× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 5a98024ce78fe4f8c00dd8d0f21d95741aef5904476feadf9469825c9797d147
File name: bcbfa9025e6d78f8372bff70b7e8f090
Detection ratio: 36 / 67
Analysis date: 2018-05-02 22:45:25 UTC ( 9 months, 3 weeks ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Razy.296597 20180502
AhnLab-V3 Win-Trojan/VBKrypt.RP02 20180502
ALYac Gen:Variant.Razy.296597 20180502
Arcabit Trojan.Razy.D48695 20180502
Avast Win32:Malware-gen 20180502
AVG Win32:Malware-gen 20180502
Avira (no cloud) TR/Dropper.VB.ilzaa 20180502
BitDefender Gen:Variant.Razy.296597 20180502
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20180418
Cylance Unsafe 20180502
Cyren W32/VBInject.PD.gen!Eldorado 20180502
eGambit Unsafe.AI_Score_60% 20180502
Emsisoft Trojan.Injector (A) 20180502
Endgame malicious (high confidence) 20180402
ESET-NOD32 a variant of Win32/Injector.DXDX 20180502
F-Prot W32/VBInject.PD.gen!Eldorado 20180502
F-Secure Gen:Variant.Razy.296597 20180502
Fortinet W32/Injector.DXEJ!tr 20180502
GData Win32.Trojan.Injector.NA 20180502
Sophos ML heuristic 20180120
K7AntiVirus Trojan ( 0052d5481 ) 20180502
K7GW Trojan ( 0052d5481 ) 20180502
Kaspersky HEUR:Trojan.Win32.Generic 20180502
Malwarebytes SpamTool.LokiBot 20180502
MAX malware (ai score=82) 20180502
McAfee Fareit-FLA!BCBFA9025E6D 20180502
McAfee-GW-Edition BehavesLike.Win32.Fareit.jh 20180502
eScan Gen:Variant.Razy.296597 20180502
Panda Trj/GdSda.A 20180502
Qihoo-360 HEUR/QVM03.0.E6F1.Malware.Gen 20180502
SentinelOne (Static ML) static engine - malicious 20180225
Sophos AV Mal/FareitVB-L 20180502
Symantec Trojan.Gen.2 20180502
TrendMicro TSPY_HPLOKI.SMVBMP 20180502
TrendMicro-HouseCall TSPY_HPLOKI.SMVBMP 20180502
ZoneAlarm by Check Point HEUR:Trojan.Win32.Generic 20180502
AegisLab 20180502
Alibaba 20180502
Antiy-AVL 20180502
Avast-Mobile 20180502
AVware 20180428
Babable 20180406
Baidu 20180502
Bkav 20180502
CAT-QuickHeal 20180502
ClamAV 20180502
CMC 20180502
Comodo 20180502
Cybereason None
DrWeb 20180502
Ikarus 20180502
Jiangmin 20180502
Kingsoft 20180502
Microsoft 20180502
NANO-Antivirus 20180502
nProtect 20180502
Palo Alto Networks (Known Signatures) 20180502
Rising 20180502
SUPERAntiSpyware 20180502
Symantec Mobile Insight 20180501
Tencent 20180502
TheHacker 20180430
TotalDefense 20180502
Trustlook 20180502
VBA32 20180502
VIPRE 20180502
ViRobot 20180502
Webroot 20180502
Yandex 20180428
Zillya 20180502
Zoner 20180502
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
VèNTIs MèDIA cNE£

Product MALWaRèbytès CORPoration
Original name Cuarta3.exe
Internal name Cuarta3
File version 9.06
Comments cWE£ cNE£
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-04-08 21:35:56
Entry Point 0x000012D4
Number of sections 3
PE sections
PE imports
_adj_fdiv_m32
__vbaChkstk
Ord(546)
__vbaCyI4
__vbaEnd
EVENT_SINK_QueryInterface
__vbaI4Cy
_adj_fdivr_m64
_adj_fprem
Ord(607)
__vbaLenBstr
Ord(525)
_adj_fpatan
EVENT_SINK_AddRef
__vbaStrToUnicode
Ord(714)
__vbaInStr
_adj_fdiv_m32i
__vbaStrCopy
__vbaExceptHandler
__vbaSetSystemError
__vbaFreeVarList
DllFunctionCall
__vbaFPException
__vbaStrVarMove
_adj_fdivr_m16i
EVENT_SINK_Release
_adj_fdiv_r
Ord(100)
__vbaFreeVar
Ord(562)
_adj_fdiv_m64
Ord(574)
__vbaFreeObj
_CIsin
_CIsqrt
__vbaHresultCheckObj
_CIlog
Ord(524)
_allmul
_CIcos
Ord(616)
__vbaVarTstEq
_adj_fptan
__vbaR8Var
Ord(582)
__vbaVarMove
_CIatan
__vbaNew2
_adj_fdivr_m32i
__vbaRedim
_CIexp
__vbaStrMove
__vbaStrToAnsi
_adj_fprem1
_adj_fdivr_m32
__vbaStrCat
Ord(537)
_CItan
__vbaFpI4
__vbaFreeStr
_adj_fdiv_m16i
Number of PE resources by type
RT_ICON 5
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 6
ENGLISH US 1
PE resources
ExifTool file metadata
CodeSize
626688

SubsystemVersion
4.0

Comments
cWE cNE

InitializedDataSize
16384

ImageVersion
9.6

FileSubtype
0

FileVersionNumber
9.6.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

CharacterSet
Unicode

LinkerVersion
6.0

EntryPoint
0x12d4

OriginalFileName
Cuarta3.exe

MIMEType
application/octet-stream

LegalCopyright
V NTIs M DIA cNE

FileVersion
9.06

TimeStamp
2018:04:08 22:35:56+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Cuarta3

ProductVersion
9.06

UninitializedDataSize
0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
nGINE

LegalTrademarks
P RBLOck ALc

ProductName
MALWaR byt s CORPoration

ProductVersionNumber
9.6.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 bcbfa9025e6d78f8372bff70b7e8f090
SHA1 4d8a1cacb7bfbd93ef539169d98018a3d6344cf6
SHA256 5a98024ce78fe4f8c00dd8d0f21d95741aef5904476feadf9469825c9797d147
ssdeep
12288:LZmbrZ7pzw2L+3a+rd8U1TdVwZNeA2jBjCFmrpGg:w/Z7e2L+3a6dlTdUNP2j9CIrg

authentihash 9b2851206441d8a8952265eefa793c857ca2f7be8b4f864ec18e457717b4728e
imphash ed44c454fdd5828757141b20ff2fa8ff
File size 632.0 KB ( 647168 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (88.6%)
Win32 Executable (generic) (4.8%)
OS/2 Executable (generic) (2.1%)
Generic Win/DOS Executable (2.1%)
DOS Executable Generic (2.1%)
Tags
peexe

VirusTotal metadata
First submission 2018-05-02 22:45:25 UTC ( 9 months, 3 weeks ago )
Last submission 2018-05-26 11:39:22 UTC ( 9 months ago )
File names ukbros003.exe
Cuarta3
bcbfa9025e6d78f8372bff70b7e8f090.virobj
Cuarta3.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Hooking activity
Runtime DLLs
Additional details
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.