× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 5aedaed33155b760b5caa213b769f41679176450bba95966647f2d76b715fbec
File name: vt-upload-IjFlK
Detection ratio: 26 / 52
Analysis date: 2014-07-05 12:57:24 UTC ( 3 years, 1 month ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Graftor.140958 20140705
AhnLab-V3 Win-Trojan/MDA.140610 20140704
Avast Win32:Malware-gen 20140705
AVG Win32/VBCrypt 20140705
BitDefender Gen:Variant.Graftor.140958 20140705
ByteHero Virus.Win32.Heur.p 20140705
CAT-QuickHeal TrojanSpy.Zbot.VB3 20140704
CMC Heur.Win32.Veebee.1!O 20140704
Commtouch W32/PWS.AOBR-3158 20140705
Emsisoft Gen:Variant.Graftor.140958 (B) 20140705
ESET-NOD32 a variant of Win32/Injector.BGMV 20140704
F-Secure Gen:Variant.Graftor.140958 20140705
Fortinet W32/VB.ALO!tr 20140705
GData Gen:Variant.Graftor.140958 20140705
Kaspersky Trojan-Spy.Win32.Zbot.thgu 20140704
Malwarebytes Trojan.Dorkbot.ED 20140705
McAfee PWSZbot-FBTJ!64D97A6E116E 20140705
McAfee-GW-Edition PWSZbot-FBTJ!64D97A6E116E 20140704
eScan Gen:Variant.Graftor.140958 20140705
NANO-Antivirus Trojan.Win32.Zbot.dbuufd 20140705
Qihoo-360 HEUR/Malware.QVM03.Gen 20140705
Rising PE:Malware.XPACK-HIE/Heur!1.9C48 20140704
Sophos AV Mal/Generic-S 20140705
Symantec WS.Reputation.1 20140705
VBA32 TScope.Trojan.VB 20140704
VIPRE Trojan.Win32.Generic!BT 20140705
AegisLab 20140705
Yandex 20140704
AntiVir 20140704
Antiy-AVL 20140703
Baidu-International 20140704
Bkav 20140702
ClamAV 20140705
DrWeb 20140705
F-Prot 20140705
Ikarus 20140705
Jiangmin 20140705
K7AntiVirus 20140704
K7GW 20140704
Kingsoft 20140705
Microsoft 20140705
Norman 20140704
nProtect 20140704
Panda 20140704
SUPERAntiSpyware 20140704
TheHacker 20140704
TotalDefense 20140704
TrendMicro 20140705
TrendMicro-HouseCall 20140705
ViRobot 20140705
Zillya 20140703
Zoner 20140704
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Publisher Beepa Pty Ltd
Product Alenu suffete'
Original name Paromolo.exe
Internal name Paromolo
File version 1.04.0004
Description Uncooper bepas
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-06-18 09:30:09
Entry Point 0x0000143C
Number of sections 3
PE sections
PE imports
_adj_fdiv_m32
__vbaChkstk
Ord(689)
EVENT_SINK_Release
__vbaEnd
EVENT_SINK_QueryInterface
_allmul
Ord(586)
_adj_fdivr_m64
__vbaAryUnlock
__vbaVarInt
_adj_fprem
Ord(584)
Ord(678)
Ord(525)
_adj_fpatan
Ord(663)
EVENT_SINK_AddRef
__vbaRedimPreserve
__vbaFpCDblR8
_adj_fdiv_m32i
__vbaStrCopy
Ord(702)
__vbaExceptHandler
__vbaSetSystemError
__vbaFreeVarList
__vbaGosubFree
DllFunctionCall
__vbaFPException
__vbaStrVarMove
_adj_fdivr_m16i
__vbaStrMove
_adj_fdiv_r
Ord(517)
Ord(677)
Ord(599)
__vbaFreeVar
Ord(100)
__vbaObjSetAddref
__vbaDerefAry1
_adj_fdiv_m64
__vbaFreeObj
__vbaHresultCheckObj
_CIsqrt
_CIsin
_CIlog
Ord(614)
__vbaVarMul
Ord(513)
_CIcos
Ord(713)
_adj_fptan
__vbaGosub
_CItan
__vbaObjSet
Ord(582)
__vbaVarMove
__vbaErrorOverflow
_CIatan
__vbaNew2
__vbaOnError
_adj_fdivr_m32i
__vbaAryLock
_CIexp
Ord(685)
_adj_fprem1
_adj_fdivr_m32
__vbaStrCat
Ord(546)
__vbaVarDup
Ord(609)
Ord(598)
__vbaFreeStr
_adj_fdiv_m16i
Number of PE resources by type
RT_ICON 6
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 7
DANISH DEFAULT 1
PE resources
ExifTool file metadata
SubsystemVersion
4.0

InitializedDataSize
118784

ImageVersion
1.4

ProductName
Alenu suffete'

FileVersionNumber
1.4.0.4

UninitializedDataSize
0

LanguageCode
Danish

FileFlagsMask
0x0000

CharacterSet
Unicode

LinkerVersion
6.0

OriginalFilename
Paromolo.exe

MIMEType
application/octet-stream

FileVersion
1.04.0004

TimeStamp
2014:06:18 10:30:09+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Paromolo

FileAccessDate
2014:07:05 13:59:13+01:00

ProductVersion
1.04.0004

FileDescription
Uncooper bepas

OSVersion
4.0

FileCreateDate
2014:07:05 13:59:13+01:00

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Beepa Pty Ltd

CodeSize
270336

FileSubtype
0

ProductVersionNumber
1.4.0.4

EntryPoint
0x143c

ObjectFileType
Executable application

File identification
MD5 64d97a6e116e08359d2e0de7754e3088
SHA1 4a17900f7f00020e3af54d4b492cca77d2f20366
SHA256 5aedaed33155b760b5caa213b769f41679176450bba95966647f2d76b715fbec
ssdeep
6144:/w1TXLLLLLLUKRQyFyRuitWqVKk6yPLLLLLLLNcMBeL/OCD15rWy8HQ6IBJN1GV8:/w1TXLLLLLLVh8RxD6wLLLLLLLaMBeLP

imphash 6d2f57e571d7da80eb7b289cb5fd5978
File size 377.0 KB ( 386048 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (84.4%)
Win32 Dynamic Link Library (generic) (6.7%)
Win32 Executable (generic) (4.6%)
Generic Win/DOS Executable (2.0%)
DOS Executable Generic (2.0%)
Tags
peexe

VirusTotal metadata
First submission 2014-07-05 12:57:24 UTC ( 3 years, 1 month ago )
Last submission 2014-07-05 12:57:24 UTC ( 3 years, 1 month ago )
File names vt-upload-IjFlK
Paromolo.exe
Paromolo
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Created processes
Terminated processes
Opened mutexes
Hooking activity
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.