× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 6020bc3bf254d7849f87ca9daef4a36ea56c32567099c0706ef79957a314e8d6
File name: 007029222
Detection ratio: 47 / 57
Analysis date: 2015-06-12 11:26:10 UTC ( 2 weeks, 6 days ago )
Antivirus Result Update
ALYac Trojan.GenericKDV.1192080 20150612
AVG Generic34.BEAH 20150612
AVware Trojan.Win32.Generic!BT 20150612
Ad-Aware Trojan.GenericKDV.1192080 20150612
Agnitum Trojan.Inject!tuRAjhJb08Q 20150611
AhnLab-V3 Trojan/Win32.Inject 20150612
Antiy-AVL Trojan/Win32.Inject 20150612
Arcabit Trojan.GenericV.D123090 20150612
Avast Win32:Gamarue-BV [Cryp] 20150612
Avira TR/Inject.fzhy 20150612
Baidu-International Trojan.Win32.Inject.fzhy 20150612
BitDefender Trojan.GenericKDV.1192080 20150612
CAT-QuickHeal Trojan.Inject.fzhy.cw3 20150612
Comodo TrojWare.Win32.Trojan.Agent.Gen 20150612
Cyren W32/Trojan.VCJJ-2211 20150612
DrWeb Trojan.DownLoader10.4642 20150612
ESET-NOD32 Win32/IRCBot.NJF 20150612
Emsisoft Trojan.GenericKDV.1192080 (B) 20150612
F-Prot W32/Trojan4.AFBQ 20150612
F-Secure Trojan.GenericKDV.1192080 20150612
Fortinet W32/Inject.FZHY!tr 20150612
GData Trojan.GenericKDV.1192080 20150612
Ikarus Trojan.Win32.Inject 20150612
K7AntiVirus Riskware ( 0040eff71 ) 20150612
K7GW Riskware ( 0040eff71 ) 20150612
Kaspersky Trojan.Win32.Inject.fzhy 20150612
Kingsoft Win32.Troj.Generic.a.(kcloud) 20150612
Malwarebytes Trojan.VBKrypt 20150612
McAfee Generic.qf 20150612
McAfee-GW-Edition Generic.qf 20150612
MicroWorld-eScan Trojan.GenericKDV.1192080 20150612
Microsoft Worm:Win32/Gamarue 20150612
NANO-Antivirus Trojan.Win32.Inject.cvanlh 20150612
Panda Trj/Agent.IVN 20150612
Qihoo-360 Win32/Trojan.BO.cf3 20150612
Rising PE:Trojan.Win32.Generic.159BEB29!362539817 20150612
Sophos Mal/Generic-L 20150612
Symantec Trojan.Zbot 20150612
Tencent Trojan.Win32.YY.Gen.17 20150612
TotalDefense Win32/Tnega.ASZO 20150612
TrendMicro TROJ_IRCBOT.CWJ 20150612
TrendMicro-HouseCall TROJ_IRCBOT.CWJ 20150612
VBA32 TScope.Trojan.VB 20150612
VIPRE Trojan.Win32.Generic!BT 20150612
Zillya Trojan.Inject.Win32.61771 20150611
Zoner Trojan.IRCBot.NJF 20150612
nProtect Trojan.GenericKDV.1192080 20150612
AegisLab 20150612
Alibaba 20150611
Bkav 20150612
ByteHero 20150612
CMC 20150610
ClamAV 20150611
Jiangmin 20150610
SUPERAntiSpyware 20150612
TheHacker 20150611
ViRobot 20150612
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Developer metadata
Copyright
Sternson contrapu pungie 2003

Publisher Alexander Roshal
Product Antrotym mulctati
Original name Mangoro..exe
Internal name Mangoro.
File version 9.05.0006
Description Didactyl keymen daintify
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-08-09 03:25:21
Link date 4:25 AM 8/9/2013
Entry Point 0x000014C0
Number of sections 3
PE sections
PE imports
_adj_fdiv_m32
__vbaChkstk
DllFunctionCall
EVENT_SINK_Release
__vbaEnd
__vbaGenerateBoundsError
_allmul
_CIsin
_adj_fdivr_m64
__vbaAryUnlock
_adj_fprem
EVENT_SINK_AddRef
__vbaLenBstr
_adj_fpatan
_adj_fdiv_m32i
Ord(594)
__vbaDateVar
__vbaCyStr
EVENT_SINK_QueryInterface
__vbaStrCopy
__vbaExceptHandler
__vbaSetSystemError
__vbaFreeVarList
__vbaRedim
__vbaStrCmp
__vbaFPException
Ord(618)
_adj_fdivr_m16i
__vbaVarAdd
Ord(611)
_adj_fdiv_r
Ord(100)
__vbaDerefAry1
__vbaFreeVar
Ord(570)
_adj_fprem1
__vbaCySub
Ord(519)
Ord(547)
__vbaFPInt
_adj_fdiv_m64
__vbaFreeObj
__vbaHresultCheckObj
_CIsqrt
__vbaVarSub
_CIlog
__vbaLenBstrB
Ord(612)
__vbaFreeStr
__vbaAryLock
_CIcos
Ord(587)
_adj_fptan
Ord(593)
Ord(628)
Ord(704)
__vbaI4Var
__vbaLateIdCall
Ord(689)
__vbaObjSet
Ord(703)
__vbaErrorOverflow
_CIatan
Ord(540)
__vbaNew2
__vbaLateIdSt
__vbaR8IntI2
_adj_fdivr_m32i
__vbaAryDestruct
_CIexp
__vbaStrMove
Ord(588)
_adj_fdivr_m32
__vbaR8FixI4
_CItan
__vbaFpI4
__vbaI2I4
__vbaFpI2
_adj_fdiv_m16i
__vbaR8FixI2
Number of PE resources by type
RT_ICON 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 2
ENGLISH US 1
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
6.0

ImageVersion
9.5

FileSubtype
0

FileVersionNumber
9.5.0.6

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

CharacterSet
Unicode

InitializedDataSize
16384

EntryPoint
0x14c0

OriginalFileName
Mangoro..exe

MIMEType
application/octet-stream

LegalCopyright
Sternson contrapu pungie 2003

FileVersion
9.05.0006

TimeStamp
2013:08:09 04:25:21+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Mangoro.

ProductVersion
9.05.0006

FileDescription
Didactyl keymen daintify

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Alexander Roshal

CodeSize
229376

ProductName
Antrotym mulctati

ProductVersionNumber
9.5.0.6

FileTypeExtension
exe

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 1d03779cc7325c7b299fb2302210ec59
SHA1 f1b1a432014cdf5c4730349d54f0d999bbd43936
SHA256 6020bc3bf254d7849f87ca9daef4a36ea56c32567099c0706ef79957a314e8d6
ssdeep
3072:v5SGfz6bY4bnhOOVo1z6YEd7rH9omVhyV1Uv5rotEzxpmTIOEBaJKN3ibN+Wu:vek4LhOx8zP50tEOx45W

authentihash 08da5339d35d75dc41ad8c41403b5f7524db74c1badb0023a302b9a2d6108f93
imphash e44710ba39afdd7135e740bfb55f1c35
File size 240.0 KB ( 245760 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (90.5%)
Win32 Executable (generic) (4.9%)
Generic Win/DOS Executable (2.2%)
DOS Executable Generic (2.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe

VirusTotal metadata
First submission 2013-08-13 22:01:07 UTC ( 1 year, 10 months ago )
Last submission 2015-06-12 11:26:10 UTC ( 2 weeks, 6 days ago )
File names hari.exe
Mangoro..exe
007029222
vt-upload-Hb9S8
dwm.exe
vt-upload-E8GC3
1d03779cc7325c7b299fb2302210ec59.exe
vt-upload-NNLRf
Mangoro.
hari.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!