× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 5a791f18a8535926c360b3c543f314aa961def38c944583bad87e9a9f12d6e5e
File name: Setup.exe
Detection ratio: 32 / 43
Analysis date: 2011-01-30 17:50:07 UTC ( 3 years, 2 months ago ) View latest
Antivirus Result Update
AVG BackDoor.Generic13.ADWK 20110130
AhnLab-V3 Backdoor/Win32.Bifrose 20110127
AntiVir BDS/Bifrose.dmvq.4 20110128
Antiy-AVL Backdoor/Win32.Bifrose.gen 20110128
Avast Win32:Malware-gen 20110130
Avast5 Win32:Malware-gen 20110130
BitDefender Trojan.Generic.KDV.114071 20110130
CAT-QuickHeal Backdoor.Bifrose.dmvq 20110130
Comodo UnclassifiedMalware 20110130
DrWeb Trojan.Inject.20633 20110130
Emsisoft Backdoor.Win32.Bifrose!IK 20110130
F-Secure Trojan.Generic.KDV.114071 20110130
Fortinet W32/Bifrose.DMVQ!tr.bdr 20110130
GData Trojan.Generic.KDV.114071 20110130
Ikarus Backdoor.Win32.Bifrose 20110130
Jiangmin Backdoor/Bifrose.egy 20110130
K7AntiVirus Backdoor 20110129
Kaspersky Backdoor.Win32.Bifrose.dmvq 20110130
McAfee Generic BackDoor!cvf 20110130
McAfee-GW-Edition Generic BackDoor!cvf 20110130
Microsoft Worm:Win32/Rebhip.A 20110130
NOD32 a variant of Win32/Injector.EIQ 20110130
PCTools Trojan.Gen 20110129
Panda Generic Malware 20110130
Prevx High Risk Cloaked Malware 20110130
Rising Trojan.Win32.Generic.127434C3 20110128
SUPERAntiSpyware Trojan.Agent/Gen-Faldesc 20110130
Symantec Trojan.Gen 20110130
TrendMicro TROJ_GEN.R47C1AQ 20110130
TrendMicro-HouseCall TROJ_GEN.R47C1AQ 20110130
VIPRE Trojan.Win32.Generic!BT 20110130
VirusBuster Backdoor.Bifrose!drFQT01wxcE 20110130
ClamAV 20110130
Commtouch 20110130
F-Prot 20110129
Norman 20110130
Sophos 20110130
TheHacker 20110126
VBA32 20110129
ViRobot 20110130
eSafe 20110130
eTrust-Vet 20110128
nProtect 20110118
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block
Copyright
isbaNAbxJZF

Publisher MPfABLUP
Product cVdGTS
Version 6.48.0077
Original name xfcy90ubjoxcfihjoszhjuse5pzhserdg.exe
Internal name xfcy90ubjoxcfihjoszhjuse5pzhserdg
File version 6.48.0077
Description JNnbZSliEbzF
Comments IcwOJy
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2011-01-15 11:38:47
Link date 12:38 PM 1/15/2011
Entry Point 0x000023A8
Number of sections 3
PE sections
PE imports
_adj_fdivr_m64
Ord(546)
Ord(518)
__vbaGenerateBoundsError
__vbaStrFixstr
_allmul
Ord(616)
__vbaRedimPreserveVar
__vbaGet3
_adj_fprem
__vbaR8ErrVar
__vbaAryMove
__vbaObjVar
__vbaForEachVar
Ord(665)
Ord(714)
__vbaVarAnd
__vbaRedim
Ord(537)
__vbaRefVarAry
__vbaCopyBytes
__vbaRaiseEvent
_adj_fdiv_r
__vbaLsetFixstrFree
__vbaUI1I2
__vbaRecAnsiToUni
__vbaObjSetAddref
__vbaFixstrConstruct
Ord(517)
__vbaHresultCheckObj
__vbaI2Var
__vbaVargVarRef
_CIlog
__vbaVarMul
Ord(595)
__vbaVarLateMemCallLd
_adj_fptan
__vbaFileClose
Ord(581)
__vbaDerefAry
__vbaI4Var
Ord(601)
__vbaRecUniToAnsi
Ord(608)
__vbaFreeStr
__vbaLateIdCallLd
Ord(631)
__vbaStrI2
__vbaStrR8
Ord(588)
Ord(709)
__vbaFreeStrList
__vbaI2I4
_adj_fdiv_m16i
EVENT_SINK_QueryInterface
__vbaFpUI1
Ord(617)
Ord(648)
Ord(516)
__vbaNextEachVar
Ord(607)
__vbaLenBstr
Ord(525)
__vbaResume
__vbaNextEachCollAd
__vbaRedimPreserve
Ord(681)
Ord(580)
__vbaFpCDblR8
__vbaInStr
_adj_fdiv_m32i
Ord(717)
Ord(600)
__vbaExceptHandler
__vbaVarTstLe
DllFunctionCall
__vbaVarMod
__vbaUbound
__vbaDerefAry1
__vbaFreeVar
__vbaBoolVarNull
__vbaStrI4
__vbaLbound
Ord(100)
__vbaFileOpen
_CIsin
Ord(711)
__vbaInStrVar
__vbaAryLock
__vbaLsetFixstr
__vbaVarTstEq
Ord(666)
__vbaStrMove
__vbaExitEachColl
Ord(582)
Ord(716)
__vbaOnError
_adj_fdivr_m32i
Ord(579)
__vbaStrCat
__vbaVarDup
__vbaStrLike
__vbaVarLateMemCallSt
__vbaChkstk
__vbaVarNeg
__vbaPrintFile
EVENT_SINK_Release
__vbaStrCmp
Ord(570)
__vbaErase
__vbaBoolVar
__vbaVarLateMemSt
__vbaStr2Vec
__vbaStrVarCopy
__vbaFreeObjList
__vbaVarIndexLoad
Ord(583)
__vbaVar2Vec
__vbaVarForNext
__vbaFreeVarList
__vbaStrVarMove
Ord(578)
__vbaCastObj
__vbaExitProc
__vbaVarOr
__vbaVarTstNe
Ord(618)
__vbaLateMemCallLd
__vbaAryConstruct2
Ord(520)
__vbaFreeObj
_adj_fdivr_m32
__vbaStrVarVal
__vbaVarSub
Ord(660)
__vbaVarInt
_CIcos
Ord(713)
Ord(528)
__vbaStrErrVarCopy
__vbaVarCmpNe
__vbaVarMove
__vbaFPInt
__vbaErrorOverflow
__vbaStrUI1
__vbaNew2
__vbaLateIdSt
__vbaR8IntI2
__vbaAryUnlock
__vbaVarCmpEq
__vbaAryDestruct
__vbaAryCopy
_adj_fprem1
Ord(619)
_adj_fdiv_m32
__vbaLenVar
__vbaEnd
__vbaVarZero
Ord(644)
Ord(685)
__vbaUI1ErrVar
Ord(712)
__vbaVarIndexStore
__vbaVarLateMemCallLdRf
_adj_fpatan
EVENT_SINK_AddRef
__vbaVarIndexLoadRefLock
__vbaVarForInit
__vbaVarVargNofree
Ord(591)
__vbaI4ErrVar
Ord(632)
__vbaFPException
__vbaAryVar
__vbaStrToUnicode
_adj_fdivr_m16i
__vbaVarAdd
_adj_fdiv_m64
__vbaCastObjVar
Ord(561)
__vbaUI1I4
Ord(526)
_CIsqrt
__vbaVarCopy
__vbaStrCopy
_CIatan
__vbaVarDiv
__vbaLateMemCall
Ord(573)
_CItan
__vbaR8Var
Ord(529)
__vbaR8Str
__vbaObjSet
__vbaSetSystemError
__vbaRedimVar
__vbaVarCat
__vbaForEachCollAd
_CIexp
__vbaStrToAnsi
__vbaFpR8
__vbaFpI4
Ord(598)
__vbaFpI2
Number of PE resources by type
RT_ICON 12
53738 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 14
ENGLISH US 1
ExifTool file metadata
LegalTrademarks
nom

SubsystemVersion
4.0

Comments
IcwOJy

LinkerVersion
0.0

ImageVersion
6.48

FileSubtype
0

FileVersionNumber
6.48.0.77

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

FileDescription
JNnbZSliEbzF

CharacterSet
Unicode

InitializedDataSize
319488

FileOS
Win32

MIMEType
application/octet-stream

LegalCopyright
isbaNAbxJZF

FileVersion
6.48.0077

TimeStamp
2011:01:15 11:38:47+00:00

FileType
Win32 EXE

PEType
PE32

InternalName
xfcy90ubjoxcfihjoszhjuse5pzhserdg

ProductVersion
6.48.0077

UninitializedDataSize
0

OSVersion
4.0

OriginalFilename
xfcy90ubjoxcfihjoszhjuse5pzhserdg.exe

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
MPfABLUP

CodeSize
270336

ProductName
cVdGTS

ProductVersionNumber
6.48.0.77

EntryPoint
0x23a8

ObjectFileType
Executable application

File identification
MD5 7ba21ad05c15e7441f7143b32ad039a6
SHA1 977063b5c583d65f34d1ed90b9f1464f04f0a188
SHA256 5a791f18a8535926c360b3c543f314aa961def38c944583bad87e9a9f12d6e5e
ssdeep
12288:pHzCdCp6cc9PAY9WnOUCsnkIgR3z8DHiLKYH3:9CFcc94Y9oOsnJk8DHiLKA

File size 580.0 KB ( 593920 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (63.9%)
Win32 Executable MS Visual C++ (generic) (24.3%)
Win32 Dynamic Link Library (generic) (5.1%)
Win32 Executable (generic) (3.5%)
Generic Win/DOS Executable (1.5%)
Tags
peexe

VirusTotal metadata
First submission 2011-01-21 22:44:49 UTC ( 3 years, 3 months ago )
Last submission 2012-12-12 17:48:59 UTC ( 1 year, 4 months ago )
File names Setup.exe
xfcy90ubjoxcfihjoszhjuse5pzhserdg.exe
7ba21ad05c15e7441f7143b32ad039a6
7ba21ad05c15e7441f7143b32ad039a6
xfcy90ubjoxcfihjoszhjuse5pzhserdg
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!