× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 5cc6e8f74e661d1212aceadb6d8376cca73aa18c16930372cf0f2d0bbd4f0b0f
File name: vt-upload-Revvl
Detection ratio: 30 / 53
Analysis date: 2014-07-21 05:41:02 UTC ( 4 years, 8 months ago )
Antivirus Result Update
Ad-Aware Trojan.Generic.11526118 20140721
AhnLab-V3 Trojan/Win32.Yakes 20140721
AntiVir TR/Dropper.VB.18089 20140720
Antiy-AVL Trojan/Win32.Yakes 20140721
Avast Win32:VBInject-AI [Trj] 20140721
AVG SHeur4.BYLN 20140721
Baidu-International Trojan.Win32.Injector.bBICJ 20140720
BitDefender Trojan.Generic.11526118 20140721
Bkav HW32.CDB.5408 20140719
ByteHero Virus.Win32.Heur.p 20140721
Commtouch W32/Trojan.JJJA-8278 20140721
DrWeb BackDoor.Tishop.122 20140721
Emsisoft Trojan.Generic.11526118 (B) 20140721
ESET-NOD32 a variant of Win32/Injector.BICJ 20140721
F-Prot W32/Trojan3.JJR 20140721
F-Secure Trojan.Generic.11526118 20140720
GData Trojan.Generic.11526118 20140721
K7AntiVirus Trojan ( 0049d7db1 ) 20140718
K7GW Trojan ( 0049d7db1 ) 20140719
Kaspersky Trojan.Win32.Yakes.fize 20140721
Kingsoft Win32.Troj.Yakes.fi.(kcloud) 20140721
Malwarebytes Trojan.Inject 20140721
McAfee Downloader-FAGE!4F95A963C421 20140721
McAfee-GW-Edition Downloader-FAGE!4F95A963C421 20140720
Microsoft Trojan:Win32/Dynamer!ac 20140721
eScan Trojan.Generic.11526118 20140721
Panda Trj/CI.A 20140720
Sophos AV Troj/Mdrop-GCY 20140721
Symantec Trojan.Gen 20140721
VIPRE Trojan.Win32.Generic!BT 20140721
AegisLab 20140721
Yandex 20140720
CAT-QuickHeal 20140719
ClamAV 20140721
CMC 20140721
Comodo 20140721
Fortinet 20140721
Ikarus 20140721
Jiangmin 20140721
NANO-Antivirus 20140721
Norman 20140721
nProtect 20140720
Qihoo-360 20140721
Rising 20140720
SUPERAntiSpyware 20140721
Tencent 20140721
TheHacker 20140718
TotalDefense 20140720
TrendMicro 20140721
TrendMicro-HouseCall 20140721
VBA32 20140718
ViRobot 20140721
Zoner 20140718
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Publisher hyredfcvfg
Product kiojnhytgfc
Original name niutyhuiiol.exe
Internal name niutyhuiiol
File version 6.01.0001
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-07-17 09:21:01
Entry Point 0x000015C4
Number of sections 3
PE sections
PE imports
_adj_fdivr_m64
Ord(537)
_allmul
_adj_fprem
__vbaAryMove
__vbaObjVar
__vbaVarMod
__vbaUI1Var
__vbaRedim
_adj_fdiv_r
__vbaObjSetAddref
__vbaFixstrConstruct
Ord(100)
__vbaI2Var
_CIlog
__vbaVarMul
Ord(616)
__vbaVarLateMemCallLd
_adj_fptan
__vbaI4Var
__vbaFreeStr
Ord(631)
__vbaStrI2
__vbaStrI4
__vbaFreeStrList
__vbaI2I4
_adj_fdiv_m16i
EVENT_SINK_QueryInterface
__vbaFpUI1
Ord(516)
__vbaI4Str
__vbaLenBstr
__vbaRedimPreserve
__vbaStrToUnicode
__vbaInStr
_adj_fdiv_m32i
Ord(717)
__vbaExceptHandler
__vbaSetSystemError
DllFunctionCall
__vbaUbound
__vbaFreeVar
__vbaLbound
_CIsin
__vbaAryLock
EVENT_SINK_Release
__vbaVarTstEq
Ord(582)
Ord(716)
__vbaOnError
_adj_fdivr_m32i
__vbaStrCat
__vbaVarDup
__vbaChkstk
__vbaLsetFixstr
__vbaAryUnlock
Ord(697)
Ord(584)
__vbaStrVarCopy
Ord(592)
__vbaVar2Vec
__vbaVarForNext
__vbaFreeVarList
__vbaStrVarMove
__vbaExitProc
__vbaVarXor
__vbaLateMemCallLd
__vbaAryConstruct2
__vbaFreeObj
_adj_fdivr_m32
__vbaStrVarVal
__vbaVarSub
__vbaVarTstGt
_CIcos
__vbaVarMove
__vbaErrorOverflow
__vbaAryDestruct
__vbaStrMove
_adj_fprem1
_adj_fdiv_m32
Ord(535)
__vbaEnd
_adj_fpatan
EVENT_SINK_AddRef
__vbaVargVarCopy
__vbaVarForInit
__vbaVarSetVar
__vbaVarVargNofree
__vbaStrCopy
Ord(632)
__vbaFPException
_adj_fdivr_m16i
__vbaVarAdd
_adj_fdiv_m64
__vbaUI1I4
__vbaUI1I2
_CIsqrt
__vbaVarCopy
__vbaLenBstrB
_CIatan
_CItan
Ord(644)
__vbaStr2Vec
_CIexp
__vbaStrToAnsi
__vbaFpR4
__vbaFpR8
__vbaFpI4
Ord(598)
mciSetYieldProc
Number of PE resources by type
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 1
ENGLISH US 1
PE resources
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
12288

ImageVersion
6.1

ProductName
kiojnhytgfc

FileVersionNumber
6.1.0.1

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

CharacterSet
Unicode

LinkerVersion
6.0

FileOS
Win32

MIMEType
application/octet-stream

FileVersion
6.01.0001

TimeStamp
2014:07:17 10:21:01+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
niutyhuiiol

FileAccessDate
2014:07:21 06:38:04+01:00

ProductVersion
01.0001

SubsystemVersion
4.0

OSVersion
4.0

FileCreateDate
2014:07:21 06:38:04+01:00

OriginalFilename
niutyhuiiol.exe

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
hyredfcvfg

CodeSize
36864

FileSubtype
0

ProductVersionNumber
6.1.0.1

EntryPoint
0x15c4

ObjectFileType
Executable application

File identification
MD5 4f95a963c421c33a6a1038454272ee20
SHA1 b797a1da9ac533838efbe6c124a5e78fd1ffdfc6
SHA256 5cc6e8f74e661d1212aceadb6d8376cca73aa18c16930372cf0f2d0bbd4f0b0f
ssdeep
3072:+rqlJE97dBsQ20gEEt8Q4vKwcWfP38A5D030TvgP64niuTTHJ6ojoF32uK8:SeQ20gEEtFDwcs5D0ETvDXuTziF3K8

imphash a980f3eabd3a04b54d63cae6556b7c25
File size 209.8 KB ( 214790 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (84.4%)
Win32 Dynamic Link Library (generic) (6.7%)
Win32 Executable (generic) (4.6%)
Generic Win/DOS Executable (2.0%)
DOS Executable Generic (2.0%)
Tags
peexe

VirusTotal metadata
First submission 2014-07-21 05:41:02 UTC ( 4 years, 8 months ago )
Last submission 2014-07-21 05:41:02 UTC ( 4 years, 8 months ago )
File names niutyhuiiol
niutyhuiiol.exe
vt-upload-Revvl
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created processes
Code injections in the following processes
Opened mutexes
Hooking activity
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.