× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 5bed5d3483c6e4842ed0d9a13351a341a85fd3cee8b321775b4cfed8a2ae9f76
File name: 493ee044c350928d015bd5a41a250e603ede21bc
Detection ratio: 49 / 57
Analysis date: 2016-05-21 22:52:38 UTC ( 2 years, 11 months ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Symmi.18137 20160521
AegisLab Troj.W32.VBKrypt.ptvo!c 20160521
AhnLab-V3 Trojan/Win32.VBKrypt 20160521
ALYac Gen:Variant.Symmi.18137 20160521
Antiy-AVL Trojan/Win32.VBKrypt 20160521
Arcabit Trojan.Symmi.D46D9 20160521
Avast Win32:Downloader-VDS [Trj] 20160521
AVG Win32/DH{Sw?} 20160521
Avira (no cloud) WORM/Ngrbot.adpp 20160521
AVware Trojan.Win32.Generic!BT 20160521
Baidu Win32.Trojan.WisdomEyes.151026.9950.9973 20160520
Baidu-International Trojan.Win32.VBKrypt.aq 20160521
BitDefender Gen:Variant.Symmi.18137 20160521
Bkav W32.JeneasyLTD.Trojan 20160521
CAT-QuickHeal TrojanClicker.VB.r3 20160521
Comodo UnclassifiedMalware 20160521
DrWeb Trojan.Inject1.27484 20160521
Emsisoft Gen:Variant.Symmi.18137 (B) 20160521
ESET-NOD32 a variant of Win32/Injector.AEXM 20160521
F-Secure Gen:Variant.Symmi.18137 20160521
Fortinet W32/Dorkbot.B!tr 20160521
GData Gen:Variant.Symmi.18137 20160521
Ikarus Backdoor.Win32.Ruskill 20160521
Jiangmin Trojan/VBKrypt.hfyo 20160521
K7AntiVirus Riskware ( 0040eff71 ) 20160521
K7GW Riskware ( 0040eff71 ) 20160521
Kaspersky Trojan-Clicker.Win32.VB.pen 20160521
Malwarebytes Backdoor.Bot 20160521
McAfee Agent-FCA!162496A0DF8C 20160521
McAfee-GW-Edition Agent-FCA!162496A0DF8C 20160521
Microsoft Trojan:Win32/Bagsu!rfn 20160520
eScan Gen:Variant.Symmi.18137 20160521
NANO-Antivirus Trojan.Win32.VB.crsxaq 20160521
nProtect Trojan/W32.Jorik.91800 20160520
Panda Trj/Genetic.gen 20160521
Qihoo-360 Win32/Trojan.e6d 20160521
Rising Trjoan.Generic-JlPAiqXRMeN (Cloud) 20160521
Sophos AV Mal/VB-AHS 20160521
SUPERAntiSpyware Trojan.Agent/Gen-StratPage 20160521
Symantec Downloader 20160521
Tencent Win32.Trojan.Vb.Dvzo 20160521
TheHacker Trojan/Injector.afde 20160520
TrendMicro TROJ_SPNR.14DI13 20160521
TrendMicro-HouseCall TROJ_SPNR.14DI13 20160521
VBA32 Trojan.VBKrypt 20160520
VIPRE Trojan.Win32.Generic!BT 20160521
ViRobot Trojan.Win32.VBKrypt.155288[h] 20160521
Yandex Trojan.VBKrypt!7qV84XhIVqg 20160521
Zillya Trojan.VBKrypt.Win32.200549 20160521
Alibaba 20160520
ClamAV 20160521
CMC 20160520
Cyren 20160521
F-Prot 20160521
Kingsoft 20160521
TotalDefense 20160521
Zoner 20160521
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-07-12 15:55:20
Entry Point 0x000015A0
Number of sections 3
PE sections
Overlays
MD5 7b4715406999549f4bc44072ab1dfc6d
File type data
Offset 53248
Size 38552
Entropy 4.80
PE imports
_adj_fdivr_m64
Ord(546)
__vbaGenerateBoundsError
_allmul
__vbaGet3
_adj_fprem
__vbaAryMove
__vbaRedim
_adj_fdiv_r
__vbaUI1I2
__vbaObjSetAddref
__vbaLineInputStr
Ord(100)
__vbaHresultCheckObj
_CIlog
Ord(595)
_adj_fptan
__vbaFileClose
__vbaI4Var
__vbaLateIdCall
__vbaAryCopy
__vbaFreeStr
__vbaLateIdCallLd
__vbaUI1Str
__vbaStrI2
__vbaFreeStrList
__vbaI2I4
_adj_fdiv_m16i
EVENT_SINK_QueryInterface
Ord(648)
__vbaLenBstr
__vbaStrToUnicode
__vbaInStr
_adj_fdiv_m32i
Ord(717)
__vbaExceptHandler
__vbaSetSystemError
DllFunctionCall
__vbaFreeVar
__vbaFileOpen
Ord(571)
Ord(526)
Ord(711)
Ord(606)
_CIsqrt
EVENT_SINK_Release
__vbaVarTstEq
_adj_fdivr_m32i
__vbaStrCat
__vbaVarDup
__vbaChkstk
__vbaPrintFile
__vbaAryUnlock
__vbaStrVarCopy
__vbaFreeObjList
__vbaVar2Vec
__vbaVarForNext
__vbaFreeVarList
Ord(631)
__vbaStrVarMove
Ord(578)
__vbaVarTstNe
__vbaFreeObj
_adj_fdivr_m32
__vbaStrVarVal
__vbaVarSub
_CIcos
__vbaVarMove
__vbaErrorOverflow
__vbaNew2
__vbaAryDestruct
__vbaStrMove
_adj_fprem1
_adj_fdiv_m32
__vbaLenVar
EVENT_SINK_AddRef
_adj_fpatan
Ord(712)
__vbaVarForInit
__vbaStrCopy
__vbaFPException
__vbaAryVar
_adj_fdivr_m16i
__vbaVarAdd
_adj_fdiv_m64
__vbaUI1I4
_CIsin
__vbaAryLock
__vbaVarCopy
_CIatan
__vbaObjSet
Ord(644)
__vbaVarCat
_CIexp
__vbaStrToAnsi
_CItan
Number of PE resources by type
RT_ICON 3
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 4
ENGLISH US 1
PE resources
Compressed bundles
File identification
MD5 162496a0df8c6449d6e5134451a4f44a
SHA1 493ee044c350928d015bd5a41a250e603ede21bc
SHA256 5bed5d3483c6e4842ed0d9a13351a341a85fd3cee8b321775b4cfed8a2ae9f76
ssdeep
1536:+AtPFIdh0yS9s7VFOZNv6JE3O2gmsdhkezCnkymQonzC:++YS9s730J6C3On

authentihash d7d59991e3ed27ad44a52ed199b88e1b832bb9246aa63ffeed27d2802a95b55e
imphash 6f7ba14508931a693d9a87d21c9e433f
File size 89.6 KB ( 91800 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (65.7%)
Win64 Executable (generic) (22.1%)
Win32 Dynamic Link Library (generic) (5.2%)
Win32 Executable (generic) (3.6%)
Generic Win/DOS Executable (1.6%)
Tags
peexe overlay

VirusTotal metadata
First submission 2013-04-02 15:31:02 UTC ( 6 years ago )
Last submission 2018-01-15 22:01:02 UTC ( 1 year, 3 months ago )
File names drt.exe
drt.ex_
162496a0df8c6449d6e5134451a4f44a.exe
10619982
5bed5d3483c6e4842ed0d9a13351a341a85fd3cee8b321775b4cfed8a2ae9f76.exe
44EE.EXE
162496a0df8c6449d6e5134451a4f44a.493ee044c350928d015bd5a41a250e603ede21bc
output.10619982.txt
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!