.ahhqf 20141010
Malwarebytes Trojan.Ransom.ED 20141010
McAfee Bot-FFK!90B9394CE48B 20141010
McAfee-GW-Edition BehavesLike.Win32.VBObfus.ch 20141010
Microsoft TrojanClicker:Win32/Tolouge 20141010
eScan Gen:Variant.Symmi.45049 20141010
NANO-Antivirus Trojan.Win32.Agent.deqrup 20141010
Norman Troj_Generic.VPOYP 20141010
nProtect Worm/W32.Ngrbot.183327 20141010
Panda Trj/Genetic.gen 20141010
Qihoo-360 HEUR/Malware.QVM03.Gen 20141010
Sophos AV Mal/Generic-S 20141010
SUPERAntiSpyware Trojan.Agent/Gen-Symmi 20141010
Symantec WS.Reputation.1 20141010
VBA32 Worm.Ngrbot 20141010
Zillya Trojan.Agent.Win32.482922 20141009
Yandex 20141010
AVware 20141010
Bkav 20141010
CAT-QuickHeal 20141010
ClamAV 20141010
Comodo 20141010
DrWeb 20141010
F-Prot 20141009
Jiangmin 20141010
Kingsoft 20141010
Rising 20141010
Tencent 20141010
TheHacker 20141010
TotalDefense 20141010
TrendMicro 20141010
TrendMicro-HouseCall 20141010
VIPRE 20141010
ViRobot 20141010
Zoner 20141010
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-08-24 15:48:56
Entry Point 0x000013E4
Number of sections 3
PE sections
PE imports
[+] MSVBVM60.DLL
_adj_fdiv_m32
_adj_fdiv_m32i
DllFunctionCall
__vbaVarDup
__vbaEnd
__vbaGenerateBoundsError
_allmul
Ord(516)
__vbaPutOwner4
__vbaErase
_adj_fprem
Ord(712)
__vbaLenBstr
__vbaFreeStrList
_CIatan
__vbaFreeObjList
Ord(681)
__vbaUI1Str
Ord(717)
__vbaExceptHandler
__vbaSetSystemError
__vbaFreeVarList
Ord(632)
__vbaRedim
__vbaStrCmp
__vbaFPException
__vbaAryVar
__vbaStrVarMove
__vbaFileOpen
Ord(578)
__vbaVar2Vec
_adj_fdiv_r
__vbaFreeObj
__vbaFreeVar
__vbaVarTstNe
__vbaChkstk
Ord(619)
__vbaMidStmtBstr
__vbaI4Var
__vbaVarLateMemCallLd
Ord(100)
__vbaAryUnlock
__vbaHresultCheckObj
__vbaStrVarVal
__vbaGet3
Ord(711)
Ord(606)
__vbaStrCopy
__vbaAryLock
_CIsin
Ord(595)
EVENT_SINK_QueryInterface
_adj_fptan
Ord(685)
__vbaFileClose
Ord(581)
__vbaLineInputStr
_CIcos
__vbaObjSet
__vbaAryCopy
_CIsqrt
Ord(608)
__vbaNew2
Ord(644)
__vbaVarCat
_adj_fdivr_m32i
Ord(631)
__vbaAryDestruct
_CIexp
__vbaStrMove
_adj_fprem1
_adj_fdivr_m32
__vbaStrCat
Ord(537)
_CItan
__vbaFpI4
__vbaFreeStr
_adj_fdiv_m16i
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2013:08:24 16:48:56+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
45056

LinkerVersion
6.21

FileAccessDate
2014:10:10 20:46:11+01:00

EntryPoint
0x13e4

InitializedDataSize
135168

SubsystemVersion
4.41456

ImageVersion
45.6

OSVersion
4.1772

FileCreateDate
2014:10:10 20:46:11+01:00

UninitializedDataSize
0

File identification
MD5 90b9394ce48b368aeb8faf9db1e56cde
SHA1 be1e3e5fec922b1d024c3dba3862fb3538453bd9
SHA256 4f577c346a8fd0348c9527291b694c027b87ca55e006e976e5f1e1efba177482
ssdeep
3072:MGOyVaWDhsBDG9FQVd/di4Q8qHCJXuqCKNZTtLrksiqy5Y5a:MSVaW1WDGCL3qiJVCUZRksiqy5z

authentihash db7b2e00bb300ae3f2e1c505c0a49303d2ee7b78455604808ee389db50375db6
imphash c3b133bd0152d46dba6da68b162e5d16
File size 179.0 KB ( 183327 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit system file

TrID Win32 Executable (generic) (52.9%)
Generic Win/DOS Executable (23.5%)
DOS Executable Generic (23.4%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe

VirusTotal metadata
First submission 2014-09-03 09:11:25 UTC ( 4 years, 5 months ago )
Last submission 2014-10-10 19:44:50 UTC ( 4 years, 4 months ago )
File names 11EA.exe
9711.exe
EE64.exe
6F26.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!
More comments

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

Sign in Join the community
No votes. No one has voted on this item yet, be the first one to do so!
More votes
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Hooking activity
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.
Blog | Twitter | Contact us | ToS | Privacy policy