× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 50c0ecaea1872ce9e2875893f924b96495d065726dd1d8aff2f24f84d8ce3f55
File name: 893476f393033e49e7d10d04b2d5d9af
Detection ratio: 41 / 51
Analysis date: 2014-04-06 07:30:27 UTC ( 1 week, 4 days ago )
Antivirus Result Update
AVG PSW.Banker6.PEU 20140405
Ad-Aware Backdoor.VB.Agent.BQ 20140406
Agnitum Trojan.DR.Dapato!se4h1z3/t9U 20140405
AntiVir TR/Virtool.Vbcrypt.EC.24 20140405
Avast Win32:VBCrypt-CL [Trj] 20140406
Baidu-International Trojan.Win32.Banker.As 20140405
BitDefender Backdoor.VB.Agent.BQ 20140406
Bkav W32.Clod544.Trojan.78c2 20140405
CAT-QuickHeal TrojanDropper.Dapato.xak.cw3 20140405
CMC Trojan-Downloader.Win32.VB!O 20140404
Commtouch W32/Trojan.XYPM-6678 20140406
Comodo UnclassifiedMalware 20140406
DrWeb Trojan.Siggen3.13258 20140406
ESET-NOD32 Win32/Spy.Bancos.OKC 20140405
Emsisoft Backdoor.VB.Agent.BQ (B) 20140406
F-Prot W32/Trojan2.NPZL 20140406
F-Secure Backdoor.VB.Agent.BQ 20140406
Fortinet W32/Dapato.XAK!tr 20140406
GData Backdoor.VB.Agent.BQ 20140406
Ikarus Trojan-Dropper.Win32.Dapato 20140406
K7AntiVirus Trojan ( 003480601 ) 20140404
K7GW Trojan ( 003480601 ) 20140404
Kaspersky Trojan-Dropper.Win32.Dapato.xak 20140406
Kingsoft Win32.Troj.Generic.(kcloud) 20140406
McAfee Generic.il 20140406
McAfee-GW-Edition Heuristic.BehavesLike.Win32.Suspicious-BAY.K 20140405
MicroWorld-eScan Backdoor.VB.Agent.BQ 20140406
Microsoft TrojanSpy:Win32/Bancos.AGF 20140406
NANO-Antivirus Trojan.Win32.Bancos.iptje 20140406
Norman Troj_Generic.BWRO 20140406
Panda Generic Malware 20140405
Qihoo-360 HEUR/Malware.QVM03.Gen 20140406
Sophos Troj/Dapato-C 20140406
Symantec Trojan.Gen 20140406
TheHacker Trojan/Dropper.Dapato.xak 20140404
TotalDefense Win32/VB.BRA 20140405
TrendMicro TROJ_DROPPER.TWU 20140406
TrendMicro-HouseCall TROJ_DROPPER.TWU 20140406
VBA32 TrojanDropper.Dapato 20140404
VIPRE Trojan.Win32.Generic!BT 20140406
nProtect Backdoor.VB.Agent.BQ 20140404
AegisLab 20140406
AhnLab-V3 20140405
Antiy-AVL 20140406
ByteHero 20140406
ClamAV 20140406
Jiangmin 20140406
Malwarebytes 20140406
Rising 20140405
SUPERAntiSpyware 20140405
ViRobot 20140406
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block
Publisher Ghost Systems and Recon
Product Project1
Original name Project1.exe
Internal name Project1
File version 1.00
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-01-11 02:54:59
Link date 3:54 AM 1/11/2012
Entry Point 0x00001654
Number of sections 3
PE sections
PE imports
_adj_fdivr_m64
Ord(546)
Ord(537)
_allmul
Ord(527)
_adj_fprem
__vbaObjVar
_adj_fdiv_r
__vbaObjSetAddref
Ord(100)
__vbaHresultCheckObj
__vbaI2Var
_CIlog
Ord(616)
_adj_fptan
Ord(608)
__vbaFreeStr
Ord(631)
__vbaStrI2
__vbaFreeVarg
__vbaI2I4
_adj_fdiv_m16i
EVENT_SINK_QueryInterface
Ord(516)
__vbaLenBstr
Ord(594)
_adj_fdiv_m32i
Ord(600)
__vbaExceptHandler
__vbaSetSystemError
DllFunctionCall
__vbaFreeVar
__vbaBoolVarNull
__vbaInStrVar
EVENT_SINK_Release
Ord(593)
Ord(716)
__vbaOnError
_adj_fdivr_m32i
Ord(579)
__vbaStrCat
__vbaVarDup
__vbaChkstk
__vbaStrCmp
__vbaFreeStrList
__vbaFreeObjList
Ord(666)
__vbaFreeVarList
__vbaStrVarMove
Ord(618)
__vbaExitProc
__vbaVarOr
__vbaCastObj
__vbaLateMemCallLd
__vbaFreeObj
_adj_fdivr_m32
__vbaStrVarVal
_CIcos
__vbaErrorOverflow
__vbaNew2
__vbaR8IntI2
__vbaVarCmpEq
__vbaStrMove
_adj_fprem1
_adj_fdiv_m32
__vbaEnd
Ord(685)
Ord(572)
EVENT_SINK_AddRef
_adj_fpatan
Ord(712)
__vbaStrCopy
__vbaFPException
_adj_fdivr_m16i
_adj_fdiv_m64
Ord(519)
_CIsin
_CIsqrt
__vbaVarCopy
_CIatan
__vbaLateMemCall
__vbaObjSet
__vbaVarCat
_CIexp
_CItan
__vbaFpI4
Number of PE resources by type
RT_ICON 4
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 5
PORTUGUESE BRAZILIAN 1
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
6.0

ImageVersion
1.0

FileSubtype
0

FileVersionNumber
1.0.0.0

LanguageCode
Portuguese (Brazilian)

FileFlagsMask
0x0000

CharacterSet
Unicode

InitializedDataSize
77824

FileOS
Win32

MIMEType
application/octet-stream

FileVersion
1.0

TimeStamp
2012:01:11 03:54:59+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Project1

FileAccessDate
2014:04:06 08:29:59+01:00

ProductVersion
1.0

SubsystemVersion
4.0

OSVersion
4.0

FileCreateDate
2014:04:06 08:29:59+01:00

OriginalFilename
Project1.exe

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Ghost Systems and Recon

CodeSize
61440

ProductName
Project1

ProductVersionNumber
1.0.0.0

EntryPoint
0x1654

ObjectFileType
Executable application

File identification
MD5 893476f393033e49e7d10d04b2d5d9af
SHA1 4c6144b6182d2aff318c421d33abf92f289a8225
SHA256 50c0ecaea1872ce9e2875893f924b96495d065726dd1d8aff2f24f84d8ce3f55
ssdeep
768:PsGH9ewraDQR2FM/r4vuTmCXLd2rvkjfkYWbKOJOUVnu3xizmCXL:UGvuODbmCXL+kDzUmizmCXL

imphash 2841dc5196f44081d95fd073bb8eb06d
File size 80.0 KB ( 81920 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (84.4%)
Win32 Dynamic Link Library (generic) (6.7%)
Win32 Executable (generic) (4.6%)
Generic Win/DOS Executable (2.0%)
DOS Executable Generic (2.0%)
Tags
peexe

VirusTotal metadata
First submission 2012-01-11 16:06:02 UTC ( 2 years, 3 months ago )
Last submission 2014-04-06 07:30:27 UTC ( 1 week, 4 days ago )
File names 893476f393033e49e7d10d04b2d5d9af.exe
13264338811393609805
Project1.exe
4c6144b6182d2aff318c421d33abf92f289a8225.bin
BoletoNF10599_Jan2012.php?Boleto-user%EMAIL%
13262988956645465856
13263321376103496927
BoletoNF10599_Jan2012.PDF.com.vir
893476f393033e49e7d10d04b2d5d9af
BoletoNF10599_Jan2012.PDF.com
893476f393033e49e7d10d04b2d5d9af
BoletoNF10599_Jan2012.php?Boleto-user%25EMAIL%25
Project1
BoletoNF10599_Jan2012.php
13262979606648840184
4c6144b6182d2aff318c421d33abf92f289a8225.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!