× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 5a8b4fc707900b12f8870b1f8beaa01540a31c5dd7eac370e3055512f0933d20
File name: vt-upload-7xv2f
Detection ratio: 48 / 51
Analysis date: 2014-04-28 17:03:55 UTC ( 4 years, 9 months ago )
Antivirus Result Update
Ad-Aware Trojan.Generic.2623512 20140428
Yandex Trojan.DL.Banload!X/s2KjZr2vE 20140428
AhnLab-V3 Worm/Win32.AutoRun 20140428
AntiVir TR/Banload.ihm 20140428
Antiy-AVL Trojan[Downloader]/Win32.Banload 20140428
Avast Win32:Banload-GCD [Trj] 20140428
AVG Worm/Generic_vb.NL 20140428
BitDefender Trojan.Generic.2623512 20140428
Bkav W32.Clod46e.Trojan.3c05 20140428
ByteHero Virus.Win32.Heur.p 20140428
CAT-QuickHeal Trojan.VB.Gen 20140428
ClamAV Trojan.VB-62077 20140428
CMC Trojan-Downloader.Win32.Banload!O 20140424
Commtouch W32/VBTrojan.9!Maximus 20140428
Comodo TrojWare.Win32.TrojanDownloader.Banload.~KS 20140428
DrWeb Trojan.DownLoad1.19749 20140428
Emsisoft Trojan.Generic.2623512 (B) 20140428
ESET-NOD32 Win32/VB.NPZ 20140428
F-Prot W32/VBTrojan.9!Maximus 20140427
F-Secure Trojan.Generic.2623512 20140428
Fortinet W32/VB.ASD!tr.dldr 20140428
GData Trojan.Generic.2623512 20140428
Ikarus Worm.Win32.Lefgroo 20140428
Jiangmin Trojan/Generic.bhgzv 20140428
K7AntiVirus Trojan ( 00013e901 ) 20140428
K7GW Trojan ( 00013e901 ) 20140428
Kaspersky Trojan.Win32.Agent.acbem 20140428
Kingsoft Win32.TrojDownloader.Banload.(kcloud) 20140428
Malwarebytes Worm.Brontok 20140428
McAfee Generic VB.b 20140428
McAfee-GW-Edition Generic VB.b 20140428
Microsoft Worm:Win32/Lefgroo.A 20140428
eScan Trojan.Generic.2623512 20140428
NANO-Antivirus Trojan.Win32.DownLoader6.vttwn 20140428
Norman Obfuscated.H2!genr 20140428
nProtect Trojan-Downloader/W32.Banload.130048 20140427
Panda Trj/VB.AAY 20140427
Qihoo-360 Malware.QVM03.Gen 20140428
Rising PE:Malware.FakeFolder@CV!1.6AA9 20140428
Sophos AV Mal/VB-F 20140428
Symantec W32.SillyFDC 20140428
TheHacker Trojan/Downloader.Banload.ihm 20140426
TotalDefense Win32/Fijo.A 20140428
TrendMicro TROJ_NOTOOLS.BMC 20140428
TrendMicro-HouseCall WORM_AUTORUN.SMG 20140428
VBA32 Trojan.VBRA.0636 20140428
VIPRE Trojan.Win32.Generic!BT 20140428
ViRobot Trojan.Win32.Downloader.910336 20140428
AegisLab 20140428
Baidu-International 20140428
SUPERAntiSpyware 20140428
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Product Project1
Original name Prueba0001.exe
Internal name Prueba0001
File version 1.00
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2008-01-02 17:21:56
Entry Point 0x00001628
Number of sections 3
PE sections
PE imports
_adj_fdivr_m64
_allmul
_adj_fprem
__vbaObjVar
__vbaForEachVar
Ord(580)
_adj_fdiv_r
__vbaObjSetAddref
Ord(100)
__vbaHresultCheckObj
__vbaR8Str
_CIlog
__vbaVarLateMemCallLd
_adj_fptan
__vbaFreeStr
__vbaStrI2
__vbaStrR8
__vbaStrI4
__vbaFreeStrList
__vbaI2I4
_adj_fdiv_m16i
EVENT_SINK_QueryInterface
Ord(648)
Ord(531)
__vbaNextEachVar
__vbaLenBstr
Ord(594)
Ord(576)
__vbaStrToUnicode
_adj_fdiv_m32i
Ord(600)
__vbaExceptHandler
__vbaSetSystemError
DllFunctionCall
__vbaFreeVar
__vbaBoolVarNull
__vbaFileOpen
__vbaI2Str
EVENT_SINK_Release
__vbaVarTstEq
Ord(593)
Ord(716)
__vbaOnError
__vbaVarSetVar
__vbaStrCat
__vbaVarDup
__vbaChkstk
__vbaPrintFile
__vbaStrCmp
__vbaAryUnlock
__vbaFreeObjList
Ord(666)
__vbaFreeVarList
__vbaStrVarMove
__vbaVarOr
__vbaLateMemCallLd
__vbaFreeObj
_adj_fdivr_m32
__vbaStrVarVal
_CIcos
__vbaVarMove
__vbaErrorOverflow
__vbaNew2
__vbaStrMove
_adj_fprem1
_adj_fdiv_m32
__vbaEnd
__vbaVarCmpEq
_adj_fpatan
EVENT_SINK_AddRef
_adj_fdivr_m32i
__vbaStrCopy
Ord(632)
Ord(645)
__vbaFPException
_adj_fdivr_m16i
_adj_fdiv_m64
_CIsin
_CIsqrt
__vbaVarCopy
_CIatan
__vbaLateMemCall
__vbaObjSet
__vbaVarCat
__vbaFileCloseAll
_CIexp
__vbaStrToAnsi
_CItan
__vbaFpI2
Number of PE resources by type
RT_ICON 10
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 11
ENGLISH US 1
PE resources
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
45056

ImageVersion
1.0

ProductName
Project1

FileVersionNumber
1.0.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

CharacterSet
Unicode

LinkerVersion
6.0

OriginalFilename
Prueba0001.exe

MIMEType
application/octet-stream

FileVersion
1.0

TimeStamp
2008:01:02 17:21:56+00:00

FileType
Win32 EXE

PEType
PE32

InternalName
Prueba0001

FileAccessDate
2014:04:28 17:05:47+00:00

ProductVersion
1.0

SubsystemVersion
4.0

OSVersion
4.0

FileCreateDate
2014:04:28 17:05:47+00:00

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
69632

FileSubtype
0

ProductVersionNumber
1.0.0.0

EntryPoint
0x1628

ObjectFileType
Executable application

File identification
MD5 997ffca587bf25f59d612fba391341c2
SHA1 69bcda1a62fe961f609ae28314bba03cbad55a8e
SHA256 5a8b4fc707900b12f8870b1f8beaa01540a31c5dd7eac370e3055512f0933d20
ssdeep
1536:/EdMVRf1zwQVghNpzM1VS88cM7j9zygzpZzdfCo+e2:MdQ1zwLhj8VShcMf1dzTztCG2

imphash ed664352fc066085d3f909b2d6dd69ce
File size 127.0 KB ( 130048 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (90.5%)
Win32 Executable (generic) (4.9%)
Generic Win/DOS Executable (2.2%)
DOS Executable Generic (2.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe

VirusTotal metadata
First submission 2014-04-28 17:03:55 UTC ( 4 years, 9 months ago )
Last submission 2014-04-28 17:03:55 UTC ( 4 years, 9 months ago )
File names Prueba0001
dbo1.caj
vt-upload-7xv2f
Prueba0001.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Hooking activity
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.