× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 5e44e9602067c84099a52aa3000ed3cc28284daec69941b31f6a784a24bb4f71
File name: malw_20.ex_
Detection ratio: 26 / 54
Analysis date: 2014-08-01 21:37:29 UTC ( 4 years, 4 months ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Symmi.44441 20140801
AhnLab-V3 Win-Trojan/MDA.140610 20140801
Avast Win32:Malware-gen 20140801
AVG Luhe.Gen.C 20140801
AVware Trojan.Win32.Generic!BT 20140801
BitDefender Gen:Variant.Symmi.44441 20140801
Bkav HW32.CDB.4c29 20140801
ByteHero Virus.Win32.Heur.p 20140801
CAT-QuickHeal VirTool.VBInject.LG3 20140801
CMC Heur.Win32.Veebee.1!O 20140731
Emsisoft Gen:Variant.Symmi.44441 (B) 20140801
ESET-NOD32 a variant of Win32/Injector.BHWA 20140801
F-Secure Gen:Variant.Symmi.44441 20140801
GData Gen:Variant.Symmi.44441 20140801
Kaspersky Trojan-Spy.Win32.Zbot.tmjm 20140801
Kingsoft Win32.Troj.Zbot.tm.(kcloud) 20140801
Malwarebytes Spyware.Zbot 20140801
McAfee Dropper-FHX!38CC59184962 20140801
McAfee-GW-Edition Dropper-FHX!38CC59184962 20140801
Microsoft PWS:Win32/Zbot 20140801
eScan Gen:Variant.Symmi.44441 20140801
Qihoo-360 HEUR/Malware.QVM03.Gen 20140801
Rising PE:Malware.XPACK-HIE/Heur!1.9C48 20140801
Sophos AV Mal/Generic-S 20140801
Symantec Trojan.Zbot 20140801
VIPRE Trojan.Win32.Generic!BT 20140801
AegisLab 20140801
Yandex 20140801
AntiVir 20140801
Antiy-AVL 20140801
Baidu-International 20140801
ClamAV 20140801
Commtouch 20140801
Comodo 20140801
DrWeb 20140801
F-Prot 20140801
Fortinet 20140801
Ikarus 20140801
Jiangmin 20140801
K7AntiVirus 20140801
K7GW 20140801
NANO-Antivirus 20140801
Norman 20140801
nProtect 20140801
Panda 20140801
SUPERAntiSpyware 20140801
Tencent 20140801
TheHacker 20140801
TotalDefense 20140801
TrendMicro 20140801
TrendMicro-HouseCall 20140801
VBA32 20140801
ViRobot 20140801
Zoner 20140729
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Publisher VS Revo Group
Product Duma's
Original name Fishifie.exe
Internal name Fishifie
File version 1.03.0005
Description Batheabl colle
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-07-10 22:06:23
Entry Point 0x00001404
Number of sections 3
PE sections
PE imports
_adj_fdiv_m32
__vbaChkstk
Ord(610)
Ord(554)
EVENT_SINK_Release
__vbaEnd
__vbaRedim
_allmul
Ord(713)
_adj_fdivr_m64
__vbaAryUnlock
_adj_fprem
Ord(558)
__vbaObjSetAddref
Ord(525)
_adj_fpatan
Ord(663)
EVENT_SINK_AddRef
Ord(677)
Ord(714)
_adj_fdiv_m32i
__vbaCyAdd
__vbaStrCopy
Ord(583)
Ord(673)
__vbaSetSystemError
__vbaFreeVarList
DllFunctionCall
__vbaFPException
__vbaStrVarMove
Ord(685)
_adj_fdivr_m16i
__vbaStrMove
_adj_fdiv_r
Ord(100)
__vbaDerefAry1
__vbaFreeVar
Ord(519)
_CItan
Ord(536)
_adj_fdiv_m64
__vbaFreeObj
__vbaHresultCheckObj
_CIsqrt
_CIsin
_CIlog
Ord(690)
_CIcos
Ord(595)
EVENT_SINK_QueryInterface
_adj_fptan
Ord(692)
Ord(593)
Ord(628)
__vbaObjSet
__vbaI4Var
__vbaVarMove
__vbaErrorOverflow
_CIatan
__vbaNew2
__vbaI4Str
__vbaLateIdSt
__vbaR8IntI2
__vbaOnError
_adj_fdivr_m32i
__vbaAryLock
__vbaAryDestruct
_CIexp
__vbaStrI2
_adj_fprem1
_adj_fdivr_m32
__vbaStrCat
__vbaVarDup
Ord(609)
Ord(598)
__vbaFreeStr
_adj_fdiv_m16i
__vbaExceptHandler
Number of PE resources by type
RT_ICON 2
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 3
CHINESE TRADITIONAL 1
PE resources
ExifTool file metadata
SubsystemVersion
4.0

InitializedDataSize
20480

ImageVersion
1.3

ProductName
Duma's

FileVersionNumber
1.3.0.5

UninitializedDataSize
0

LanguageCode
Chinese (Traditional)

FileFlagsMask
0x0000

CharacterSet
Unicode

LinkerVersion
6.0

OriginalFilename
Fishifie.exe

MIMEType
application/octet-stream

FileVersion
1.03.0005

TimeStamp
2014:07:10 23:06:23+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Fishifie

FileAccessDate
2014:08:01 22:40:36+01:00

ProductVersion
1.03.0005

FileDescription
Batheabl colle

OSVersion
4.0

FileCreateDate
2014:08:01 22:40:36+01:00

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
VS Revo Group

CodeSize
282624

FileSubtype
0

ProductVersionNumber
1.3.0.5

EntryPoint
0x1404

ObjectFileType
Executable application

File identification
MD5 38cc59184962f30c67d3eca61304414b
SHA1 511211da642a180b2edaa95c5bc251ef620cb5a3
SHA256 5e44e9602067c84099a52aa3000ed3cc28284daec69941b31f6a784a24bb4f71
ssdeep
6144:ug6eMpfdVhhhhhhH393EnhvonifNLyUCJcY671S+zRxTdpsish2hhhhhhsBT9Yn3:meMpvhhhhhhH392eQvC6SkjJsh2hhhhZ

imphash fec138ccf0a6bdccf3ba6445c0f5fe6e
File size 289.0 KB ( 295936 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (84.4%)
Win32 Dynamic Link Library (generic) (6.7%)
Win32 Executable (generic) (4.6%)
Generic Win/DOS Executable (2.0%)
DOS Executable Generic (2.0%)
Tags
peexe

VirusTotal metadata
First submission 2014-08-01 21:37:29 UTC ( 4 years, 4 months ago )
Last submission 2014-08-01 21:37:29 UTC ( 4 years, 4 months ago )
File names Fishifie
Fishifie.exe
malw_20.ex_
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Created processes
Terminated processes
Opened mutexes
Hooking activity
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.