× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 598e3296f49ae9656ff80d46070be6505372a9a2a6b6e7cffdb357a87554e344
File name: obiquotation.exe
Detection ratio: 42 / 54
Analysis date: 2014-06-17 00:33:45 UTC ( 3 years ago )
Antivirus Result Update
Ad-Aware Gen:Trojan.Heur.omX@srJbiZoa2 20140617
Yandex Trojan.Buzus!71dG0magtns 20140614
AhnLab-V3 Spyware/Win32.Zbot 20140616
AntiVir TR/VB.Inject.qopannx 20140616
Antiy-AVL Trojan/Win32.Buzus 20140616
Avast Win32:Trojan-gen 20140617
AVG Inject2.AFWL 20140616
Baidu-International Trojan.Win32.Injector.bBEXN 20140616
BitDefender Gen:Trojan.Heur.omX@srJbiZoa2 20140617
Bkav HW32.CDB.9de9 20140616
ClamAV BC.Heuristic.Trojan.SusPacked.BF-6.B 20140616
CMC Heur.Win32.VBKrypt.3!O 20140616
DrWeb Trojan.PWS.Panda.7278 20140617
Emsisoft Gen:Trojan.Heur.omX@srJbiZoa2 (B) 20140617
ESET-NOD32 a variant of Win32/Injector.BFRQ 20140616
F-Secure Gen:Trojan.Heur.omX@srJbiZoa2 20140616
Fortinet W32/Buzus.BDNW!tr 20140616
GData Gen:Trojan.Heur.omX@srJbiZoa2 20140617
Ikarus Trojan.Inject2 20140616
K7AntiVirus Trojan ( 0049a12d1 ) 20140616
K7GW Trojan ( 0049a12d1 ) 20140616
Kaspersky Trojan.Win32.Buzus.onuu 20140616
Kingsoft Win32.Troj.Buzus.on.(kcloud) 20140617
Malwarebytes Spyware.Password 20140616
McAfee RDN/Generic PWS.y!zr 20140617
McAfee-GW-Edition RDN/Generic PWS.y!zr 20140616
Microsoft PWS:Win32/Zbot 20140616
eScan Gen:Trojan.Heur.omX@srJbiZoa2 20140616
NANO-Antivirus Trojan.Win32.Buzus.cywqpx 20140617
Norman Troj_Generic.UAJQD 20140616
Panda Trj/Genetic.gen 20140616
Qihoo-360 Win32/Trojan.2ff 20140617
Rising PE:Malware.FakePDF@CV!1.6AB2 20140616
Sophos Mal/VB-AMC 20140617
SUPERAntiSpyware Trojan.Agent/Gen-Dynamer 20140617
Symantec Trojan.Zbot 20140617
Tencent Win32.Trojan.Buzus.Akyu 20140617
TrendMicro TROJ_GEN.R0CBC0EEN14 20140617
TrendMicro-HouseCall TROJ_GEN.R0CBC0EEN14 20140616
VBA32 Trojan.Buzus 20140616
VIPRE Trojan.Win32.Generic.pak!cobra 20140616
Zillya Trojan.Buzus.Win32.120806 20140616
AegisLab 20140617
ByteHero 20140617
CAT-QuickHeal 20140616
Commtouch 20140617
Comodo 20140617
F-Prot 20140617
Jiangmin 20140616
nProtect 20140616
TheHacker 20140616
TotalDefense 20140616
ViRobot 20140616
Zoner 20140616
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-05-09 14:26:08
Entry Point 0x00001134
Number of sections 3
PE sections
PE imports
EVENT_SINK_QueryInterface
Ord(518)
Ord(648)
Ord(685)
Ord(558)
Ord(617)
EVENT_SINK_AddRef
Ord(717)
Ord(600)
__vbaExceptHandler
Ord(632)
MethCallEngine
DllFunctionCall
Ord(578)
__vbaCopyBytes
Ord(589)
Ord(608)
Ord(561)
Ord(520)
Ord(100)
Ord(526)
ProcCallEngine
Ord(711)
EVENT_SINK_Release
Ord(595)
Ord(666)
Ord(644)
Ord(588)
Ord(619)
Ord(698)
Number of PE resources by type
RT_ICON 2
Struct(28) 1
RT_HTML 1
Struct(26) 1
Struct(27) 1
RT_GROUP_ICON 1
Number of PE resources by language
VENDA DEFAULT 4
NEUTRAL 3
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2014:05:09 15:26:08+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
73728

LinkerVersion
8.0

FileAccessDate
2014:06:17 01:34:22+01:00

Warning
Error processing PE data dictionary

EntryPoint
0x1134

InitializedDataSize
155648

SubsystemVersion
4.0

ImageVersion
1.0

OSVersion
4.0

FileCreateDate
2014:06:17 01:34:22+01:00

UninitializedDataSize
0

File identification
MD5 e5ac05f739a8e4d95982ec61e7ab63a2
SHA1 7ce09238e98389e78f2305aad8bef389bf8602f1
SHA256 598e3296f49ae9656ff80d46070be6505372a9a2a6b6e7cffdb357a87554e344
ssdeep
3072:+mNdfNTc9QcWoHT66FA3WJdTpd5MVxBwdLrzyfUspK6aRDTDsmMRnUsM5Lywl7op:++A5T66FBJ3MVxBAuHytUdRs+oooQQy

imphash b39a89a7f472bf88c1e48317fb1cd97b
File size 232.4 KB ( 238028 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (69.4%)
Win64 Executable (generic) (23.3%)
Win32 Executable (generic) (3.8%)
Generic Win/DOS Executable (1.6%)
DOS Executable Generic (1.6%)
Tags
peexe

VirusTotal metadata
First submission 2014-05-22 13:09:27 UTC ( 3 years, 1 month ago )
Last submission 2014-05-23 15:24:21 UTC ( 3 years, 1 month ago )
File names obiquotation.exe
232fe0264406711216053fe61911aba87143c75b
27433473
output.27433473.txt
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created processes
Shell commands
Opened mutexes
Hooking activity
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.