× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 57b55b77081eb1b0102320e584e307446a32630744aa8be180d4aee48453106c
File name: KnNSSW
Detection ratio: 44 / 51
Analysis date: 2014-07-11 03:14:29 UTC ( 4 years, 2 months ago )
Antivirus Result Update
Ad-Aware Worm.Generic.233759 20140710
Yandex VirTool.VBInject!yFjSJVA3XC8 20140710
AhnLab-V3 Worm/Win32.AutoRun 20140710
AntiVir TR/Dropper.Gen 20140711
AVG Dropper.Generic2.OP 20140710
Baidu-International Worm.Win32.Changeup.Aq 20140710
BitDefender Worm.Generic.233759 20140711
Bkav HW32.CDB.093b 20140710
CAT-QuickHeal Win32.Worm.VBNA.b.3.nop.b 20140710
ClamAV Trojan.Dropper.Agent-196 20140710
Commtouch W32/Risk.SYTB-4093 20140711
Comodo UnclassifiedMalware 20140710
DrWeb Trojan.PWS.CS.23 20140711
Emsisoft Worm.Generic.233759 (B) 20140711
ESET-NOD32 Win32/Koobface.NCT 20140711
F-Prot W32/MalwareS.VLQ 20140711
F-Secure Worm.Generic.233759 20140711
Fortinet W32/VBInjector.AGB!tr 20140711
GData Worm.Generic.233759 20140711
Ikarus Virus.Win32.VBInject 20140710
Jiangmin Worm/VBNA.ffsv 20140710
K7AntiVirus Backdoor ( 04c4e9be1 ) 20140710
K7GW Backdoor ( 04c4e9be1 ) 20140710
Kaspersky Worm.Win32.VBNA.b 20140711
Kingsoft Win32.Troj.Generic.(kcloud) 20140711
Malwarebytes Trojan.PWS 20140711
McAfee Artemis!CEA5FF456AAF 20140711
McAfee-GW-Edition Artemis!CEA5FF456AAF 20140711
Microsoft VirTool:Win32/VBInject.EZ 20140711
eScan Worm.Generic.233759 20140711
NANO-Antivirus Trojan.Win32.Koobface.ruza 20140711
Norman Oficla.A 20140710
Panda W32/Koobface.KG.worm 20140710
Qihoo-360 Win32/Trojan.cbf 20140711
Rising PE:Trojan.Win32.Generic.11EAE21E!300605982 20140710
Sophos AV W32/Koobface-AS 20140711
SUPERAntiSpyware Trojan.Agent/Gen 20140711
Symantec Packed.Generic.296 20140711
TrendMicro WORM_KOOBFACE.AC 20140711
TrendMicro-HouseCall WORM_KOOBFACE.AC 20140711
VBA32 SScope.Trojan.VBRA.3878 20140710
VIPRE VirTool.Win32.VBInject.gen.dg (v) 20140711
ViRobot Trojan.Win32.VBInject.110592 20140710
Zillya Worm.Koobface.Win32.5814 20140710
AegisLab 20140711
Antiy-AVL 20140711
ByteHero 20140711
CMC 20140710
TheHacker 20140708
TotalDefense 20140710
Zoner 20140708
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
hjxphJ

Publisher rcUUUv
Product ICAxJI
Original name KnNSSW.exe
Internal name KnNSSW
File version 3.03.0003
Description yMXqXK
Comments yfyoCA
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2010-04-08 13:30:48
Entry Point 0x000010B8
Number of sections 3
PE sections
PE imports
Ord(631)
ProcCallEngine
__vbaExceptHandler
EVENT_SINK_QueryInterface
Ord(100)
MethCallEngine
DllFunctionCall
Ord(644)
Ord(697)
EVENT_SINK_Release
EVENT_SINK_AddRef
Ord(516)
Ord(537)
RtlMoveMemory
GetProcAddress
LoadLibraryA
CallWindowProcW
Number of PE resources by type
RT_ICON 3
8 1
RT_GROUP_ICON 1
RT_VERSION 1
Number of PE resources by language
NEUTRAL 4
ENGLISH US 1
ARABIC NEUTRAL 1
PE resources
ExifTool file metadata
CodeSize
12288

SubsystemVersion
4.0

Comments
yfyoCA

LinkerVersion
6.0

ImageVersion
3.3

FileSubtype
0

FileVersionNumber
3.3.0.3

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

FileDescription
yMXqXK

CharacterSet
Unicode

InitializedDataSize
61440

FileOS
Win32

MIMEType
application/octet-stream

LegalCopyright
hjxphJ

FileVersion
3.03.0003

TimeStamp
2010:04:08 14:30:48+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
KnNSSW

FileAccessDate
2014:07:11 04:16:05+01:00

ProductVersion
3.03.0003

UninitializedDataSize
0

OSVersion
4.0

FileCreateDate
2014:07:11 04:16:05+01:00

OriginalFilename
KnNSSW.exe

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
rcUUUv

LegalTrademarks
cTDSLb

ProductName
ICAxJI

ProductVersionNumber
3.3.0.3

EntryPoint
0x10b8

ObjectFileType
Executable application

File identification
MD5 cea5ff456aaf6bb406d41cd235a9be07
SHA1 ce2a13a178c7dd1ad13783ce54de685f13193615
SHA256 57b55b77081eb1b0102320e584e307446a32630744aa8be180d4aee48453106c
ssdeep
1536:WrDorAMfe8xkUnyq5wAegPLgV9MakKM2bDzy6F5:WrDyfeayq59Dg8lKM2PzX5

imphash 56795a3c21ef58188b1a8c6805512499
File size 76.0 KB ( 77824 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (69.4%)
Win64 Executable (generic) (23.3%)
Win32 Executable (generic) (3.8%)
Generic Win/DOS Executable (1.6%)
DOS Executable Generic (1.6%)
Tags
peexe

VirusTotal metadata
First submission 2010-04-08 16:40:12 UTC ( 8 years, 5 months ago )
Last submission 2011-07-16 12:33:57 UTC ( 7 years, 2 months ago )
File names KnNSSW.exe
CEA5FF456AAF6BB406D41CD235A9BE07
KnNSSW
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!