× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 55600ae0b6e1e11824c31c6f93aa240ba2726949f39338e38e3e5d5b5265e741
File name: Tuckner
Detection ratio: 44 / 56
Analysis date: 2014-12-26 10:47:30 UTC ( 2 years, 4 months ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Graftor.167425 20141227
Yandex Trojan.Agent!NteaAxZj41w 20141225
AhnLab-V3 Trojan/Win32.MDA 20141226
ALYac Gen:Variant.Graftor.167425 20141226
Antiy-AVL Trojan[:HEUR]/Win32.AGeneric 20141227
Avast Win32:Malware-gen 20141227
AVG Luhe.Gen.C 20141226
Avira (no cloud) TR/Injector.246272.8 20141226
AVware Trojan.Win32.Generic!BT 20141226
Baidu-International Trojan.Win32.Injector.BBRHO 20141226
BitDefender Gen:Variant.Graftor.167425 20141227
CAT-QuickHeal VirTool.VBInject.LE3 20141226
CMC Heur.Win32.Veebee.1!O 20141218
Comodo UnclassifiedMalware 20141226
Cyren W32/Trojan.ZZNW-3334 20141226
DrWeb Trojan.PWS.Panda.655 20141227
Emsisoft Gen:Variant.Graftor.167425 (B) 20141227
ESET-NOD32 a variant of Win32/Injector.BRHO 20141226
F-Secure Gen:Variant.Graftor.167425 20141226
Fortinet W32/Injector.BQPX!tr 20141226
GData Gen:Variant.Graftor.167425 20141226
Ikarus Trojan.Win32.Injector 20141226
K7AntiVirus Trojan ( 004b25c31 ) 20141226
K7GW Trojan ( 050000001 ) 20141226
Kaspersky HEUR:Trojan.Win32.Generic 20141226
Malwarebytes Trojan.Agent 20141226
McAfee Generic-FAVL!24353853A930 20141227
McAfee-GW-Edition BehavesLike.Win32.AAEH.dh 20141226
Microsoft PWS:Win32/Zbot.gen!ZA 20141226
eScan Gen:Variant.Graftor.167425 20141227
NANO-Antivirus Trojan.Win32.Panda.dkoafc 20141226
Norman Troj_Generic.XRLSY 20141226
nProtect Trojan/W32.Agent.246272.HE 20141226
Panda Trj/CI.A 20141226
Qihoo-360 HEUR/QVM03.0.Malware.Gen 20141227
Rising PE:Trojan.Win32.Generic.17D47088!399798408 20141225
Sophos Troj/Zbot-JJB 20141226
Symantec Trojan.Zbot 20141226
Tencent Win32.Trojan.Inject.Auto 20141227
TotalDefense Win32/Zbot.WDRFdP 20141226
TrendMicro TROJ_FRS.0NA000LH14 20141226
TrendMicro-HouseCall TROJ_FRS.0NA000LH14 20141226
VIPRE Trojan.Win32.Generic!BT 20141226
ViRobot Trojan.Win32.S.Agent.246272.AL[h] 20141226
AegisLab 20141227
Bkav 20141226
ByteHero 20141227
ClamAV 20141226
F-Prot 20141226
Jiangmin 20141226
Kingsoft 20141227
SUPERAntiSpyware 20141226
TheHacker 20141224
VBA32 20141226
Zillya 20141226
Zoner 20141226
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Publisher PetaBit Exlimites
Product Swiper's
Original name Tuckner.exe
Internal name Tuckner
File version 1.08.0008
Description Procommu neoro
Comments TurtleShield 2011
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-12-17 05:30:05
Entry Point 0x00001438
Number of sections 3
PE sections
PE imports
__vbaWriteFile
_adj_fdiv_m32
Ord(617)
Ord(554)
_adj_fpatan
__vbaEnd
__vbaRedim
Ord(521)
__vbaVarDup
Ord(570)
__vbaStrMove
_adj_fdivr_m64
__vbaAryUnlock
_adj_fprem
Ord(558)
EVENT_SINK_AddRef
Ord(691)
__vbaFreeObjList
__vbaLateMemCall
__vbaFileClose
_adj_fdiv_m32i
__vbaStrCopy
Ord(702)
__vbaExceptHandler
__vbaSetSystemError
__vbaFreeVarList
__vbaFpCSngR4
DllFunctionCall
__vbaFPException
__vbaStrVarMove
Ord(626)
_adj_fdivr_m16i
__vbaUbound
EVENT_SINK_Release
Ord(563)
_adj_fdiv_r
Ord(517)
__vbaDerefAry1
Ord(599)
__vbaFreeVar
__vbaInStrB
Ord(100)
__vbaChkstk
__vbaObjSetAddref
_CItan
__vbaFileOpen
_adj_fdiv_m64
__vbaFreeObj
__vbaHresultCheckObj
_CIsqrt
_CIsin
_CIlog
_allmul
__vbaAryLock
_CIcos
Ord(595)
EVENT_SINK_QueryInterface
__vbaCastObj
_adj_fptan
Ord(685)
Ord(593)
Ord(628)
Ord(704)
Ord(716)
__vbaObjSet
Ord(646)
_CIatan
__vbaNew2
__vbaLateIdSt
Ord(618)
_adj_fdivr_m32i
__vbaAryDestruct
_CIexp
__vbaStrI2
_adj_fprem1
_adj_fdivr_m32
__vbaStrCat
__vbaFreeStrList
__vbaFpI4
__vbaFreeStr
_adj_fdiv_m16i
Number of PE resources by type
RT_ICON 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 2
ITALIAN 1
PE resources
ExifTool file metadata
SubsystemVersion
4.0

Comments
TurtleShield 2011

InitializedDataSize
12288

ImageVersion
1.8

ProductName
Swiper's

FileVersionNumber
1.8.0.8

UninitializedDataSize
0

LanguageCode
Italian

FileFlagsMask
0x0000

CharacterSet
Unicode

LinkerVersion
6.0

OriginalFilename
Tuckner.exe

MIMEType
application/octet-stream

FileVersion
1.08.0008

TimeStamp
2014:12:17 06:30:05+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Tuckner

FileAccessDate
2014:12:27 00:30:55+01:00

ProductVersion
1.08.0008

FileDescription
Procommu neoro

OSVersion
4.0

FileCreateDate
2014:12:27 00:30:55+01:00

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
PetaBit Exlimites

CodeSize
233472

FileSubtype
0

ProductVersionNumber
1.8.0.8

EntryPoint
0x1438

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 24353853a930eacef7d3f1c0a57a7aa2
SHA1 cf7ec010ad6e473891571f4b2e8163f2f3c9a78b
SHA256 55600ae0b6e1e11824c31c6f93aa240ba2726949f39338e38e3e5d5b5265e741
ssdeep
3072:xsa7Lqkf3bFYzNExwxdwfHEf87kBJeN7P0HH0Exjm4agbk4/di/mDm4jI:Nf3bFOwfTAbeF8n0ENbr/k

authentihash 49d08fc8cd3bdad9b7e23c14179a90c9de8944ebd23e4bc6cc0cf87b1c44718f
imphash 08c67500ffe50ac5b95c85e88104c37d
File size 240.5 KB ( 246272 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (90.5%)
Win32 Executable (generic) (4.9%)
Generic Win/DOS Executable (2.2%)
DOS Executable Generic (2.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe

VirusTotal metadata
First submission 2014-12-17 07:37:09 UTC ( 2 years, 4 months ago )
Last submission 2014-12-18 04:37:34 UTC ( 2 years, 4 months ago )
File names 24353853a930eacef7d3f1c0a57a7aa2
BL-753574
Tuckner
55600ae0b6e1e11824c31c6f93aa240ba2726949f39338e38e3e5d5b5265e741.exe
Tuckner.exe
BL-753574 & P.I 3025-4.exe
BL-753574.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Created processes
Terminated processes
Opened mutexes
Hooking activity
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.